Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 45e39e24089883a70c6e228ac92f452505a9b1be / . / tools / cert_create / src / tbbr / tbb_cert.c
blob: 325b46223e81a0da5bca20f9f173752ad7166747 [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]1/*
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]5 */
6
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]7#include "tbbr/tbb_cert.h"
8#include "tbbr/tbb_ext.h"
9#include "tbbr/tbb_key.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]10
11/*
12 * Certificates used in the chain of trust
13 *
14 * The order of the certificates must follow the enumeration specified in
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]15 * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16 * field points to itself.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]17 */
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]18static cert_t tbb_certs[] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]19 [TRUSTED_BOOT_FW_CERT] = {
20 .id = TRUSTED_BOOT_FW_CERT,
21 .opt = "tb-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]22 .help_msg = "Trusted Boot FW Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]23 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]24 .cn = "Trusted Boot FW Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]25 .key = ROT_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]26 .issuer = TRUSTED_BOOT_FW_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]27 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]28 TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]29 TRUSTED_BOOT_FW_HASH_EXT,
30 TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
31 HW_CONFIG_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]32 },
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]33 .num_ext = 4
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]34 },
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]35 [TRUSTED_KEY_CERT] = {
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]36 .id = TRUSTED_KEY_CERT,
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]37 .opt = "trusted-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]38 .help_msg = "Trusted Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]39 .fn = NULL,
40 .cn = "Trusted Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]41 .key = ROT_KEY,
42 .issuer = TRUSTED_KEY_CERT,
43 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]44 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]45 TRUSTED_WORLD_PK_EXT,
46 NON_TRUSTED_WORLD_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]47 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]48 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]49 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]50 [SCP_FW_KEY_CERT] = {
51 .id = SCP_FW_KEY_CERT,
52 .opt = "scp-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]53 .help_msg = "SCP Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]54 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]55 .cn = "SCP Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]56 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]57 .issuer = SCP_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]58 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]59 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]60 SCP_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]61 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]62 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]63 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]64 [SCP_FW_CONTENT_CERT] = {
65 .id = SCP_FW_CONTENT_CERT,
66 .opt = "scp-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]67 .help_msg = "SCP Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]68 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]69 .cn = "SCP Firmware Content Certificate",
70 .key = SCP_FW_CONTENT_CERT_KEY,
71 .issuer = SCP_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]72 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]73 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]74 SCP_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]75 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]76 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]77 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]78 [SOC_FW_KEY_CERT] = {
79 .id = SOC_FW_KEY_CERT,
80 .opt = "soc-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]81 .help_msg = "SoC Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]82 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]83 .cn = "SoC Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]84 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]85 .issuer = SOC_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]86 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]87 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]88 SOC_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]89 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]90 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]91 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]92 [SOC_FW_CONTENT_CERT] = {
93 .id = SOC_FW_CONTENT_CERT,
94 .opt = "soc-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]95 .help_msg = "SoC Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]96 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]97 .cn = "SoC Firmware Content Certificate",
98 .key = SOC_FW_CONTENT_CERT_KEY,
99 .issuer = SOC_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]100 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]101 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]102 SOC_AP_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]103 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]104 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]105 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]106 [TRUSTED_OS_FW_KEY_CERT] = {
107 .id = TRUSTED_OS_FW_KEY_CERT,
108 .opt = "tos-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]109 .help_msg = "Trusted OS Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]110 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]111 .cn = "Trusted OS Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]112 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]113 .issuer = TRUSTED_OS_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]114 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]115 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]116 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]117 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]118 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]119 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]120 [TRUSTED_OS_FW_CONTENT_CERT] = {
121 .id = TRUSTED_OS_FW_CONTENT_CERT,
122 .opt = "tos-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]123 .help_msg = "Trusted OS Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]124 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]125 .cn = "Trusted OS Firmware Content Certificate",
126 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
127 .issuer = TRUSTED_OS_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]128 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]129 TRUSTED_FW_NVCOUNTER_EXT,
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]130 TRUSTED_OS_FW_HASH_EXT,
131 TRUSTED_OS_FW_EXTRA1_HASH_EXT,
132 TRUSTED_OS_FW_EXTRA2_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]133 },
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]134 .num_ext = 4
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]135 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]136 [NON_TRUSTED_FW_KEY_CERT] = {
137 .id = NON_TRUSTED_FW_KEY_CERT,
138 .opt = "nt-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]139 .help_msg = "Non-Trusted Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]140 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]141 .cn = "Non-Trusted Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]142 .key = NON_TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]143 .issuer = NON_TRUSTED_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]144 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]145 NON_TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]146 NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]147 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]148 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]149 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]150 [NON_TRUSTED_FW_CONTENT_CERT] = {
151 .id = NON_TRUSTED_FW_CONTENT_CERT,
152 .opt = "nt-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]153 .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]154 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]155 .cn = "Non-Trusted Firmware Content Certificate",
156 .key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
157 .issuer = NON_TRUSTED_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]158 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]159 NON_TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]160 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]161 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]162 .num_ext = 2
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]163 },
164 [FWU_CERT] = {
165 .id = FWU_CERT,
166 .opt = "fwu-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]167 .help_msg = "Firmware Update Certificate (output file)",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]168 .fn = NULL,
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]169 .cn = "Firmware Update Certificate",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]170 .key = ROT_KEY,
171 .issuer = FWU_CERT,
172 .ext = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]173 SCP_FWU_CFG_HASH_EXT,
174 AP_FWU_CFG_HASH_EXT,
175 FWU_HASH_EXT
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]176 },
177 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]178 }
179};
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]180
181REGISTER_COT(tbb_certs);