blob: c815178cf04f7f5c5b59a5ba4e3fda57dc8048ed [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +01001/*
Summer Qin80726782017-04-20 16:28:39 +01002 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +01005 */
6
Juan Castilloe6d30e92015-06-12 11:27:59 +01007#include "tbbr/tbb_cert.h"
8#include "tbbr/tbb_ext.h"
9#include "tbbr/tbb_key.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +010010
11/*
12 * Certificates used in the chain of trust
13 *
14 * The order of the certificates must follow the enumeration specified in
Juan Castilloe6d30e92015-06-12 11:27:59 +010015 * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16 * field points to itself.
Juan Castillo11abdcd2014-10-21 11:30:42 +010017 */
Juan Castilloe6d30e92015-06-12 11:27:59 +010018static cert_t tbb_certs[] = {
Juan Castillobe801202015-12-03 10:19:21 +000019 [TRUSTED_BOOT_FW_CERT] = {
20 .id = TRUSTED_BOOT_FW_CERT,
21 .opt = "tb-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +000022 .help_msg = "Trusted Boot FW Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +010023 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +000024 .cn = "Trusted Boot FW Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +010025 .key = ROT_KEY,
Juan Castillobe801202015-12-03 10:19:21 +000026 .issuer = TRUSTED_BOOT_FW_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +010027 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +000028 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +000029 TRUSTED_BOOT_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +010030 },
Juan Castillo43529982016-01-22 11:05:24 +000031 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +010032 },
Juan Castilloe6d30e92015-06-12 11:27:59 +010033 [TRUSTED_KEY_CERT] = {
Juan Castillo11abdcd2014-10-21 11:30:42 +010034 .id = TRUSTED_KEY_CERT,
Juan Castillo1218dd52015-07-03 16:23:16 +010035 .opt = "trusted-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +000036 .help_msg = "Trusted Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +010037 .fn = NULL,
38 .cn = "Trusted Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +010039 .key = ROT_KEY,
40 .issuer = TRUSTED_KEY_CERT,
41 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +000042 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +000043 TRUSTED_WORLD_PK_EXT,
44 NON_TRUSTED_WORLD_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +010045 },
Juan Castillo43529982016-01-22 11:05:24 +000046 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +010047 },
Juan Castillobe801202015-12-03 10:19:21 +000048 [SCP_FW_KEY_CERT] = {
49 .id = SCP_FW_KEY_CERT,
50 .opt = "scp-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +000051 .help_msg = "SCP Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +010052 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +000053 .cn = "SCP Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +010054 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +000055 .issuer = SCP_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +010056 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +000057 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +000058 SCP_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +010059 },
Juan Castillo43529982016-01-22 11:05:24 +000060 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +010061 },
Juan Castillobe801202015-12-03 10:19:21 +000062 [SCP_FW_CONTENT_CERT] = {
63 .id = SCP_FW_CONTENT_CERT,
64 .opt = "scp-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +000065 .help_msg = "SCP Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +010066 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +000067 .cn = "SCP Firmware Content Certificate",
68 .key = SCP_FW_CONTENT_CERT_KEY,
69 .issuer = SCP_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +010070 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +000071 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +000072 SCP_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +010073 },
Juan Castillo43529982016-01-22 11:05:24 +000074 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +010075 },
Juan Castillobe801202015-12-03 10:19:21 +000076 [SOC_FW_KEY_CERT] = {
77 .id = SOC_FW_KEY_CERT,
78 .opt = "soc-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +000079 .help_msg = "SoC Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +010080 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +000081 .cn = "SoC Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +010082 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +000083 .issuer = SOC_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +010084 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +000085 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +000086 SOC_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +010087 },
Juan Castillo43529982016-01-22 11:05:24 +000088 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +010089 },
