blob: 81a7d75dc33578edade8850ea793bedcb8f4128e [file] [log] [blame]
Sandrine Bailleux5d505082020-01-10 14:32:30 +01001/*
2 * Copyright (c) 2020, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <dualroot_oid.h>
8
9#include "cert.h"
10#include "ext.h"
11#include "key.h"
12
13#include "dualroot/cot.h"
14
15/*
16 * Certificates used in the chain of trust.
17 *
18 * All certificates are self-signed so the issuer certificate field points to
19 * itself.
20 */
21static cert_t cot_certs[] = {
22 [TRUSTED_BOOT_FW_CERT] = {
23 .id = TRUSTED_BOOT_FW_CERT,
24 .opt = "tb-fw-cert",
25 .help_msg = "Trusted Boot FW Certificate (output file)",
26 .cn = "Trusted Boot FW Certificate",
27 .key = ROT_KEY,
28 .issuer = TRUSTED_BOOT_FW_CERT,
29 .ext = {
30 TRUSTED_FW_NVCOUNTER_EXT,
31 TRUSTED_BOOT_FW_HASH_EXT,
32 TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +010033 HW_CONFIG_HASH_EXT,
34 FW_CONFIG_HASH_EXT
Sandrine Bailleux5d505082020-01-10 14:32:30 +010035 },
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +010036 .num_ext = 5
Sandrine Bailleux5d505082020-01-10 14:32:30 +010037 },
38
39 [TRUSTED_KEY_CERT] = {
40 .id = TRUSTED_KEY_CERT,
41 .opt = "trusted-key-cert",
42 .help_msg = "Trusted Key Certificate (output file)",
43 .cn = "Trusted Key Certificate",
44 .key = ROT_KEY,
45 .issuer = TRUSTED_KEY_CERT,
46 .ext = {
47 TRUSTED_FW_NVCOUNTER_EXT,
48 TRUSTED_WORLD_PK_EXT,
49 },
50 .num_ext = 2
51 },
52
53 [SCP_FW_KEY_CERT] = {
54 .id = SCP_FW_KEY_CERT,
55 .opt = "scp-fw-key-cert",
56 .help_msg = "SCP Firmware Key Certificate (output file)",
57 .cn = "SCP Firmware Key Certificate",
58 .key = TRUSTED_WORLD_KEY,
59 .issuer = SCP_FW_KEY_CERT,
60 .ext = {
61 TRUSTED_FW_NVCOUNTER_EXT,
62 SCP_FW_CONTENT_CERT_PK_EXT
63 },
64 .num_ext = 2
65 },
66
67 [SCP_FW_CONTENT_CERT] = {
68 .id = SCP_FW_CONTENT_CERT,
69 .opt = "scp-fw-cert",
70 .help_msg = "SCP Firmware Content Certificate (output file)",
71 .cn = "SCP Firmware Content Certificate",
72 .key = SCP_FW_CONTENT_CERT_KEY,
73 .issuer = SCP_FW_CONTENT_CERT,
74 .ext = {
75 TRUSTED_FW_NVCOUNTER_EXT,
76 SCP_FW_HASH_EXT
77 },
78 .num_ext = 2
79 },
80
81 [SOC_FW_KEY_CERT] = {
82 .id = SOC_FW_KEY_CERT,
83 .opt = "soc-fw-key-cert",
84 .help_msg = "SoC Firmware Key Certificate (output file)",
85 .cn = "SoC Firmware Key Certificate",
86 .key = TRUSTED_WORLD_KEY,
87 .issuer = SOC_FW_KEY_CERT,
88 .ext = {
89 TRUSTED_FW_NVCOUNTER_EXT,
90 SOC_FW_CONTENT_CERT_PK_EXT
91 },
92 .num_ext = 2
93 },
94
95 [SOC_FW_CONTENT_CERT] = {
96 .id = SOC_FW_CONTENT_CERT,
97 .opt = "soc-fw-cert",
98 .help_msg = "SoC Firmware Content Certificate (output file)",
99 .cn = "SoC Firmware Content Certificate",
100 .key = SOC_FW_CONTENT_CERT_KEY,
101 .issuer = SOC_FW_CONTENT_CERT,
102 .ext = {
103 TRUSTED_FW_NVCOUNTER_EXT,
104 SOC_AP_FW_HASH_EXT,
105 SOC_FW_CONFIG_HASH_EXT,
106 },
107 .num_ext = 3
108 },
109
110 [TRUSTED_OS_FW_KEY_CERT] = {
111 .id = TRUSTED_OS_FW_KEY_CERT,
112 .opt = "tos-fw-key-cert",
113 .help_msg = "Trusted OS Firmware Key Certificate (output file)",
