1*0a6bf811Slaurenw-arm /* 2*0a6bf811Slaurenw-arm * Copyright (c) 2022, Arm Limited. All rights reserved. 3*0a6bf811Slaurenw-arm * 4*0a6bf811Slaurenw-arm * SPDX-License-Identifier: BSD-3-Clause 5*0a6bf811Slaurenw-arm */ 6*0a6bf811Slaurenw-arm 7*0a6bf811Slaurenw-arm #include "cca/cca_cot.h" 8*0a6bf811Slaurenw-arm 9*0a6bf811Slaurenw-arm #include <cca_oid.h> 10*0a6bf811Slaurenw-arm 11*0a6bf811Slaurenw-arm #include "cert.h" 12*0a6bf811Slaurenw-arm #include "ext.h" 13*0a6bf811Slaurenw-arm #include "key.h" 14*0a6bf811Slaurenw-arm 15*0a6bf811Slaurenw-arm /* 16*0a6bf811Slaurenw-arm * Certificates used in the chain of trust. 17*0a6bf811Slaurenw-arm * 18*0a6bf811Slaurenw-arm * All certificates are self-signed so the issuer certificate field points to 19*0a6bf811Slaurenw-arm * itself. 20*0a6bf811Slaurenw-arm */ 21*0a6bf811Slaurenw-arm static cert_t cot_certs[] = { 22*0a6bf811Slaurenw-arm [CCA_CONTENT_CERT] = { 23*0a6bf811Slaurenw-arm .id = CCA_CONTENT_CERT, 24*0a6bf811Slaurenw-arm .opt = "cca-cert", 25*0a6bf811Slaurenw-arm .help_msg = "CCA Content Certificate (output file)", 26*0a6bf811Slaurenw-arm .cn = "CCA Content Certificate", 27*0a6bf811Slaurenw-arm .key = ROT_KEY, 28*0a6bf811Slaurenw-arm .issuer = CCA_CONTENT_CERT, 29*0a6bf811Slaurenw-arm .ext = { 30*0a6bf811Slaurenw-arm TRUSTED_FW_NVCOUNTER_EXT, 31*0a6bf811Slaurenw-arm SOC_AP_FW_HASH_EXT, 32*0a6bf811Slaurenw-arm SOC_FW_CONFIG_HASH_EXT, 33*0a6bf811Slaurenw-arm RMM_HASH_EXT, 34*0a6bf811Slaurenw-arm TRUSTED_BOOT_FW_HASH_EXT, 35*0a6bf811Slaurenw-arm TRUSTED_BOOT_FW_CONFIG_HASH_EXT, 36*0a6bf811Slaurenw-arm HW_CONFIG_HASH_EXT, 37*0a6bf811Slaurenw-arm FW_CONFIG_HASH_EXT, 38*0a6bf811Slaurenw-arm }, 39*0a6bf811Slaurenw-arm .num_ext = 8 40*0a6bf811Slaurenw-arm }, 41*0a6bf811Slaurenw-arm 42*0a6bf811Slaurenw-arm [CORE_SWD_KEY_CERT] = { 43*0a6bf811Slaurenw-arm .id = CORE_SWD_KEY_CERT, 44*0a6bf811Slaurenw-arm .opt = "core-swd-cert", 45*0a6bf811Slaurenw-arm .help_msg = "Core Secure World Key Certificate (output file)", 46*0a6bf811Slaurenw-arm .cn = "Core Secure World Key Certificate", 47*0a6bf811Slaurenw-arm .key = SWD_ROT_KEY, 48*0a6bf811Slaurenw-arm .issuer = CORE_SWD_KEY_CERT, 49*0a6bf811Slaurenw-arm .ext = { 50*0a6bf811Slaurenw-arm TRUSTED_FW_NVCOUNTER_EXT, 51*0a6bf811Slaurenw-arm SWD_ROT_PK_EXT, 52*0a6bf811Slaurenw-arm CORE_SWD_PK_EXT, 53*0a6bf811Slaurenw-arm }, 54*0a6bf811Slaurenw-arm .num_ext = 3 55*0a6bf811Slaurenw-arm }, 56*0a6bf811Slaurenw-arm 57*0a6bf811Slaurenw-arm [SPMC_CONTENT_CERT] = { 58*0a6bf811Slaurenw-arm .id = SPMC_CONTENT_CERT, 59*0a6bf811Slaurenw-arm .opt = "tos-fw-cert", 60*0a6bf811Slaurenw-arm .help_msg = "SPMC Content Certificate (output file)", 61*0a6bf811Slaurenw-arm .cn = "SPMC Content Certificate", 62*0a6bf811Slaurenw-arm .key = CORE_SWD_KEY, 63*0a6bf811Slaurenw-arm .issuer = SPMC_CONTENT_CERT, 64*0a6bf811Slaurenw-arm .ext = { 65*0a6bf811Slaurenw-arm TRUSTED_FW_NVCOUNTER_EXT, 66*0a6bf811Slaurenw-arm TRUSTED_OS_FW_HASH_EXT, 67*0a6bf811Slaurenw-arm TRUSTED_OS_FW_CONFIG_HASH_EXT, 68*0a6bf811Slaurenw-arm }, 