| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 1 | /* |
| laurenw-arm | 9b4f9d5 | 2023-05-02 14:28:38 -0500 | [diff] [blame] | 2 | * Copyright (c) 2022-2023, Arm Limited. All rights reserved. |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include "cca/cca_cot.h" |
| 8 | |
| 9 | #include <cca_oid.h> |
| 10 | |
| 11 | #include "cert.h" |
| 12 | #include "ext.h" |
| 13 | #include "key.h" |
| 14 | |
| 15 | /* |
| 16 | * Certificates used in the chain of trust. |
| 17 | * |
| 18 | * All certificates are self-signed so the issuer certificate field points to |
| 19 | * itself. |
| 20 | */ |
| 21 | static cert_t cot_certs[] = { |
| 22 | [CCA_CONTENT_CERT] = { |
| 23 | .id = CCA_CONTENT_CERT, |
| 24 | .opt = "cca-cert", |
| 25 | .help_msg = "CCA Content Certificate (output file)", |
| 26 | .cn = "CCA Content Certificate", |
| 27 | .key = ROT_KEY, |
| 28 | .issuer = CCA_CONTENT_CERT, |
| 29 | .ext = { |
| laurenw-arm | 9b4f9d5 | 2023-05-02 14:28:38 -0500 | [diff] [blame] | 30 | CCA_FW_NVCOUNTER_EXT, |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 31 | SOC_AP_FW_HASH_EXT, |
| 32 | SOC_FW_CONFIG_HASH_EXT, |
| 33 | RMM_HASH_EXT, |
| 34 | TRUSTED_BOOT_FW_HASH_EXT, |
| 35 | TRUSTED_BOOT_FW_CONFIG_HASH_EXT, |
| 36 | HW_CONFIG_HASH_EXT, |
| 37 | FW_CONFIG_HASH_EXT, |
| 38 | }, |
| 39 | .num_ext = 8 |
| 40 | }, |
| 41 | |
| 42 | [CORE_SWD_KEY_CERT] = { |
| 43 | .id = CORE_SWD_KEY_CERT, |
| 44 | .opt = "core-swd-cert", |
| 45 | .help_msg = "Core Secure World Key Certificate (output file)", |
| 46 | .cn = "Core Secure World Key Certificate", |
| 47 | .key = SWD_ROT_KEY, |
| 48 | .issuer = CORE_SWD_KEY_CERT, |
| 49 | .ext = { |
| 50 | TRUSTED_FW_NVCOUNTER_EXT, |
| 51 | SWD_ROT_PK_EXT, |
| 52 | CORE_SWD_PK_EXT, |
| 53 | }, |
| 54 | .num_ext = 3 |
| 55 | }, |
| 56 | |
| 57 | [SPMC_CONTENT_CERT] = { |
| 58 | .id = SPMC_CONTENT_CERT, |
| 59 | .opt = "tos-fw-cert", |
| 60 | .help_msg = "SPMC Content Certificate (output file)", |
| 61 | .cn = "SPMC Content Certificate", |
| 62 | .key = CORE_SWD_KEY, |
| 63 | .issuer = SPMC_CONTENT_CERT, |
| 64 | .ext = { |
| 65 | TRUSTED_FW_NVCOUNTER_EXT, |
| 66 | TRUSTED_OS_FW_HASH_EXT, |
| 67 | TRUSTED_OS_FW_CONFIG_HASH_EXT, |
| 68 | }, |
| 69 | .num_ext = 3 |
| 70 | }, |
| 71 | |
| 72 | [SIP_SECURE_PARTITION_CONTENT_CERT] = { |
| 73 | .id = SIP_SECURE_PARTITION_CONTENT_CERT, |
| 74 | .opt = "sip-sp-cert", |
| 75 | .help_msg = "SiP owned Secure Partition Content Certificate (output file)", |
| 76 | .cn = "SiP owned Secure Partition Content Certificate", |
| 77 | .key = CORE_SWD_KEY, |
| 78 | .issuer = SIP_SECURE_PARTITION_CONTENT_CERT, |
| 79 | .ext = { |