114 .cn = "Trusted OS Firmware Key Certificate",
115 .key = TRUSTED_WORLD_KEY,
116 .issuer = TRUSTED_OS_FW_KEY_CERT,
117 .ext = {
118 TRUSTED_FW_NVCOUNTER_EXT,
119 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
120 },
121 .num_ext = 2
122 },
123
124 [TRUSTED_OS_FW_CONTENT_CERT] = {
125 .id = TRUSTED_OS_FW_CONTENT_CERT,
126 .opt = "tos-fw-cert",
127 .help_msg = "Trusted OS Firmware Content Certificate (output file)",
128 .cn = "Trusted OS Firmware Content Certificate",
129 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
130 .issuer = TRUSTED_OS_FW_CONTENT_CERT,
131 .ext = {
132 TRUSTED_FW_NVCOUNTER_EXT,
133 TRUSTED_OS_FW_HASH_EXT,
134 TRUSTED_OS_FW_EXTRA1_HASH_EXT,
135 TRUSTED_OS_FW_EXTRA2_HASH_EXT,
136 TRUSTED_OS_FW_CONFIG_HASH_EXT,
137 },
138 .num_ext = 5
139 },
140
Manish Pandey0a658842020-05-22 12:27:28 +0100141 [SIP_SECURE_PARTITION_CONTENT_CERT] = {
142 .id = SIP_SECURE_PARTITION_CONTENT_CERT,
143 .opt = "sip-sp-cert",
144 .help_msg = "SiP owned Secure Partition Content Certificate (output file)",
145 .fn = NULL,
146 .cn = "SiP owned Secure Partition Content Certificate",
147 .key = TRUSTED_WORLD_KEY,
148 .issuer = SIP_SECURE_PARTITION_CONTENT_CERT,
149 .ext = {
150 TRUSTED_FW_NVCOUNTER_EXT,
151 SP_PKG1_HASH_EXT,
152 SP_PKG2_HASH_EXT,
153 SP_PKG3_HASH_EXT,
154 SP_PKG4_HASH_EXT,
Manish Pandey3f0d7af2020-07-24 16:43:54 +0100155 },
156 .num_ext = 5
157 },
158
159 [PLAT_SECURE_PARTITION_CONTENT_CERT] = {
160 .id = PLAT_SECURE_PARTITION_CONTENT_CERT,
161 .opt = "plat-sp-cert",
162 .help_msg = "Platform owned Secure Partition Content Certificate (output file)",
163 .fn = NULL,
164 .cn = "Platform owned Secure Partition Content Certificate",
165 .key = PROT_KEY,
166 .issuer = PLAT_SECURE_PARTITION_CONTENT_CERT,
167 .ext = {
168 NON_TRUSTED_FW_NVCOUNTER_EXT,
Manish Pandey0a658842020-05-22 12:27:28 +0100169 SP_PKG5_HASH_EXT,
170 SP_PKG6_HASH_EXT,
171 SP_PKG7_HASH_EXT,
172 SP_PKG8_HASH_EXT,
Manish Pandey3f0d7af2020-07-24 16:43:54 +0100173 PROT_PK_EXT,
Manish Pandey0a658842020-05-22 12:27:28 +0100174 },
Manish Pandey3f0d7af2020-07-24 16:43:54 +0100175 .num_ext = 6
Manish Pandey0a658842020-05-22 12:27:28 +0100176 },
177
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100178 [FWU_CERT] = {
179 .id = FWU_CERT,
180 .opt = "fwu-cert",
181 .help_msg = "Firmware Update Certificate (output file)",
182 .cn = "Firmware Update Certificate",
183 .key = ROT_KEY,
184 .issuer = FWU_CERT,
185 .ext = {
186 SCP_FWU_CFG_HASH_EXT,
187 AP_FWU_CFG_HASH_EXT,
188 FWU_HASH_EXT
189 },
190 .num_ext = 3
191 },
192
193 [NON_TRUSTED_FW_CONTENT_CERT] = {
194 .id = NON_TRUSTED_FW_CONTENT_CERT,
195 .opt = "nt-fw-cert",
196 .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
197 .cn = "Non-Trusted Firmware Content Certificate",
198 .key = PROT_KEY,
199 .issuer = NON_TRUSTED_FW_CONTENT_CERT,
200 .ext = {
201 NON_TRUSTED_FW_NVCOUNTER_EXT,
202 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
203 NON_TRUSTED_FW_CONFIG_HASH_EXT,