69*0a6bf811Slaurenw-arm .num_ext = 3 70*0a6bf811Slaurenw-arm }, 71*0a6bf811Slaurenw-arm 72*0a6bf811Slaurenw-arm [SIP_SECURE_PARTITION_CONTENT_CERT] = { 73*0a6bf811Slaurenw-arm .id = SIP_SECURE_PARTITION_CONTENT_CERT, 74*0a6bf811Slaurenw-arm .opt = "sip-sp-cert", 75*0a6bf811Slaurenw-arm .help_msg = "SiP owned Secure Partition Content Certificate (output file)", 76*0a6bf811Slaurenw-arm .cn = "SiP owned Secure Partition Content Certificate", 77*0a6bf811Slaurenw-arm .key = CORE_SWD_KEY, 78*0a6bf811Slaurenw-arm .issuer = SIP_SECURE_PARTITION_CONTENT_CERT, 79*0a6bf811Slaurenw-arm .ext = { 80*0a6bf811Slaurenw-arm TRUSTED_FW_NVCOUNTER_EXT, 81*0a6bf811Slaurenw-arm SP_PKG1_HASH_EXT, 82*0a6bf811Slaurenw-arm SP_PKG2_HASH_EXT, 83*0a6bf811Slaurenw-arm SP_PKG3_HASH_EXT, 84*0a6bf811Slaurenw-arm SP_PKG4_HASH_EXT, 85*0a6bf811Slaurenw-arm }, 86*0a6bf811Slaurenw-arm .num_ext = 5 87*0a6bf811Slaurenw-arm }, 88*0a6bf811Slaurenw-arm 89*0a6bf811Slaurenw-arm [PLAT_KEY_CERT] = { 90*0a6bf811Slaurenw-arm .id = PLAT_KEY_CERT, 91*0a6bf811Slaurenw-arm .opt = "plat-key-cert", 92*0a6bf811Slaurenw-arm .help_msg = "Platform Key Certificate (output file)", 93*0a6bf811Slaurenw-arm .cn = "Platform Key Certificate", 94*0a6bf811Slaurenw-arm .key = PROT_KEY, 95*0a6bf811Slaurenw-arm .issuer = PLAT_KEY_CERT, 96*0a6bf811Slaurenw-arm .ext = { 97*0a6bf811Slaurenw-arm NON_TRUSTED_FW_NVCOUNTER_EXT, 98*0a6bf811Slaurenw-arm PROT_PK_EXT, 99*0a6bf811Slaurenw-arm PLAT_PK_EXT, 100*0a6bf811Slaurenw-arm }, 101*0a6bf811Slaurenw-arm .num_ext = 3 102*0a6bf811Slaurenw-arm }, 103*0a6bf811Slaurenw-arm 104*0a6bf811Slaurenw-arm [PLAT_SECURE_PARTITION_CONTENT_CERT] = { 105*0a6bf811Slaurenw-arm .id = PLAT_SECURE_PARTITION_CONTENT_CERT, 106*0a6bf811Slaurenw-arm .opt = "plat-sp-cert", 107*0a6bf811Slaurenw-arm .help_msg = "Platform owned Secure Partition Content Certificate (output file)", 108*0a6bf811Slaurenw-arm .cn = "Platform owned Secure Partition Content Certificate", 109*0a6bf811Slaurenw-arm .key = PLAT_KEY, 110*0a6bf811Slaurenw-arm .issuer = PLAT_SECURE_PARTITION_CONTENT_CERT, 111*0a6bf811Slaurenw-arm .ext = { 112*0a6bf811Slaurenw-arm NON_TRUSTED_FW_NVCOUNTER_EXT, 113*0a6bf811Slaurenw-arm SP_PKG5_HASH_EXT, 114*0a6bf811Slaurenw-arm SP_PKG6_HASH_EXT, 115*0a6bf811Slaurenw-arm SP_PKG7_HASH_EXT, 116*0a6bf811Slaurenw-arm SP_PKG8_HASH_EXT, 117*0a6bf811Slaurenw-arm }, 118*0a6bf811Slaurenw-arm .num_ext = 5 119*0a6bf811Slaurenw-arm }, 120*0a6bf811Slaurenw-arm 121*0a6bf811Slaurenw-arm [NON_TRUSTED_FW_CONTENT_CERT] = { 122*0a6bf811Slaurenw-arm .id = NON_TRUSTED_FW_CONTENT_CERT, 123*0a6bf811Slaurenw-arm .opt = "nt-fw-cert", 124*0a6bf811Slaurenw-arm .help_msg = "Non-Trusted Firmware Content Certificate (output file)", 125*0a6bf811Slaurenw-arm .cn = "Non-Trusted Firmware Content Certificate", 126*0a6bf811Slaurenw-arm .key = PLAT_KEY, 127*0a6bf811Slaurenw-arm .issuer = NON_TRUSTED_FW_CONTENT_CERT, 128*0a6bf811Slaurenw-arm .ext = { 129*0a6bf811Slaurenw-arm NON_TRUSTED_FW_NVCOUNTER_EXT, 130*0a6bf811Slaurenw-arm NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, 