| 80 | TRUSTED_FW_NVCOUNTER_EXT, |
| 81 | SP_PKG1_HASH_EXT, |
| 82 | SP_PKG2_HASH_EXT, |
| 83 | SP_PKG3_HASH_EXT, |
| 84 | SP_PKG4_HASH_EXT, |
| 85 | }, |
| 86 | .num_ext = 5 |
| 87 | }, |
| 88 | |
| 89 | [PLAT_KEY_CERT] = { |
| 90 | .id = PLAT_KEY_CERT, |
| 91 | .opt = "plat-key-cert", |
| 92 | .help_msg = "Platform Key Certificate (output file)", |
| 93 | .cn = "Platform Key Certificate", |
| 94 | .key = PROT_KEY, |
| 95 | .issuer = PLAT_KEY_CERT, |
| 96 | .ext = { |
| 97 | NON_TRUSTED_FW_NVCOUNTER_EXT, |
| 98 | PROT_PK_EXT, |
| 99 | PLAT_PK_EXT, |
| 100 | }, |
| 101 | .num_ext = 3 |
| 102 | }, |
| 103 | |
| 104 | [PLAT_SECURE_PARTITION_CONTENT_CERT] = { |
| 105 | .id = PLAT_SECURE_PARTITION_CONTENT_CERT, |
| 106 | .opt = "plat-sp-cert", |
| 107 | .help_msg = "Platform owned Secure Partition Content Certificate (output file)", |
| 108 | .cn = "Platform owned Secure Partition Content Certificate", |
| 109 | .key = PLAT_KEY, |
| 110 | .issuer = PLAT_SECURE_PARTITION_CONTENT_CERT, |
| 111 | .ext = { |
| 112 | NON_TRUSTED_FW_NVCOUNTER_EXT, |
| 113 | SP_PKG5_HASH_EXT, |
| 114 | SP_PKG6_HASH_EXT, |
| 115 | SP_PKG7_HASH_EXT, |
| 116 | SP_PKG8_HASH_EXT, |
| 117 | }, |
| 118 | .num_ext = 5 |
| 119 | }, |
| 120 | |
| 121 | [NON_TRUSTED_FW_CONTENT_CERT] = { |
| 122 | .id = NON_TRUSTED_FW_CONTENT_CERT, |
| 123 | .opt = "nt-fw-cert", |
| 124 | .help_msg = "Non-Trusted Firmware Content Certificate (output file)", |
| 125 | .cn = "Non-Trusted Firmware Content Certificate", |
| 126 | .key = PLAT_KEY, |
| 127 | .issuer = NON_TRUSTED_FW_CONTENT_CERT, |
| 128 | .ext = { |
| 129 | NON_TRUSTED_FW_NVCOUNTER_EXT, |
| 130 | NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, |
| 131 | NON_TRUSTED_FW_CONFIG_HASH_EXT, |
| 132 | }, |
| 133 | .num_ext = 3 |
| 134 | }, |
| 135 | }; |
| 136 | |
| 137 | REGISTER_COT(cot_certs); |
| 138 | |
| 139 | |
| 140 | /* Certificate extensions. */ |
| 141 | static ext_t cot_ext[] = { |
| laurenw-arm | 9b4f9d5 | 2023-05-02 14:28:38 -0500 | [diff] [blame] | 142 | [CCA_FW_NVCOUNTER_EXT] = { |
| 143 | .oid = CCA_FW_NVCOUNTER_OID, |
| 144 | .opt = "ccafw-nvctr", |
| 145 | .help_msg = "CCA Firmware Non-Volatile counter value", |
| 146 | .sn = "CCANVCounter", |
| 147 | .ln = "CCA Non-Volatile counter", |
| 148 | .asn1_type = V_ASN1_INTEGER, |
| 149 | .type = EXT_TYPE_NVCOUNTER, |
| 150 | .attr.nvctr_type = NVCTR_TYPE_CCAFW |
| 151 | }, |
| 152 | |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 153 | [TRUSTED_FW_NVCOUNTER_EXT] = { |
| 154 | .oid = TRUSTED_FW_NVCOUNTER_OID, |
| 155 | .opt = "tfw-nvctr", |
| 156 | .help_msg = "Trusted Firmware Non-Volatile counter value", |
| 157 | .sn = "TrustedWorldNVCounter", |
