Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 781ef5bc774ef33fd689f6864a76640c74f29e74 / . / tools / cert_create / src / dualroot / cot.c
blob: a12ea21ff3bd8d9e5bd58f08a23f9bf1cae9b879 [file] [log] [blame]
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100[diff] [blame]1/*
2 * Copyright (c) 2020, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <dualroot_oid.h>
8
9#include "cert.h"
10#include "ext.h"
11#include "key.h"
12
13#include "dualroot/cot.h"
14
15/*
16 * Certificates used in the chain of trust.
17 *
18 * All certificates are self-signed so the issuer certificate field points to
19 * itself.
20 */
21static cert_t cot_certs[] = {
22 [TRUSTED_BOOT_FW_CERT] = {
23 .id = TRUSTED_BOOT_FW_CERT,
24 .opt = "tb-fw-cert",
25 .help_msg = "Trusted Boot FW Certificate (output file)",
26 .cn = "Trusted Boot FW Certificate",
27 .key = ROT_KEY,
28 .issuer = TRUSTED_BOOT_FW_CERT,
29 .ext = {
30 TRUSTED_FW_NVCOUNTER_EXT,
31 TRUSTED_BOOT_FW_HASH_EXT,
32 TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100[diff] [blame]33 HW_CONFIG_HASH_EXT,
34 FW_CONFIG_HASH_EXT
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100[diff] [blame]35 },
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100[diff] [blame]36 .num_ext = 5
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100[diff] [blame]37 },
38
39 [TRUSTED_KEY_CERT] = {
40 .id = TRUSTED_KEY_CERT,
41 .opt = "trusted-key-cert",
42 .help_msg = "Trusted Key Certificate (output file)",
43 .cn = "Trusted Key Certificate",
44 .key = ROT_KEY,
45 .issuer = TRUSTED_KEY_CERT,
46 .ext = {
47 TRUSTED_FW_NVCOUNTER_EXT,
48 TRUSTED_WORLD_PK_EXT,
49 },
50 .num_ext = 2
51 },
52
53 [SCP_FW_KEY_CERT] = {
54 .id = SCP_FW_KEY_CERT,
55 .opt = "scp-fw-key-cert",
56 .help_msg = "SCP Firmware Key Certificate (output file)",
57 .cn = "SCP Firmware Key Certificate",
58 .key = TRUSTED_WORLD_KEY,
59 .issuer = SCP_FW_KEY_CERT,
60 .ext = {
61 TRUSTED_FW_NVCOUNTER_EXT,
62 SCP_FW_CONTENT_CERT_PK_EXT
63 },
64 .num_ext = 2
65 },
66
67 [SCP_FW_CONTENT_CERT] = {
68 .id = SCP_FW_CONTENT_CERT,
69 .opt = "scp-fw-cert",
70 .help_msg = "SCP Firmware Content Certificate (output file)",
71 .cn = "SCP Firmware Content Certificate",
72 .key = SCP_FW_CONTENT_CERT_KEY,
73 .issuer = SCP_FW_CONTENT_CERT,
74 .ext = {
75 TRUSTED_FW_NVCOUNTER_EXT,
76 SCP_FW_HASH_EXT
77 },
78 .num_ext = 2
79 },
80
81 [SOC_FW_KEY_CERT] = {
82 .id = SOC_FW_KEY_CERT,
83 .opt = "soc-fw-key-cert",
84 .help_msg = "SoC Firmware Key Certificate (output file)",
85 .cn = "SoC Firmware Key Certificate",
86 .key = TRUSTED_WORLD_KEY,
87 .issuer = SOC_FW_KEY_CERT,
88 .ext = {
89 TRUSTED_FW_NVCOUNTER_EXT,
90 SOC_FW_CONTENT_CERT_PK_EXT
91 },
92 .num_ext = 2
93 },
94
95 [SOC_FW_CONTENT_CERT] = {
96 .id = SOC_FW_CONTENT_CERT,
97 .opt = "soc-fw-cert",
98 .help_msg = "SoC Firmware Content Certificate (output file)",