131*0a6bf811Slaurenw-arm NON_TRUSTED_FW_CONFIG_HASH_EXT, 132*0a6bf811Slaurenw-arm }, 133*0a6bf811Slaurenw-arm .num_ext = 3 134*0a6bf811Slaurenw-arm }, 135*0a6bf811Slaurenw-arm }; 136*0a6bf811Slaurenw-arm 137*0a6bf811Slaurenw-arm REGISTER_COT(cot_certs); 138*0a6bf811Slaurenw-arm 139*0a6bf811Slaurenw-arm 140*0a6bf811Slaurenw-arm /* Certificate extensions. */ 141*0a6bf811Slaurenw-arm static ext_t cot_ext[] = { 142*0a6bf811Slaurenw-arm [TRUSTED_FW_NVCOUNTER_EXT] = { 143*0a6bf811Slaurenw-arm .oid = TRUSTED_FW_NVCOUNTER_OID, 144*0a6bf811Slaurenw-arm .opt = "tfw-nvctr", 145*0a6bf811Slaurenw-arm .help_msg = "Trusted Firmware Non-Volatile counter value", 146*0a6bf811Slaurenw-arm .sn = "TrustedWorldNVCounter", 147*0a6bf811Slaurenw-arm .ln = "Trusted World Non-Volatile counter", 148*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_INTEGER, 149*0a6bf811Slaurenw-arm .type = EXT_TYPE_NVCOUNTER, 150*0a6bf811Slaurenw-arm .attr.nvctr_type = NVCTR_TYPE_TFW 151*0a6bf811Slaurenw-arm }, 152*0a6bf811Slaurenw-arm 153*0a6bf811Slaurenw-arm [TRUSTED_BOOT_FW_HASH_EXT] = { 154*0a6bf811Slaurenw-arm .oid = TRUSTED_BOOT_FW_HASH_OID, 155*0a6bf811Slaurenw-arm .opt = "tb-fw", 156*0a6bf811Slaurenw-arm .help_msg = "Trusted Boot Firmware image file", 157*0a6bf811Slaurenw-arm .sn = "TrustedBootFirmwareHash", 158*0a6bf811Slaurenw-arm .ln = "Trusted Boot Firmware hash (SHA256)", 159*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 160*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH 161*0a6bf811Slaurenw-arm }, 162*0a6bf811Slaurenw-arm 163*0a6bf811Slaurenw-arm [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { 164*0a6bf811Slaurenw-arm .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, 165*0a6bf811Slaurenw-arm .opt = "tb-fw-config", 166*0a6bf811Slaurenw-arm .help_msg = "Trusted Boot Firmware Config file", 167*0a6bf811Slaurenw-arm .sn = "TrustedBootFirmwareConfigHash", 168*0a6bf811Slaurenw-arm .ln = "Trusted Boot Firmware Config hash", 169*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 170*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 171*0a6bf811Slaurenw-arm .optional = 1 172*0a6bf811Slaurenw-arm }, 173*0a6bf811Slaurenw-arm 174*0a6bf811Slaurenw-arm [HW_CONFIG_HASH_EXT] = { 175*0a6bf811Slaurenw-arm .oid = HW_CONFIG_HASH_OID, 176*0a6bf811Slaurenw-arm .opt = "hw-config", 177*0a6bf811Slaurenw-arm .help_msg = "HW Config file", 178*0a6bf811Slaurenw-arm .sn = "HWConfigHash", 179*0a6bf811Slaurenw-arm .ln = "HW Config hash", 180*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 181*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 182*0a6bf811Slaurenw-arm .optional = 1 183*0a6bf811Slaurenw-arm }, 184*0a6bf811Slaurenw-arm 185*0a6bf811Slaurenw-arm [FW_CONFIG_HASH_EXT] = { 186*0a6bf811Slaurenw-arm .oid = FW_CONFIG_HASH_OID, 187*0a6bf811Slaurenw-arm .opt = "fw-config", 188*0a6bf811Slaurenw-arm .help_msg = "Firmware Config file", 189*0a6bf811Slaurenw-arm .sn = "FirmwareConfigHash", 190*0a6bf811Slaurenw-arm .ln = "Firmware Config hash", 