| 158 | .ln = "Trusted World Non-Volatile counter", |
| 159 | .asn1_type = V_ASN1_INTEGER, |
| 160 | .type = EXT_TYPE_NVCOUNTER, |
| 161 | .attr.nvctr_type = NVCTR_TYPE_TFW |
| 162 | }, |
| 163 | |
| 164 | [TRUSTED_BOOT_FW_HASH_EXT] = { |
| 165 | .oid = TRUSTED_BOOT_FW_HASH_OID, |
| 166 | .opt = "tb-fw", |
| 167 | .help_msg = "Trusted Boot Firmware image file", |
| 168 | .sn = "TrustedBootFirmwareHash", |
| 169 | .ln = "Trusted Boot Firmware hash (SHA256)", |
| 170 | .asn1_type = V_ASN1_OCTET_STRING, |
| 171 | .type = EXT_TYPE_HASH |
| 172 | }, |
| 173 | |
| 174 | [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { |
| 175 | .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, |
| 176 | .opt = "tb-fw-config", |
| 177 | .help_msg = "Trusted Boot Firmware Config file", |
| 178 | .sn = "TrustedBootFirmwareConfigHash", |
| 179 | .ln = "Trusted Boot Firmware Config hash", |
| 180 | .asn1_type = V_ASN1_OCTET_STRING, |
| 181 | .type = EXT_TYPE_HASH, |
| 182 | .optional = 1 |
| 183 | }, |
| 184 | |
| 185 | [HW_CONFIG_HASH_EXT] = { |
| 186 | .oid = HW_CONFIG_HASH_OID, |
| 187 | .opt = "hw-config", |
| 188 | .help_msg = "HW Config file", |
| 189 | .sn = "HWConfigHash", |
| 190 | .ln = "HW Config hash", |
| 191 | .asn1_type = V_ASN1_OCTET_STRING, |
| 192 | .type = EXT_TYPE_HASH, |
| 193 | .optional = 1 |
| 194 | }, |
| 195 | |
| 196 | [FW_CONFIG_HASH_EXT] = { |
| 197 | .oid = FW_CONFIG_HASH_OID, |
| 198 | .opt = "fw-config", |
| 199 | .help_msg = "Firmware Config file", |
| 200 | .sn = "FirmwareConfigHash", |
| 201 | .ln = "Firmware Config hash", |
| 202 | .asn1_type = V_ASN1_OCTET_STRING, |
| 203 | .type = EXT_TYPE_HASH, |
| 204 | .optional = 1 |
| 205 | }, |
| 206 | |
| 207 | [SWD_ROT_PK_EXT] = { |
| 208 | .oid = SWD_ROT_PK_OID, |
| 209 | .sn = "SWDRoTKey", |
| 210 | .ln = "Secure World Root of Trust Public Key", |
| 211 | .asn1_type = V_ASN1_OCTET_STRING, |
| 212 | .type = EXT_TYPE_PKEY, |
| 213 | .attr.key = SWD_ROT_KEY |
| 214 | }, |
| 215 | |
| 216 | [CORE_SWD_PK_EXT] = { |
| 217 | .oid = CORE_SWD_PK_OID, |
| 218 | .sn = "CORESWDKey", |
| 219 | .ln = "Core Secure World Public Key", |
| 220 | .asn1_type = V_ASN1_OCTET_STRING, |
| 221 | .type = EXT_TYPE_PKEY, |
| 222 | .attr.key = CORE_SWD_KEY |
| 223 | }, |
| 224 | |
| 225 | [SOC_AP_FW_HASH_EXT] = { |
| 226 | .oid = SOC_AP_FW_HASH_OID, |
| 227 | .opt = "soc-fw", |
| 228 | .help_msg = "SoC AP Firmware image file", |
| 229 | .sn = "SoCAPFirmwareHash", |
| 230 | .ln = "SoC AP Firmware hash (SHA256)", |
| 231 | .asn1_type = V_ASN1_OCTET_STRING, |
| 232 | .type = EXT_TYPE_HASH |
| 233 | }, |
| 234 | |
| 235 | [SOC_FW_CONFIG_HASH_EXT] = { |