99 .cn = "SoC Firmware Content Certificate",
100 .key = SOC_FW_CONTENT_CERT_KEY,
101 .issuer = SOC_FW_CONTENT_CERT,
102 .ext = {
103 TRUSTED_FW_NVCOUNTER_EXT,
104 SOC_AP_FW_HASH_EXT,
105 SOC_FW_CONFIG_HASH_EXT,
106 },
107 .num_ext = 3
108 },
109
110 [TRUSTED_OS_FW_KEY_CERT] = {
111 .id = TRUSTED_OS_FW_KEY_CERT,
112 .opt = "tos-fw-key-cert",
113 .help_msg = "Trusted OS Firmware Key Certificate (output file)",
114 .cn = "Trusted OS Firmware Key Certificate",
115 .key = TRUSTED_WORLD_KEY,
116 .issuer = TRUSTED_OS_FW_KEY_CERT,
117 .ext = {
118 TRUSTED_FW_NVCOUNTER_EXT,
119 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
120 },
121 .num_ext = 2
122 },
123
124 [TRUSTED_OS_FW_CONTENT_CERT] = {
125 .id = TRUSTED_OS_FW_CONTENT_CERT,
126 .opt = "tos-fw-cert",
127 .help_msg = "Trusted OS Firmware Content Certificate (output file)",
128 .cn = "Trusted OS Firmware Content Certificate",
129 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
130 .issuer = TRUSTED_OS_FW_CONTENT_CERT,
131 .ext = {
132 TRUSTED_FW_NVCOUNTER_EXT,
133 TRUSTED_OS_FW_HASH_EXT,
134 TRUSTED_OS_FW_EXTRA1_HASH_EXT,
135 TRUSTED_OS_FW_EXTRA2_HASH_EXT,
136 TRUSTED_OS_FW_CONFIG_HASH_EXT,
137 },
138 .num_ext = 5
139 },
140
Manish Pandey0a658842020-05-22 12:27:28 +0100[diff] [blame]141 [SIP_SECURE_PARTITION_CONTENT_CERT] = {
142 .id = SIP_SECURE_PARTITION_CONTENT_CERT,
143 .opt = "sip-sp-cert",
144 .help_msg = "SiP owned Secure Partition Content Certificate (output file)",
145 .fn = NULL,
146 .cn = "SiP owned Secure Partition Content Certificate",
147 .key = TRUSTED_WORLD_KEY,
148 .issuer = SIP_SECURE_PARTITION_CONTENT_CERT,
149 .ext = {
150 TRUSTED_FW_NVCOUNTER_EXT,
151 SP_PKG1_HASH_EXT,
152 SP_PKG2_HASH_EXT,
153 SP_PKG3_HASH_EXT,
154 SP_PKG4_HASH_EXT,
155 SP_PKG5_HASH_EXT,
156 SP_PKG6_HASH_EXT,
157 SP_PKG7_HASH_EXT,
158 SP_PKG8_HASH_EXT,
159 },
160 .num_ext = 9
161 },
162
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100[diff] [blame]163 [FWU_CERT] = {
164 .id = FWU_CERT,
165 .opt = "fwu-cert",
166 .help_msg = "Firmware Update Certificate (output file)",
167 .cn = "Firmware Update Certificate",
168 .key = ROT_KEY,
169 .issuer = FWU_CERT,
170 .ext = {
171 SCP_FWU_CFG_HASH_EXT,
172 AP_FWU_CFG_HASH_EXT,
173 FWU_HASH_EXT
174 },
175 .num_ext = 3
176 },
177
178 [NON_TRUSTED_FW_CONTENT_CERT] = {
179 .id = NON_TRUSTED_FW_CONTENT_CERT,
180 .opt = "nt-fw-cert",
181 .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
182 .cn = "Non-Trusted Firmware Content Certificate",
183 .key = PROT_KEY,
184 .issuer = NON_TRUSTED_FW_CONTENT_CERT,
185 .ext = {
186 NON_TRUSTED_FW_NVCOUNTER_EXT,
187 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
188 NON_TRUSTED_FW_CONFIG_HASH_EXT,
189 PROT_PK_EXT,
190 },
191 .num_ext = 4
192 },
193};
194
195REGISTER_COT(cot_certs);
196
197