191*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 192*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 193*0a6bf811Slaurenw-arm .optional = 1 194*0a6bf811Slaurenw-arm }, 195*0a6bf811Slaurenw-arm 196*0a6bf811Slaurenw-arm [SWD_ROT_PK_EXT] = { 197*0a6bf811Slaurenw-arm .oid = SWD_ROT_PK_OID, 198*0a6bf811Slaurenw-arm .sn = "SWDRoTKey", 199*0a6bf811Slaurenw-arm .ln = "Secure World Root of Trust Public Key", 200*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 201*0a6bf811Slaurenw-arm .type = EXT_TYPE_PKEY, 202*0a6bf811Slaurenw-arm .attr.key = SWD_ROT_KEY 203*0a6bf811Slaurenw-arm }, 204*0a6bf811Slaurenw-arm 205*0a6bf811Slaurenw-arm [CORE_SWD_PK_EXT] = { 206*0a6bf811Slaurenw-arm .oid = CORE_SWD_PK_OID, 207*0a6bf811Slaurenw-arm .sn = "CORESWDKey", 208*0a6bf811Slaurenw-arm .ln = "Core Secure World Public Key", 209*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 210*0a6bf811Slaurenw-arm .type = EXT_TYPE_PKEY, 211*0a6bf811Slaurenw-arm .attr.key = CORE_SWD_KEY 212*0a6bf811Slaurenw-arm }, 213*0a6bf811Slaurenw-arm 214*0a6bf811Slaurenw-arm [SOC_AP_FW_HASH_EXT] = { 215*0a6bf811Slaurenw-arm .oid = SOC_AP_FW_HASH_OID, 216*0a6bf811Slaurenw-arm .opt = "soc-fw", 217*0a6bf811Slaurenw-arm .help_msg = "SoC AP Firmware image file", 218*0a6bf811Slaurenw-arm .sn = "SoCAPFirmwareHash", 219*0a6bf811Slaurenw-arm .ln = "SoC AP Firmware hash (SHA256)", 220*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 221*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH 222*0a6bf811Slaurenw-arm }, 223*0a6bf811Slaurenw-arm 224*0a6bf811Slaurenw-arm [SOC_FW_CONFIG_HASH_EXT] = { 225*0a6bf811Slaurenw-arm .oid = SOC_FW_CONFIG_HASH_OID, 226*0a6bf811Slaurenw-arm .opt = "soc-fw-config", 227*0a6bf811Slaurenw-arm .help_msg = "SoC Firmware Config file", 228*0a6bf811Slaurenw-arm .sn = "SocFirmwareConfigHash", 229*0a6bf811Slaurenw-arm .ln = "SoC Firmware Config hash", 230*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 231*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 232*0a6bf811Slaurenw-arm .optional = 1 233*0a6bf811Slaurenw-arm }, 234*0a6bf811Slaurenw-arm 235*0a6bf811Slaurenw-arm [RMM_HASH_EXT] = { 236*0a6bf811Slaurenw-arm .oid = RMM_HASH_OID, 237*0a6bf811Slaurenw-arm .opt = "rmm-fw", 238*0a6bf811Slaurenw-arm .help_msg = "RMM Firmware image file", 239*0a6bf811Slaurenw-arm .sn = "RMMFirmwareHash", 240*0a6bf811Slaurenw-arm .ln = "RMM Firmware hash (SHA256)", 241*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 242*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH 243*0a6bf811Slaurenw-arm }, 244*0a6bf811Slaurenw-arm 245*0a6bf811Slaurenw-arm [TRUSTED_OS_FW_HASH_EXT] = { 246*0a6bf811Slaurenw-arm .oid = TRUSTED_OS_FW_HASH_OID, 247*0a6bf811Slaurenw-arm .opt = "tos-fw", 248*0a6bf811Slaurenw-arm .help_msg = "Trusted OS image file", 249*0a6bf811Slaurenw-arm .sn = "TrustedOSHash", 250*0a6bf811Slaurenw-arm .ln = "Trusted OS hash (SHA256)", 251*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 252*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH 253*0a6bf811Slaurenw-arm }, 254*0a6bf811Slaurenw-arm 255*0a6bf811Slaurenw-arm [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { 256*0a6bf811Slaurenw-arm .