204 PROT_PK_EXT,
205 },
206 .num_ext = 4
207 },
208};
209
210REGISTER_COT(cot_certs);
211
212
213/* Certificate extensions. */
214static ext_t cot_ext[] = {
215 [TRUSTED_FW_NVCOUNTER_EXT] = {
216 .oid = TRUSTED_FW_NVCOUNTER_OID,
217 .opt = "tfw-nvctr",
218 .help_msg = "Trusted Firmware Non-Volatile counter value",
219 .sn = "TrustedWorldNVCounter",
220 .ln = "Trusted World Non-Volatile counter",
221 .asn1_type = V_ASN1_INTEGER,
222 .type = EXT_TYPE_NVCOUNTER,
223 .attr.nvctr_type = NVCTR_TYPE_TFW
224 },
225
226 [TRUSTED_BOOT_FW_HASH_EXT] = {
227 .oid = TRUSTED_BOOT_FW_HASH_OID,
228 .opt = "tb-fw",
229 .help_msg = "Trusted Boot Firmware image file",
230 .sn = "TrustedBootFirmwareHash",
231 .ln = "Trusted Boot Firmware hash (SHA256)",
232 .asn1_type = V_ASN1_OCTET_STRING,
233 .type = EXT_TYPE_HASH
234 },
235
236 [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
237 .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
238 .opt = "tb-fw-config",
239 .help_msg = "Trusted Boot Firmware Config file",
240 .sn = "TrustedBootFirmwareConfigHash",
241 .ln = "Trusted Boot Firmware Config hash",
242 .asn1_type = V_ASN1_OCTET_STRING,
243 .type = EXT_TYPE_HASH,
244 .optional = 1
245 },
246
247 [HW_CONFIG_HASH_EXT] = {
248 .oid = HW_CONFIG_HASH_OID,
249 .opt = "hw-config",
250 .help_msg = "HW Config file",
251 .sn = "HWConfigHash",
252 .ln = "HW Config hash",
253 .asn1_type = V_ASN1_OCTET_STRING,
254 .type = EXT_TYPE_HASH,
255 .optional = 1
256 },
257
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100258 [FW_CONFIG_HASH_EXT] = {
259 .oid = FW_CONFIG_HASH_OID,
260 .opt = "fw-config",
261 .help_msg = "Firmware Config file",
262 .sn = "FirmwareConfigHash",
263 .ln = "Firmware Config hash",
264 .asn1_type = V_ASN1_OCTET_STRING,
265 .type = EXT_TYPE_HASH,
266 .optional = 1
267 },
268
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100269 [TRUSTED_WORLD_PK_EXT] = {
270 .oid = TRUSTED_WORLD_PK_OID,
271 .sn = "TrustedWorldPublicKey",
272 .ln = "Trusted World Public Key",
273 .asn1_type = V_ASN1_OCTET_STRING,
274 .type = EXT_TYPE_PKEY,
275 .attr.key = TRUSTED_WORLD_KEY
276 },
277
278 [SCP_FW_CONTENT_CERT_PK_EXT] = {
279 .oid = SCP_FW_CONTENT_CERT_PK_OID,
280 .sn = "SCPFirmwareContentCertPK",
281 .ln = "SCP Firmware content certificate public key",
282 .asn1_type = V_ASN1_OCTET_STRING,
283 .type = EXT_TYPE_PKEY,
284 .attr.key = SCP_FW_CONTENT_CERT_KEY
285 },
286
287 [SCP_FW_HASH_EXT] = {
288 .oid = SCP_FW_HASH_OID,
289 .opt = "scp-fw",
290 .help_msg = "SCP Firmware image file",
291 .sn = "SCPFirmwareHash",
292 .ln = "SCP Firmware hash (SHA256)",
293 .asn1_type = V_ASN1_OCTET_STRING,
294 .type = EXT_TYPE_HASH
295 },
296
297 [SOC_FW_CONTENT_CERT_PK_EXT] = {
298 .oid = SOC_FW_CONTENT_CERT_PK_OID,
299 .sn = "SoCFirmwareContentCertPK",
300 .ln = "SoC Firmware content certificate public key",
301 .asn1_type = V_ASN1_OCTET_STRING,
302 .type = EXT_TYPE_PKEY,
303 .attr.key = SOC_FW_CONTENT_CERT_KEY
304 },
305
306 [SOC_AP_FW_HASH_EXT] = {