198/* Certificate extensions. */
199static ext_t cot_ext[] = {
200 [TRUSTED_FW_NVCOUNTER_EXT] = {
201 .oid = TRUSTED_FW_NVCOUNTER_OID,
202 .opt = "tfw-nvctr",
203 .help_msg = "Trusted Firmware Non-Volatile counter value",
204 .sn = "TrustedWorldNVCounter",
205 .ln = "Trusted World Non-Volatile counter",
206 .asn1_type = V_ASN1_INTEGER,
207 .type = EXT_TYPE_NVCOUNTER,
208 .attr.nvctr_type = NVCTR_TYPE_TFW
209 },
210
211 [TRUSTED_BOOT_FW_HASH_EXT] = {
212 .oid = TRUSTED_BOOT_FW_HASH_OID,
213 .opt = "tb-fw",
214 .help_msg = "Trusted Boot Firmware image file",
215 .sn = "TrustedBootFirmwareHash",
216 .ln = "Trusted Boot Firmware hash (SHA256)",
217 .asn1_type = V_ASN1_OCTET_STRING,
218 .type = EXT_TYPE_HASH
219 },
220
221 [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
222 .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
223 .opt = "tb-fw-config",
224 .help_msg = "Trusted Boot Firmware Config file",
225 .sn = "TrustedBootFirmwareConfigHash",
226 .ln = "Trusted Boot Firmware Config hash",
227 .asn1_type = V_ASN1_OCTET_STRING,
228 .type = EXT_TYPE_HASH,
229 .optional = 1
230 },
231
232 [HW_CONFIG_HASH_EXT] = {
233 .oid = HW_CONFIG_HASH_OID,
234 .opt = "hw-config",
235 .help_msg = "HW Config file",
236 .sn = "HWConfigHash",
237 .ln = "HW Config hash",
238 .asn1_type = V_ASN1_OCTET_STRING,
239 .type = EXT_TYPE_HASH,
240 .optional = 1
241 },
242
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100[diff] [blame]243 [FW_CONFIG_HASH_EXT] = {
244 .oid = FW_CONFIG_HASH_OID,
245 .opt = "fw-config",
246 .help_msg = "Firmware Config file",
247 .sn = "FirmwareConfigHash",
248 .ln = "Firmware Config hash",
249 .asn1_type = V_ASN1_OCTET_STRING,
250 .type = EXT_TYPE_HASH,
251 .optional = 1
252 },
253
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100[diff] [blame]254 [TRUSTED_WORLD_PK_EXT] = {
255 .oid = TRUSTED_WORLD_PK_OID,
256 .sn = "TrustedWorldPublicKey",
257 .ln = "Trusted World Public Key",
258 .asn1_type = V_ASN1_OCTET_STRING,
259 .type = EXT_TYPE_PKEY,
260 .attr.key = TRUSTED_WORLD_KEY
261 },
262
263 [SCP_FW_CONTENT_CERT_PK_EXT] = {
264 .oid = SCP_FW_CONTENT_CERT_PK_OID,
265 .sn = "SCPFirmwareContentCertPK",
266 .ln = "SCP Firmware content certificate public key",
267 .asn1_type = V_ASN1_OCTET_STRING,
268 .type = EXT_TYPE_PKEY,
269 .attr.key = SCP_FW_CONTENT_CERT_KEY
270 },
271
272 [SCP_FW_HASH_EXT] = {
273 .oid = SCP_FW_HASH_OID,
274 .opt = "scp-fw",
275 .help_msg = "SCP Firmware image file",
276 .sn = "SCPFirmwareHash",
277 .ln = "SCP Firmware hash (SHA256)",
278 .asn1_type = V_ASN1_OCTET_STRING,
279 .type = EXT_TYPE_HASH
280 },
281
282 [SOC_FW_CONTENT_CERT_PK_EXT] = {
283 .oid = SOC_FW_CONTENT_CERT_PK_OID,
284 .sn = "SoCFirmwareContentCertPK",
285 .ln = "SoC Firmware content certificate public key",
286 .asn1_type = V_ASN1_OCTET_STRING,
287 .type = EXT_TYPE_PKEY,