| 236 | .oid = SOC_FW_CONFIG_HASH_OID, |
| 237 | .opt = "soc-fw-config", |
| 238 | .help_msg = "SoC Firmware Config file", |
| 239 | .sn = "SocFirmwareConfigHash", |
| 240 | .ln = "SoC Firmware Config hash", |
| 241 | .asn1_type = V_ASN1_OCTET_STRING, |
| 242 | .type = EXT_TYPE_HASH, |
| 243 | .optional = 1 |
| 244 | }, |
| 245 | |
| 246 | [RMM_HASH_EXT] = { |
| 247 | .oid = RMM_HASH_OID, |
| 248 | .opt = "rmm-fw", |
| 249 | .help_msg = "RMM Firmware image file", |
| 250 | .sn = "RMMFirmwareHash", |
| 251 | .ln = "RMM Firmware hash (SHA256)", |
| 252 | .asn1_type = V_ASN1_OCTET_STRING, |
| 253 | .type = EXT_TYPE_HASH |
| 254 | }, |
| 255 | |
| 256 | [TRUSTED_OS_FW_HASH_EXT] = { |
| 257 | .oid = TRUSTED_OS_FW_HASH_OID, |
| 258 | .opt = "tos-fw", |
| 259 | .help_msg = "Trusted OS image file", |
| 260 | .sn = "TrustedOSHash", |
| 261 | .ln = "Trusted OS hash (SHA256)", |
| 262 | .asn1_type = V_ASN1_OCTET_STRING, |
| 263 | .type = EXT_TYPE_HASH |
| 264 | }, |
| 265 | |
| 266 | [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { |
| 267 | .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, |
| 268 | .opt = "tos-fw-config", |
| 269 | .help_msg = "Trusted OS Firmware Config file", |
| 270 | .sn = "TrustedOSFirmwareConfigHash", |
| 271 | .ln = "Trusted OS Firmware Config hash", |
| 272 | .asn1_type = V_ASN1_OCTET_STRING, |
| 273 | .type = EXT_TYPE_HASH, |
| 274 | .optional = 1 |
| 275 | }, |
| 276 | |
| 277 | [SP_PKG1_HASH_EXT] = { |
| 278 | .oid = SP_PKG1_HASH_OID, |
| 279 | .opt = "sp-pkg1", |
| 280 | .help_msg = "Secure Partition Package1 file", |
| 281 | .sn = "SPPkg1Hash", |
| 282 | .ln = "SP Pkg1 hash (SHA256)", |
| 283 | .asn1_type = V_ASN1_OCTET_STRING, |
| 284 | .type = EXT_TYPE_HASH, |
| 285 | .optional = 1 |
| 286 | }, |
| 287 | [SP_PKG2_HASH_EXT] = { |
| 288 | .oid = SP_PKG2_HASH_OID, |
| 289 | .opt = "sp-pkg2", |
| 290 | .help_msg = "Secure Partition Package2 file", |
| 291 | .sn = "SPPkg2Hash", |
| 292 | .ln = "SP Pkg2 hash (SHA256)", |
| 293 | .asn1_type = V_ASN1_OCTET_STRING, |
| 294 | .type = EXT_TYPE_HASH, |
| 295 | .optional = 1 |
| 296 | }, |
| 297 | [SP_PKG3_HASH_EXT] = { |
| 298 | .oid = SP_PKG3_HASH_OID, |
| 299 | .opt = "sp-pkg3", |
| 300 | .help_msg = "Secure Partition Package3 file", |
| 301 | .sn = "SPPkg3Hash", |
| 302 | .ln = "SP Pkg3 hash (SHA256)", |
| 303 | .asn1_type = V_ASN1_OCTET_STRING, |
| 304 | .type = EXT_TYPE_HASH, |
| 305 | .optional = 1 |
| 306 | }, |
| 307 | [SP_PKG4_HASH_EXT] = { |
| 308 | .oid = SP_PKG4_HASH_OID, |
| 309 | .opt = "sp-pkg4", |
| 310 | .help_msg = "Secure Partition Package4 file", |
| 311 | .sn = "SPPkg4Hash", |
| 312 | .ln = "SP Pkg4 hash (SHA256)", |