Juan Castillobe801202015-12-03 10:19:21 +000090 [SOC_FW_CONTENT_CERT] = {
91 .id = SOC_FW_CONTENT_CERT,
92 .opt = "soc-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +000093 .help_msg = "SoC Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +010094 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +000095 .cn = "SoC Firmware Content Certificate",
96 .key = SOC_FW_CONTENT_CERT_KEY,
97 .issuer = SOC_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +010098 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +000099 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000100 SOC_AP_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100101 },
Juan Castillo43529982016-01-22 11:05:24 +0000102 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100103 },
Juan Castillobe801202015-12-03 10:19:21 +0000104 [TRUSTED_OS_FW_KEY_CERT] = {
105 .id = TRUSTED_OS_FW_KEY_CERT,
106 .opt = "tos-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000107 .help_msg = "Trusted OS Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100108 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000109 .cn = "Trusted OS Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100110 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000111 .issuer = TRUSTED_OS_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100112 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000113 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000114 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100115 },
Juan Castillo43529982016-01-22 11:05:24 +0000116 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100117 },
Juan Castillobe801202015-12-03 10:19:21 +0000118 [TRUSTED_OS_FW_CONTENT_CERT] = {
119 .id = TRUSTED_OS_FW_CONTENT_CERT,
120 .opt = "tos-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000121 .help_msg = "Trusted OS Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100122 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000123 .cn = "Trusted OS Firmware Content Certificate",
124 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
125 .issuer = TRUSTED_OS_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100126 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000127 TRUSTED_FW_NVCOUNTER_EXT,
Summer Qin80726782017-04-20 16:28:39 +0100128 TRUSTED_OS_FW_HASH_EXT,
129 TRUSTED_OS_FW_EXTRA1_HASH_EXT,
130 TRUSTED_OS_FW_EXTRA2_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100131 },
Summer Qin80726782017-04-20 16:28:39 +0100132 .num_ext = 4
Juan Castillo11abdcd2014-10-21 11:30:42 +0100133 },
Juan Castillobe801202015-12-03 10:19:21 +0000134 [NON_TRUSTED_FW_KEY_CERT] = {
135 .id = NON_TRUSTED_FW_KEY_CERT,
136 .opt = "nt-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000137 .help_msg = "Non-Trusted Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100138 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000139 .cn = "Non-Trusted Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100140 .key = NON_TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000141 .issuer = NON_TRUSTED_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100142 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000143 NON_TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000144 NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100145 },
Juan Castillo43529982016-01-22 11:05:24 +0000146 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100147 },
Juan Castillobe801202015-12-03 10:19:21 +0000148 [NON_TRUSTED_FW_CONTENT_CERT] = {
149 .id = NON_TRUSTED_FW_CONTENT_CERT,
150 .opt = "nt-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000151 .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100152 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000153 .cn = "Non-Trusted Firmware Content Certificate",
154 .key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
155 .issuer = NON_TRUSTED_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100156 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000157 NON_TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000158 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100159 },
Juan Castillo43529982016-01-22 11:05:24 +0000160 .num_ext = 2
Yatharth Kochar5752b592015-08-21 15:30:55 +0100161 },
162 [FWU_CERT] = {
163 .id = FWU_CERT,
164 .opt = "fwu-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000165 .help_msg = "Firmware Update Certificate (output file)",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100166 .fn = NULL,
Juan Castillo212f7382015-12-15 16:37:57 +0000167 .cn = "Firmware Update Certificate",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100168 .key = ROT_KEY,
169 .issuer = FWU_CERT,
170 .ext = {
Juan Castillobe801202015-12-03 10:19:21 +0000171 SCP_FWU_CFG_HASH_EXT,
172 AP_FWU_CFG_HASH_EXT,
173 FWU_HASH_EXT
Yatharth Kochar5752b592015-08-21 15:30:55 +0100174 },
175 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100176 }
177};
Juan Castilloe6d30e92015-06-12 11:27:59 +0100178
179REGISTER_COT(tbb_certs);