288 .attr.key = SOC_FW_CONTENT_CERT_KEY
289 },
290
291 [SOC_AP_FW_HASH_EXT] = {
292 .oid = SOC_AP_FW_HASH_OID,
293 .opt = "soc-fw",
294 .help_msg = "SoC AP Firmware image file",
295 .sn = "SoCAPFirmwareHash",
296 .ln = "SoC AP Firmware hash (SHA256)",
297 .asn1_type = V_ASN1_OCTET_STRING,
298 .type = EXT_TYPE_HASH
299 },
300
301 [SOC_FW_CONFIG_HASH_EXT] = {
302 .oid = SOC_FW_CONFIG_HASH_OID,
303 .opt = "soc-fw-config",
304 .help_msg = "SoC Firmware Config file",
305 .sn = "SocFirmwareConfigHash",
306 .ln = "SoC Firmware Config hash",
307 .asn1_type = V_ASN1_OCTET_STRING,
308 .type = EXT_TYPE_HASH,
309 .optional = 1
310 },
311
312 [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
313 .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
314 .sn = "TrustedOSFirmwareContentCertPK",
315 .ln = "Trusted OS Firmware content certificate public key",
316 .asn1_type = V_ASN1_OCTET_STRING,
317 .type = EXT_TYPE_PKEY,
318 .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
319 },
320
321 [TRUSTED_OS_FW_HASH_EXT] = {
322 .oid = TRUSTED_OS_FW_HASH_OID,
323 .opt = "tos-fw",
324 .help_msg = "Trusted OS image file",
325 .sn = "TrustedOSHash",
326 .ln = "Trusted OS hash (SHA256)",
327 .asn1_type = V_ASN1_OCTET_STRING,
328 .type = EXT_TYPE_HASH
329 },
330
331 [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
332 .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
333 .opt = "tos-fw-extra1",
334 .help_msg = "Trusted OS Extra1 image file",
335 .sn = "TrustedOSExtra1Hash",
336 .ln = "Trusted OS Extra1 hash (SHA256)",
337 .asn1_type = V_ASN1_OCTET_STRING,
338 .type = EXT_TYPE_HASH,
339 .optional = 1
340 },
341
342 [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
343 .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
344 .opt = "tos-fw-extra2",
345 .help_msg = "Trusted OS Extra2 image file",
346 .sn = "TrustedOSExtra2Hash",
347 .ln = "Trusted OS Extra2 hash (SHA256)",
348 .asn1_type = V_ASN1_OCTET_STRING,
349 .type = EXT_TYPE_HASH,
350 .optional = 1
351 },
352
353 [TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
354 .oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
355 .opt = "tos-fw-config",
356 .help_msg = "Trusted OS Firmware Config file",
357 .sn = "TrustedOSFirmwareConfigHash",
358 .ln = "Trusted OS Firmware Config hash",
359 .asn1_type = V_ASN1_OCTET_STRING,
360 .type = EXT_TYPE_HASH,
361 .optional = 1
362 },
363
Manish Pandey0a658842020-05-22 12:27:28 +0100[diff] [blame]364 [SP_PKG1_HASH_EXT] = {
365 .oid = SP_PKG1_HASH_OID,
366 .opt = "sp-pkg1",
367 .help_msg = "Secure Partition Package1 file",
368 .sn = "SPPkg1Hash",
369 .ln = "SP Pkg1 hash (SHA256)",
370 .asn1_type = V_ASN1_OCTET_STRING,
371 .type = EXT_TYPE_HASH,
372 .optional = 1
373 },
374 [SP_PKG2_HASH_EXT] = {
375 .oid = SP_PKG2_HASH_OID,
376 .opt = "sp-pkg2",