| 313 | .asn1_type = V_ASN1_OCTET_STRING, |
| 314 | .type = EXT_TYPE_HASH, |
| 315 | .optional = 1 |
| 316 | }, |
| 317 | |
| 318 | [PROT_PK_EXT] = { |
| 319 | .oid = PROT_PK_OID, |
| 320 | .sn = "PlatformRoTKey", |
| 321 | .ln = "Platform Root of Trust Public Key", |
| 322 | .asn1_type = V_ASN1_OCTET_STRING, |
| 323 | .type = EXT_TYPE_PKEY, |
| 324 | .attr.key = PROT_KEY |
| 325 | }, |
| 326 | |
| 327 | [PLAT_PK_EXT] = { |
| 328 | .oid = PLAT_PK_OID, |
| 329 | .sn = "PLATKey", |
| 330 | .ln = "Platform Public Key", |
| 331 | .asn1_type = V_ASN1_OCTET_STRING, |
| 332 | .type = EXT_TYPE_PKEY, |
| 333 | .attr.key = PLAT_KEY |
| 334 | }, |
| 335 | |
| 336 | [SP_PKG5_HASH_EXT] = { |
| 337 | .oid = SP_PKG5_HASH_OID, |
| 338 | .opt = "sp-pkg5", |
| 339 | .help_msg = "Secure Partition Package5 file", |
| 340 | .sn = "SPPkg5Hash", |
| 341 | .ln = "SP Pkg5 hash (SHA256)", |
| 342 | .asn1_type = V_ASN1_OCTET_STRING, |
| 343 | .type = EXT_TYPE_HASH, |
| 344 | .optional = 1 |
| 345 | }, |
| 346 | [SP_PKG6_HASH_EXT] = { |
| 347 | .oid = SP_PKG6_HASH_OID, |
| 348 | .opt = "sp-pkg6", |
| 349 | .help_msg = "Secure Partition Package6 file", |
| 350 | .sn = "SPPkg6Hash", |
| 351 | .ln = "SP Pkg6 hash (SHA256)", |
| 352 | .asn1_type = V_ASN1_OCTET_STRING, |
| 353 | .type = EXT_TYPE_HASH, |
| 354 | .optional = 1 |
| 355 | }, |
| 356 | [SP_PKG7_HASH_EXT] = { |
| 357 | .oid = SP_PKG7_HASH_OID, |
| 358 | .opt = "sp-pkg7", |
| 359 | .help_msg = "Secure Partition Package7 file", |
| 360 | .sn = "SPPkg7Hash", |
| 361 | .ln = "SP Pkg7 hash (SHA256)", |
| 362 | .asn1_type = V_ASN1_OCTET_STRING, |
| 363 | .type = EXT_TYPE_HASH, |
| 364 | .optional = 1 |
| 365 | }, |
| 366 | [SP_PKG8_HASH_EXT] = { |
| 367 | .oid = SP_PKG8_HASH_OID, |
| 368 | .opt = "sp-pkg8", |
| 369 | .help_msg = "Secure Partition Package8 file", |
| 370 | .sn = "SPPkg8Hash", |
| 371 | .ln = "SP Pkg8 hash (SHA256)", |
| 372 | .asn1_type = V_ASN1_OCTET_STRING, |
| 373 | .type = EXT_TYPE_HASH, |
| 374 | .optional = 1 |
| 375 | }, |
| 376 | |
| 377 | [NON_TRUSTED_FW_NVCOUNTER_EXT] = { |
| 378 | .oid = NON_TRUSTED_FW_NVCOUNTER_OID, |
| 379 | .opt = "ntfw-nvctr", |
| 380 | .help_msg = "Non-Trusted Firmware Non-Volatile counter value", |
| 381 | .sn = "NormalWorldNVCounter", |
| 382 | .ln = "Non-Trusted Firmware Non-Volatile counter", |
| 383 | .asn1_type = V_ASN1_INTEGER, |
| 384 | .type = EXT_TYPE_NVCOUNTER, |
| 385 | .attr.nvctr_type = NVCTR_TYPE_NTFW |
| 386 | }, |
| 387 | |
| 388 | [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { |
| 389 | .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, |
| 390 | .opt = "nt-fw", |