307 .oid = SOC_AP_FW_HASH_OID,
308 .opt = "soc-fw",
309 .help_msg = "SoC AP Firmware image file",
310 .sn = "SoCAPFirmwareHash",
311 .ln = "SoC AP Firmware hash (SHA256)",
312 .asn1_type = V_ASN1_OCTET_STRING,
313 .type = EXT_TYPE_HASH
314 },
315
316 [SOC_FW_CONFIG_HASH_EXT] = {
317 .oid = SOC_FW_CONFIG_HASH_OID,
318 .opt = "soc-fw-config",
319 .help_msg = "SoC Firmware Config file",
320 .sn = "SocFirmwareConfigHash",
321 .ln = "SoC Firmware Config hash",
322 .asn1_type = V_ASN1_OCTET_STRING,
323 .type = EXT_TYPE_HASH,
324 .optional = 1
325 },
326
327 [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
328 .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
329 .sn = "TrustedOSFirmwareContentCertPK",
330 .ln = "Trusted OS Firmware content certificate public key",
331 .asn1_type = V_ASN1_OCTET_STRING,
332 .type = EXT_TYPE_PKEY,
333 .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
334 },
335
336 [TRUSTED_OS_FW_HASH_EXT] = {
337 .oid = TRUSTED_OS_FW_HASH_OID,
338 .opt = "tos-fw",
339 .help_msg = "Trusted OS image file",
340 .sn = "TrustedOSHash",
341 .ln = "Trusted OS hash (SHA256)",
342 .asn1_type = V_ASN1_OCTET_STRING,
343 .type = EXT_TYPE_HASH
344 },
345
346 [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
347 .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
348 .opt = "tos-fw-extra1",
349 .help_msg = "Trusted OS Extra1 image file",
350 .sn = "TrustedOSExtra1Hash",
351 .ln = "Trusted OS Extra1 hash (SHA256)",
352 .asn1_type = V_ASN1_OCTET_STRING,
353 .type = EXT_TYPE_HASH,
354 .optional = 1
355 },
356
357 [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
358 .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
359 .opt = "tos-fw-extra2",
360 .help_msg = "Trusted OS Extra2 image file",
361 .sn = "TrustedOSExtra2Hash",
362 .ln = "Trusted OS Extra2 hash (SHA256)",
363 .asn1_type = V_ASN1_OCTET_STRING,
364 .type = EXT_TYPE_HASH,
365 .optional = 1
366 },
367
368 [TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
369 .oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
370 .opt = "tos-fw-config",
371 .help_msg = "Trusted OS Firmware Config file",
372 .sn = "TrustedOSFirmwareConfigHash",
373 .ln = "Trusted OS Firmware Config hash",
374 .asn1_type = V_ASN1_OCTET_STRING,
375 .type = EXT_TYPE_HASH,
376 .optional = 1
377 },
378
Manish Pandey0a658842020-05-22 12:27:28 +0100379 [SP_PKG1_HASH_EXT] = {
380 .oid = SP_PKG1_HASH_OID,
381 .opt = "sp-pkg1",
382 .help_msg = "Secure Partition Package1 file",
383 .sn = "SPPkg1Hash",
384 .ln = "SP Pkg1 hash (SHA256)",
385 .asn1_type = V_ASN1_OCTET_STRING,
386 .type = EXT_TYPE_HASH,
387 .optional = 1
388 },
389 [SP_PKG2_HASH_EXT] = {
390 .oid = SP_PKG2_HASH_OID,
391 .opt = "sp-pkg2",
392 .help_msg = "Secure Partition Package2 file",
393 .sn = "SPPkg2Hash",
394 .ln = "SP Pkg2 hash (SHA256)",
395 .asn1_type = V_ASN1_OCTET_STRING,
396 .type = EXT_TYPE_HASH,
397 .optional = 1
398 },
399 [SP_PKG3_HASH_EXT] = {
400 .oid = SP_PKG3_HASH_OID,
401 .opt = "sp-pkg3",
402 .help_msg = "Secure Partition Package3 file",