377 .help_msg = "Secure Partition Package2 file",
378 .sn = "SPPkg2Hash",
379 .ln = "SP Pkg2 hash (SHA256)",
380 .asn1_type = V_ASN1_OCTET_STRING,
381 .type = EXT_TYPE_HASH,
382 .optional = 1
383 },
384 [SP_PKG3_HASH_EXT] = {
385 .oid = SP_PKG3_HASH_OID,
386 .opt = "sp-pkg3",
387 .help_msg = "Secure Partition Package3 file",
388 .sn = "SPPkg3Hash",
389 .ln = "SP Pkg3 hash (SHA256)",
390 .asn1_type = V_ASN1_OCTET_STRING,
391 .type = EXT_TYPE_HASH,
392 .optional = 1
393 },
394 [SP_PKG4_HASH_EXT] = {
395 .oid = SP_PKG4_HASH_OID,
396 .opt = "sp-pkg4",
397 .help_msg = "Secure Partition Package4 file",
398 .sn = "SPPkg4Hash",
399 .ln = "SP Pkg4 hash (SHA256)",
400 .asn1_type = V_ASN1_OCTET_STRING,
401 .type = EXT_TYPE_HASH,
402 .optional = 1
403 },
404 [SP_PKG5_HASH_EXT] = {
405 .oid = SP_PKG5_HASH_OID,
406 .opt = "sp-pkg5",
407 .help_msg = "Secure Partition Package5 file",
408 .sn = "SPPkg5Hash",
409 .ln = "SP Pkg5 hash (SHA256)",
410 .asn1_type = V_ASN1_OCTET_STRING,
411 .type = EXT_TYPE_HASH,
412 .optional = 1
413 },
414 [SP_PKG6_HASH_EXT] = {
415 .oid = SP_PKG6_HASH_OID,
416 .opt = "sp-pkg6",
417 .help_msg = "Secure Partition Package6 file",
418 .sn = "SPPkg6Hash",
419 .ln = "SP Pkg6 hash (SHA256)",
420 .asn1_type = V_ASN1_OCTET_STRING,
421 .type = EXT_TYPE_HASH,
422 .optional = 1
423 },
424 [SP_PKG7_HASH_EXT] = {
425 .oid = SP_PKG7_HASH_OID,
426 .opt = "sp-pkg7",
427 .help_msg = "Secure Partition Package7 file",
428 .sn = "SPPkg7Hash",
429 .ln = "SP Pkg7 hash (SHA256)",
430 .asn1_type = V_ASN1_OCTET_STRING,
431 .type = EXT_TYPE_HASH,
432 .optional = 1
433 },
434 [SP_PKG8_HASH_EXT] = {
435 .oid = SP_PKG8_HASH_OID,
436 .opt = "sp-pkg8",
437 .help_msg = "Secure Partition Package8 file",
438 .sn = "SPPkg8Hash",
439 .ln = "SP Pkg8 hash (SHA256)",
440 .asn1_type = V_ASN1_OCTET_STRING,
441 .type = EXT_TYPE_HASH,
442 .optional = 1
443 },
444
Sandrine Bailleux5d505082020-01-10 14:32:30 +0100[diff] [blame]445 [SCP_FWU_CFG_HASH_EXT] = {
446 .oid = SCP_FWU_CFG_HASH_OID,
447 .opt = "scp-fwu-cfg",
448 .help_msg = "SCP Firmware Update Config image file",
449 .sn = "SCPFWUpdateConfig",
450 .ln = "SCP Firmware Update Config hash (SHA256)",
451 .asn1_type = V_ASN1_OCTET_STRING,
452 .type = EXT_TYPE_HASH,
453 .optional = 1
454 },
455
456 [AP_FWU_CFG_HASH_EXT] = {
457 .oid = AP_FWU_CFG_HASH_OID,
458 .opt = "ap-fwu-cfg",
459 .help_msg = "AP Firmware Update Config image file",
460 .sn = "APFWUpdateConfig",
461 .ln = "AP Firmware Update Config hash (SHA256)",
462 .asn1_type = V_ASN1_OCTET_STRING,
463 .type = EXT_TYPE_HASH,
464 .optional = 1
465 },
466
467 [FWU_HASH_EXT] = {
468 .oid = FWU_HASH_OID,
469 .opt = "fwu",
470 .help_msg = "Firmware Updater image file",
471 .sn = "FWUpdaterHash",
472 .ln = "Firmware Updater hash (SHA256)",
473 .asn1_type = V_ASN1_OCTET_STRING,
474 .type = EXT_TYPE_HASH,
