Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 4bac045e1dc6eabad39a0fbabec42e91f142af04 / . / tools / cert_create / src / tbbr / tbb_cert.c
blob: 7fb32d82c869612c56c63a77418a95076397070d [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]1/*
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]5 */
6
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]7#include "tbbr/tbb_cert.h"
8#include "tbbr/tbb_ext.h"
9#include "tbbr/tbb_key.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]10
11/*
12 * Certificates used in the chain of trust
13 *
14 * The order of the certificates must follow the enumeration specified in
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]15 * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16 * field points to itself.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]17 */
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]18static cert_t tbb_certs[] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]19 [TRUSTED_BOOT_FW_CERT] = {
20 .id = TRUSTED_BOOT_FW_CERT,
21 .opt = "tb-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]22 .help_msg = "Trusted Boot FW Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]23 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]24 .cn = "Trusted Boot FW Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]25 .key = ROT_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]26 .issuer = TRUSTED_BOOT_FW_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]27 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]28 TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]29 TRUSTED_BOOT_FW_HASH_EXT,
30 TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
31 HW_CONFIG_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]32 },
Soby Mathew2ffb4732017-11-07 16:50:31 +0000[diff] [blame]33 .num_ext = 4
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]34 },
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]35 [TRUSTED_KEY_CERT] = {
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]36 .id = TRUSTED_KEY_CERT,
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]37 .opt = "trusted-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]38 .help_msg = "Trusted Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]39 .fn = NULL,
40 .cn = "Trusted Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]41 .key = ROT_KEY,
42 .issuer = TRUSTED_KEY_CERT,
43 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]44 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]45 TRUSTED_WORLD_PK_EXT,
46 NON_TRUSTED_WORLD_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]47 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]48 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]49 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]50 [SCP_FW_KEY_CERT] = {
51 .id = SCP_FW_KEY_CERT,
52 .opt = "scp-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]53 .help_msg = "SCP Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]54 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]55 .cn = "SCP Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]56 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]57 .issuer = SCP_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]58 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]59 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]60 SCP_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]61 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]62 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]63 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]64 [SCP_FW_CONTENT_CERT] = {
65 .id = SCP_FW_CONTENT_CERT,
66 .opt = "scp-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]67 .help_msg = "SCP Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]68 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]69 .cn = "SCP Firmware Content Certificate",
70 .key = SCP_FW_CONTENT_CERT_KEY,
71 .issuer = SCP_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]72 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]73 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]74 SCP_FW_HASH_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]75 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]76 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]77 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]78 [SOC_FW_KEY_CERT] = {
79 .id = SOC_FW_KEY_CERT,
80 .opt = "soc-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]81 .help_msg = "SoC Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]82 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]83 .cn = "SoC Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]84 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]85 .issuer = SOC_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]86 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]87 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]88 SOC_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]89 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]90 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]91 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]92 [SOC_FW_CONTENT_CERT] = {
93 .id = SOC_FW_CONTENT_CERT,
94 .opt = "soc-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]95 .help_msg = "SoC Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]96 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]97 .cn = "SoC Firmware Content Certificate",
98 .key = SOC_FW_CONTENT_CERT_KEY,
99 .issuer = SOC_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]100 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]101 TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]102 SOC_AP_FW_HASH_EXT,
103 SOC_FW_CONFIG_HASH_EXT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]104 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]105 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]106 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]107 [TRUSTED_OS_FW_KEY_CERT] = {
108 .id = TRUSTED_OS_FW_KEY_CERT,
109 .opt = "tos-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]110 .help_msg = "Trusted OS Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]111 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]112 .cn = "Trusted OS Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]113 .key = TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]114 .issuer = TRUSTED_OS_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]115 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]116 TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]117 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]118 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]119 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]120 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]121 [TRUSTED_OS_FW_CONTENT_CERT] = {
122 .id = TRUSTED_OS_FW_CONTENT_CERT,
123 .opt = "tos-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]124 .help_msg = "Trusted OS Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]125 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]126 .cn = "Trusted OS Firmware Content Certificate",
127 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
128 .issuer = TRUSTED_OS_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]129 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]130 TRUSTED_FW_NVCOUNTER_EXT,
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]131 TRUSTED_OS_FW_HASH_EXT,
132 TRUSTED_OS_FW_EXTRA1_HASH_EXT,
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]133 TRUSTED_OS_FW_EXTRA2_HASH_EXT,
134 TRUSTED_OS_FW_CONFIG_HASH_EXT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]135 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]136 .num_ext = 5
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]137 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]138 [NON_TRUSTED_FW_KEY_CERT] = {
139 .id = NON_TRUSTED_FW_KEY_CERT,
140 .opt = "nt-fw-key-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]141 .help_msg = "Non-Trusted Firmware Key Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]142 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]143 .cn = "Non-Trusted Firmware Key Certificate",
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]144 .key = NON_TRUSTED_WORLD_KEY,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]145 .issuer = NON_TRUSTED_FW_KEY_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]146 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]147 NON_TRUSTED_FW_NVCOUNTER_EXT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]148 NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]149 },
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]150 .num_ext = 2
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]151 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]152 [NON_TRUSTED_FW_CONTENT_CERT] = {
153 .id = NON_TRUSTED_FW_CONTENT_CERT,
154 .opt = "nt-fw-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]155 .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]156 .fn = NULL,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]157 .cn = "Non-Trusted Firmware Content Certificate",
158 .key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
159 .issuer = NON_TRUSTED_FW_CONTENT_CERT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]160 .ext = {
Juan Castillo43529982016-01-22 11:05:24 +0000[diff] [blame]161 NON_TRUSTED_FW_NVCOUNTER_EXT,
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]162 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
163 NON_TRUSTED_FW_CONFIG_HASH_EXT,
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]164 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]165 .num_ext = 3
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]166 },
167 [FWU_CERT] = {
168 .id = FWU_CERT,
169 .opt = "fwu-cert",
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]170 .help_msg = "Firmware Update Certificate (output file)",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]171 .fn = NULL,
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]172 .cn = "Firmware Update Certificate",
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]173 .key = ROT_KEY,
174 .issuer = FWU_CERT,
175 .ext = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]176 SCP_FWU_CFG_HASH_EXT,
177 AP_FWU_CFG_HASH_EXT,
178 FWU_HASH_EXT
Yatharth Kochar5752b592015-08-21 15:30:55 +0100[diff] [blame]179 },
180 .num_ext = 3
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]181 }
182};
Juan Castilloe6d30e92015-06-12 11:27:59 +0100[diff] [blame]183
184REGISTER_COT(tbb_certs);