403 .sn = "SPPkg3Hash",
404 .ln = "SP Pkg3 hash (SHA256)",
405 .asn1_type = V_ASN1_OCTET_STRING,
406 .type = EXT_TYPE_HASH,
407 .optional = 1
408 },
409 [SP_PKG4_HASH_EXT] = {
410 .oid = SP_PKG4_HASH_OID,
411 .opt = "sp-pkg4",
412 .help_msg = "Secure Partition Package4 file",
413 .sn = "SPPkg4Hash",
414 .ln = "SP Pkg4 hash (SHA256)",
415 .asn1_type = V_ASN1_OCTET_STRING,
416 .type = EXT_TYPE_HASH,
417 .optional = 1
418 },
419 [SP_PKG5_HASH_EXT] = {
420 .oid = SP_PKG5_HASH_OID,
421 .opt = "sp-pkg5",
422 .help_msg = "Secure Partition Package5 file",
423 .sn = "SPPkg5Hash",
424 .ln = "SP Pkg5 hash (SHA256)",
425 .asn1_type = V_ASN1_OCTET_STRING,
426 .type = EXT_TYPE_HASH,
427 .optional = 1
428 },
429 [SP_PKG6_HASH_EXT] = {
430 .oid = SP_PKG6_HASH_OID,
431 .opt = "sp-pkg6",
432 .help_msg = "Secure Partition Package6 file",
433 .sn = "SPPkg6Hash",
434 .ln = "SP Pkg6 hash (SHA256)",
435 .asn1_type = V_ASN1_OCTET_STRING,
436 .type = EXT_TYPE_HASH,
437 .optional = 1
438 },
439 [SP_PKG7_HASH_EXT] = {
440 .oid = SP_PKG7_HASH_OID,
441 .opt = "sp-pkg7",
442 .help_msg = "Secure Partition Package7 file",
443 .sn = "SPPkg7Hash",
444 .ln = "SP Pkg7 hash (SHA256)",
445 .asn1_type = V_ASN1_OCTET_STRING,
446 .type = EXT_TYPE_HASH,
447 .optional = 1
448 },
449 [SP_PKG8_HASH_EXT] = {
450 .oid = SP_PKG8_HASH_OID,
451 .opt = "sp-pkg8",
452 .help_msg = "Secure Partition Package8 file",
453 .sn = "SPPkg8Hash",
454 .ln = "SP Pkg8 hash (SHA256)",
455 .asn1_type = V_ASN1_OCTET_STRING,
456 .type = EXT_TYPE_HASH,
457 .optional = 1
458 },
459
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100460 [SCP_FWU_CFG_HASH_EXT] = {
461 .oid = SCP_FWU_CFG_HASH_OID,
462 .opt = "scp-fwu-cfg",
463 .help_msg = "SCP Firmware Update Config image file",
464 .sn = "SCPFWUpdateConfig",
465 .ln = "SCP Firmware Update Config hash (SHA256)",
466 .asn1_type = V_ASN1_OCTET_STRING,
467 .type = EXT_TYPE_HASH,
468 .optional = 1
469 },
470
471 [AP_FWU_CFG_HASH_EXT] = {
472 .oid = AP_FWU_CFG_HASH_OID,
473 .opt = "ap-fwu-cfg",
474 .help_msg = "AP Firmware Update Config image file",
475 .sn = "APFWUpdateConfig",
476 .ln = "AP Firmware Update Config hash (SHA256)",
477 .asn1_type = V_ASN1_OCTET_STRING,
478 .type = EXT_TYPE_HASH,
479 .optional = 1
480 },
481
482 [FWU_HASH_EXT] = {
483 .oid = FWU_HASH_OID,
484 .opt = "fwu",
485 .help_msg = "Firmware Updater image file",
486 .sn = "FWUpdaterHash",
487 .ln = "Firmware Updater hash (SHA256)",
488 .asn1_type = V_ASN1_OCTET_STRING,
489 .type = EXT_TYPE_HASH,
490 .optional = 1
491 },
492
493 [PROT_PK_EXT] = {
494 .oid = PROT_PK_OID,
495 .sn = "PlatformRoTKey",
496 .ln = "Platform Root of Trust Public Key",
497 .asn1_type = V_ASN1_OCTET_STRING,
498 .type = EXT_TYPE_PKEY,
499 .attr.key = PROT_KEY
500 },
501
502 [NON_TRUSTED_FW_NVCOUNTER_EXT] = {
503 .oid = NON_TRUSTED_FW_NVCOUNTER_OID,
504 .opt = "ntfw-nvctr",
505 .help_msg = "Non-Trusted Firmware Non-Volatile counter value",
506 .sn = "NormalWorldNVCounter",