| 391 | .help_msg = "Non-Trusted World Bootloader image file", |
| 392 | .sn = "NonTrustedWorldBootloaderHash", |
| 393 | .ln = "Non-Trusted World hash (SHA256)", |
| 394 | .asn1_type = V_ASN1_OCTET_STRING, |
| 395 | .type = EXT_TYPE_HASH |
| 396 | }, |
| 397 | |
| 398 | [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { |
| 399 | .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, |
| 400 | .opt = "nt-fw-config", |
| 401 | .help_msg = "Non Trusted OS Firmware Config file", |
| 402 | .sn = "NonTrustedOSFirmwareConfigHash", |
| 403 | .ln = "Non-Trusted OS Firmware Config hash", |
| 404 | .asn1_type = V_ASN1_OCTET_STRING, |
| 405 | .type = EXT_TYPE_HASH, |
| 406 | .optional = 1 |
| 407 | }, |
| 408 | }; |
| 409 | |
| 410 | REGISTER_EXTENSIONS(cot_ext); |
| 411 | |
| 412 | /* Keys used to establish the chain of trust. */ |
| 413 | static key_t cot_keys[] = { |
| 414 | [ROT_KEY] = { |
| 415 | .id = ROT_KEY, |
| 416 | .opt = "rot-key", |
| Robin van der Gracht | 06b5cdb | 2023-09-12 11:16:23 +0200 | [diff] [blame] | 417 | .help_msg = "Root Of Trust key file or PKCS11 URI", |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 418 | .desc = "Root Of Trust key" |
| 419 | }, |
| 420 | |
| 421 | [SWD_ROT_KEY] = { |
| 422 | .id = SWD_ROT_KEY, |
| 423 | .opt = "swd-rot-key", |
| Robin van der Gracht | 06b5cdb | 2023-09-12 11:16:23 +0200 | [diff] [blame] | 424 | .help_msg = "Secure World Root of Trust key file or PKCS11 URI", |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 425 | .desc = "Secure World Root of Trust key" |
| 426 | }, |
| 427 | |
| 428 | [CORE_SWD_KEY] = { |
| 429 | .id = CORE_SWD_KEY, |
| 430 | .opt = "core-swd-key", |
| Robin van der Gracht | 06b5cdb | 2023-09-12 11:16:23 +0200 | [diff] [blame] | 431 | .help_msg = "Core Secure World key file or PKCS11 URI", |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 432 | .desc = "Core Secure World key" |
| 433 | }, |
| 434 | |
| 435 | [PROT_KEY] = { |
| 436 | .id = PROT_KEY, |
| 437 | .opt = "prot-key", |
| Robin van der Gracht | 06b5cdb | 2023-09-12 11:16:23 +0200 | [diff] [blame] | 438 | .help_msg = "Platform Root of Trust key file or PKCS11 URI", |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 439 | .desc = "Platform Root of Trust key" |
| 440 | }, |
| 441 | |
| 442 | [PLAT_KEY] = { |
| 443 | .id = PLAT_KEY, |
| 444 | .opt = "plat-key", |
| Robin van der Gracht | 06b5cdb | 2023-09-12 11:16:23 +0200 | [diff] [blame] | 445 | .help_msg = "Platform key file or PKCS11 URI", |
| laurenw-arm | 1c7c576 | 2022-04-21 16:21:53 -0500 | [diff] [blame] | 446 | .desc = "Platform key" |
| 447 | }, |
| 448 | }; |
| 449 | |
| 450 | REGISTER_KEYS(cot_keys); |