475 .optional = 1
476 },
477
478 [PROT_PK_EXT] = {
479 .oid = PROT_PK_OID,
480 .sn = "PlatformRoTKey",
481 .ln = "Platform Root of Trust Public Key",
482 .asn1_type = V_ASN1_OCTET_STRING,
483 .type = EXT_TYPE_PKEY,
484 .attr.key = PROT_KEY
485 },
486
487 [NON_TRUSTED_FW_NVCOUNTER_EXT] = {
488 .oid = NON_TRUSTED_FW_NVCOUNTER_OID,
489 .opt = "ntfw-nvctr",
490 .help_msg = "Non-Trusted Firmware Non-Volatile counter value",
491 .sn = "NormalWorldNVCounter",
492 .ln = "Non-Trusted Firmware Non-Volatile counter",
493 .asn1_type = V_ASN1_INTEGER,
494 .type = EXT_TYPE_NVCOUNTER,
495 .attr.nvctr_type = NVCTR_TYPE_NTFW
496 },
497
498 [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
499 .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
500 .opt = "nt-fw",
501 .help_msg = "Non-Trusted World Bootloader image file",
502 .sn = "NonTrustedWorldBootloaderHash",
503 .ln = "Non-Trusted World hash (SHA256)",
504 .asn1_type = V_ASN1_OCTET_STRING,
505 .type = EXT_TYPE_HASH
506 },
507
508 [NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
509 .oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
510 .opt = "nt-fw-config",
511 .help_msg = "Non Trusted OS Firmware Config file",
512 .sn = "NonTrustedOSFirmwareConfigHash",
513 .ln = "Non-Trusted OS Firmware Config hash",
514 .asn1_type = V_ASN1_OCTET_STRING,
515 .type = EXT_TYPE_HASH,
516 .optional = 1
517 },
518};
519
520REGISTER_EXTENSIONS(cot_ext);
521
522
523/* Keys used to establish the chain of trust. */
524static key_t cot_keys[] = {
525 [ROT_KEY] = {
526 .id = ROT_KEY,
527 .opt = "rot-key",
528 .help_msg = "Root Of Trust key (input/output file)",
529 .desc = "Root Of Trust key"
530 },
531
532 [TRUSTED_WORLD_KEY] = {
533 .id = TRUSTED_WORLD_KEY,
534 .opt = "trusted-world-key",
535 .help_msg = "Trusted World key (input/output file)",
536 .desc = "Trusted World key"
537 },
538
539 [SCP_FW_CONTENT_CERT_KEY] = {
540 .id = SCP_FW_CONTENT_CERT_KEY,
541 .opt = "scp-fw-key",
542 .help_msg = "SCP Firmware Content Certificate key (input/output file)",
543 .desc = "SCP Firmware Content Certificate key"
544 },
545
546 [SOC_FW_CONTENT_CERT_KEY] = {
547 .id = SOC_FW_CONTENT_CERT_KEY,
548 .opt = "soc-fw-key",
549 .help_msg = "SoC Firmware Content Certificate key (input/output file)",
550 .desc = "SoC Firmware Content Certificate key"
551 },
552
553 [TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
554 .id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
555 .opt = "tos-fw-key",
556 .help_msg = "Trusted OS Firmware Content Certificate key (input/output file)",
557 .desc = "Trusted OS Firmware Content Certificate key"
558 },
559
560 [PROT_KEY] = {
561 .id = PROT_KEY,
562 .opt = "prot-key",
563 .help_msg = "Platform Root of Trust key",
564 .desc = "Platform Root of Trust key"
565 },
566};
567
568REGISTER_KEYS(cot_keys);