507 .ln = "Non-Trusted Firmware Non-Volatile counter",
508 .asn1_type = V_ASN1_INTEGER,
509 .type = EXT_TYPE_NVCOUNTER,
510 .attr.nvctr_type = NVCTR_TYPE_NTFW
511 },
512
513 [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
514 .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
515 .opt = "nt-fw",
516 .help_msg = "Non-Trusted World Bootloader image file",
517 .sn = "NonTrustedWorldBootloaderHash",
518 .ln = "Non-Trusted World hash (SHA256)",
519 .asn1_type = V_ASN1_OCTET_STRING,
520 .type = EXT_TYPE_HASH
521 },
522
523 [NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
524 .oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
525 .opt = "nt-fw-config",
526 .help_msg = "Non Trusted OS Firmware Config file",
527 .sn = "NonTrustedOSFirmwareConfigHash",
528 .ln = "Non-Trusted OS Firmware Config hash",
529 .asn1_type = V_ASN1_OCTET_STRING,
530 .type = EXT_TYPE_HASH,
531 .optional = 1
532 },
533};
534
535REGISTER_EXTENSIONS(cot_ext);
536
537
538/* Keys used to establish the chain of trust. */
539static key_t cot_keys[] = {
540 [ROT_KEY] = {
541 .id = ROT_KEY,
542 .opt = "rot-key",
Robin van der Gracht06b5cdb2023-09-12 11:16:23 +0200543 .help_msg = "Root Of Trust key file or PKCS11 URI",
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100544 .desc = "Root Of Trust key"
545 },
546
547 [TRUSTED_WORLD_KEY] = {
548 .id = TRUSTED_WORLD_KEY,
549 .opt = "trusted-world-key",
Robin van der Gracht06b5cdb2023-09-12 11:16:23 +0200550 .help_msg = "Trusted World key file or PKCS11 URI",
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100551 .desc = "Trusted World key"
552 },
553
554 [SCP_FW_CONTENT_CERT_KEY] = {
555 .id = SCP_FW_CONTENT_CERT_KEY,
556 .opt = "scp-fw-key",
Robin van der Gracht06b5cdb2023-09-12 11:16:23 +0200557 .help_msg = "SCP Firmware Content Certificate key file or PKCS11 URI",
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100558 .desc = "SCP Firmware Content Certificate key"
559 },
560
561 [SOC_FW_CONTENT_CERT_KEY] = {
562 .id = SOC_FW_CONTENT_CERT_KEY,
563 .opt = "soc-fw-key",
Robin van der Gracht06b5cdb2023-09-12 11:16:23 +0200564 .help_msg = "SoC Firmware Content Certificate key file or PKCS11 URI",
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100565 .desc = "SoC Firmware Content Certificate key"
566 },
567
568 [TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
569 .id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
570 .opt = "tos-fw-key",
Robin van der Gracht06b5cdb2023-09-12 11:16:23 +0200571 .help_msg = "Trusted OS Firmware Content Certificate key file or PKCS11 URI",
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100572 .desc = "Trusted OS Firmware Content Certificate key"
573 },
574
575 [PROT_KEY] = {
576 .id = PROT_KEY,
577 .opt = "prot-key",
Robin van der Gracht06b5cdb2023-09-12 11:16:23 +0200578 .help_msg = "Platform Root of Trust key file or PKCS11 URI",
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100579 .desc = "Platform Root of Trust key"
580 },
581};
582
583REGISTER_KEYS(cot_keys);