Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 424e3a8daadcfce5930a999e6481f61eca6d7faa / . / tools / cert_create / src / tbbr / tbb_cert.c
blob: f4fe63dc35cf45ad045eea5795a108efadb4f96a [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]1/*
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100[diff] [blame]2 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]5 */
6
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]7#include "tbbr/tbb_cert.h"
8#include "tbbr/tbb_ext.h"
9#include "tbbr/tbb_key.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]10
11/*
12 * Certificates used in the chain of trust
13 *
14 * The order of the certificates must follow the enumeration specified in
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]15 * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16 * field points to itself.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]17 */
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]18static cert_t tbb_certs[] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]19 [TRUSTED_BOOT_FW_CERT] = {
20 .id = TRUSTED_BOOT_FW_CERT,
21 .opt = "tb-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]22 .help_msg = "Trusted Boot FW Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]23 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]24 .cn = "Trusted Boot FW Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]25 .key = ROT_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]26 .issuer = TRUSTED_BOOT_FW_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]27 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]28 TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]29 TRUSTED_BOOT_FW_HASH_EXT,
30 TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100[diff] [blame]31 HW_CONFIG_HASH_EXT,
32 FW_CONFIG_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]33 },
Manish V Badarkhea1ffcf72020-06-11 21:08:45 +0100[diff] [blame]34 .num_ext = 5
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]35 },
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]36 [TRUSTED_KEY_CERT] = {
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]37 .id = TRUSTED_KEY_CERT,
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]38 .opt = "trusted-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]39 .help_msg = "Trusted Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]40 .fn = NULL,
41 .cn = "Trusted Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]42 .key = ROT_KEY,
43 .issuer = TRUSTED_KEY_CERT,
44 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]45 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]46 TRUSTED_WORLD_PK_EXT,
47 NON_TRUSTED_WORLD_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]48 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]49 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]50 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]51 [SCP_FW_KEY_CERT] = {
52 .id = SCP_FW_KEY_CERT,
53 .opt = "scp-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]54 .help_msg = "SCP Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]55 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]56 .cn = "SCP Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]57 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]58 .issuer = SCP_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]59 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]60 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]61 SCP_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]62 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]63 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]64 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]65 [SCP_FW_CONTENT_CERT] = {
66 .id = SCP_FW_CONTENT_CERT,
67 .opt = "scp-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]68 .help_msg = "SCP Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]69 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]70 .cn = "SCP Firmware Content Certificate",
71 .key = SCP_FW_CONTENT_CERT_KEY,
72 .issuer = SCP_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]73 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]74 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]75 SCP_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]76 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]77 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]78 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]79 [SOC_FW_KEY_CERT] = {
80 .id = SOC_FW_KEY_CERT,
81 .opt = "soc-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]82 .help_msg = "SoC Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]83 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]84 .cn = "SoC Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]85 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]86 .issuer = SOC_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]87 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]88 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]89 SOC_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]90 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]91 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]92 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]93 [SOC_FW_CONTENT_CERT] = {
94 .id = SOC_FW_CONTENT_CERT,
95 .opt = "soc-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]96 .help_msg = "SoC Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]97 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]98 .cn = "SoC Firmware Content Certificate",
99 .key = SOC_FW_CONTENT_CERT_KEY,
100 .issuer = SOC_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]101 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]102 TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]103 SOC_AP_FW_HASH_EXT,
104 SOC_FW_CONFIG_HASH_EXT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]105 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]106 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]107 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]108 [TRUSTED_OS_FW_KEY_CERT] = {
109 .id = TRUSTED_OS_FW_KEY_CERT,
110 .opt = "tos-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]111 .help_msg = "Trusted OS Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]112 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]113 .cn = "Trusted OS Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]114 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]115 .issuer = TRUSTED_OS_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]116 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]117 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]118 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]119 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]120 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]121 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]122 [TRUSTED_OS_FW_CONTENT_CERT] = {
123 .id = TRUSTED_OS_FW_CONTENT_CERT,
124 .opt = "tos-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]125 .help_msg = "Trusted OS Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]126 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]127 .cn = "Trusted OS Firmware Content Certificate",
128 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
129 .issuer = TRUSTED_OS_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]130 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]131 TRUSTED_FW_NVCOUNTER_EXT,
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]132 TRUSTED_OS_FW_HASH_EXT,
133 TRUSTED_OS_FW_EXTRA1_HASH_EXT,
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]134 TRUSTED_OS_FW_EXTRA2_HASH_EXT,
135 TRUSTED_OS_FW_CONFIG_HASH_EXT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]136 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]137 .num_ext = 5
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]138 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]139 [NON_TRUSTED_FW_KEY_CERT] = {
140 .id = NON_TRUSTED_FW_KEY_CERT,
141 .opt = "nt-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]142 .help_msg = "Non-Trusted Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]143 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]144 .cn = "Non-Trusted Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]145 .key = NON_TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]146 .issuer = NON_TRUSTED_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]147 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]148 NON_TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]149 NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]150 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]151 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]152 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]153 [NON_TRUSTED_FW_CONTENT_CERT] = {
154 .id = NON_TRUSTED_FW_CONTENT_CERT,
155 .opt = "nt-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]156 .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]157 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]158 .cn = "Non-Trusted Firmware Content Certificate",
159 .key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
160 .issuer = NON_TRUSTED_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]161 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]162 NON_TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]163 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
164 NON_TRUSTED_FW_CONFIG_HASH_EXT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]165 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]166 .num_ext = 3
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]167 },
Manish Pandeyc70b4b42020-06-10 15:50:36 +0100[diff] [blame]168 [SIP_SECURE_PARTITION_CONTENT_CERT] = {
169 .id = SIP_SECURE_PARTITION_CONTENT_CERT,
170 .opt = "sip-sp-cert",
171 .help_msg = "SiP owned Secure Partition Content Certificate (output file)",
172 .fn = NULL,
173 .cn = "SiP owned Secure Partition Content Certificate",
174 .key = TRUSTED_WORLD_KEY,
175 .issuer = SIP_SECURE_PARTITION_CONTENT_CERT,
176 .ext = {
177 TRUSTED_FW_NVCOUNTER_EXT,
178 SP_PKG1_HASH_EXT,
179 SP_PKG2_HASH_EXT,
180 SP_PKG3_HASH_EXT,
181 SP_PKG4_HASH_EXT,
182 SP_PKG5_HASH_EXT,
183 SP_PKG6_HASH_EXT,
184 SP_PKG7_HASH_EXT,
185 SP_PKG8_HASH_EXT,
186 },
187 .num_ext = 9
188 },
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]189 [FWU_CERT] = {
190 .id = FWU_CERT,
191 .opt = "fwu-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]192 .help_msg = "Firmware Update Certificate (output file)",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]193 .fn = NULL,
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]194 .cn = "Firmware Update Certificate",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]195 .key = ROT_KEY,
196 .issuer = FWU_CERT,
197 .ext = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]198 SCP_FWU_CFG_HASH_EXT,
199 AP_FWU_CFG_HASH_EXT,
200 FWU_HASH_EXT
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]201 },
202 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]203 }
204};
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]205
206REGISTER_COT(tbb_certs);