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, 257*0a6bf811Slaurenw-arm .opt = "tos-fw-config", 258*0a6bf811Slaurenw-arm .help_msg = "Trusted OS Firmware Config file", 259*0a6bf811Slaurenw-arm .sn = "TrustedOSFirmwareConfigHash", 260*0a6bf811Slaurenw-arm .ln = "Trusted OS Firmware Config hash", 261*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 262*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 263*0a6bf811Slaurenw-arm .optional = 1 264*0a6bf811Slaurenw-arm }, 265*0a6bf811Slaurenw-arm 266*0a6bf811Slaurenw-arm [SP_PKG1_HASH_EXT] = { 267*0a6bf811Slaurenw-arm .oid = SP_PKG1_HASH_OID, 268*0a6bf811Slaurenw-arm .opt = "sp-pkg1", 269*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package1 file", 270*0a6bf811Slaurenw-arm .sn = "SPPkg1Hash", 271*0a6bf811Slaurenw-arm .ln = "SP Pkg1 hash (SHA256)", 272*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 273*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 274*0a6bf811Slaurenw-arm .optional = 1 275*0a6bf811Slaurenw-arm }, 276*0a6bf811Slaurenw-arm [SP_PKG2_HASH_EXT] = { 277*0a6bf811Slaurenw-arm .oid = SP_PKG2_HASH_OID, 278*0a6bf811Slaurenw-arm .opt = "sp-pkg2", 279*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package2 file", 280*0a6bf811Slaurenw-arm .sn = "SPPkg2Hash", 281*0a6bf811Slaurenw-arm .ln = "SP Pkg2 hash (SHA256)", 282*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 283*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 284*0a6bf811Slaurenw-arm .optional = 1 285*0a6bf811Slaurenw-arm }, 286*0a6bf811Slaurenw-arm [SP_PKG3_HASH_EXT] = { 287*0a6bf811Slaurenw-arm .oid = SP_PKG3_HASH_OID, 288*0a6bf811Slaurenw-arm .opt = "sp-pkg3", 289*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package3 file", 290*0a6bf811Slaurenw-arm .sn = "SPPkg3Hash", 291*0a6bf811Slaurenw-arm .ln = "SP Pkg3 hash (SHA256)", 292*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 293*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 294*0a6bf811Slaurenw-arm .optional = 1 295*0a6bf811Slaurenw-arm }, 296*0a6bf811Slaurenw-arm [SP_PKG4_HASH_EXT] = { 297*0a6bf811Slaurenw-arm .oid = SP_PKG4_HASH_OID, 298*0a6bf811Slaurenw-arm .opt = "sp-pkg4", 299*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package4 file", 300*0a6bf811Slaurenw-arm .sn = "SPPkg4Hash", 301*0a6bf811Slaurenw-arm .ln = "SP Pkg4 hash (SHA256)", 302*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 303*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 304*0a6bf811Slaurenw-arm .optional = 1 305*0a6bf811Slaurenw-arm }, 306*0a6bf811Slaurenw-arm 307*0a6bf811Slaurenw-arm [PROT_PK_EXT] = { 308*0a6bf811Slaurenw-arm .oid = PROT_PK_OID, 309*0a6bf811Slaurenw-arm .sn = "PlatformRoTKey", 310*0a6bf811Slaurenw-arm .ln = "Platform Root of Trust Public Key", 311*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 312*0a6bf811Slaurenw-arm .type = EXT_TYPE_PKEY, 313*0a6bf811Slaurenw-arm .attr.key = PROT_KEY 314*0a6bf811Slaurenw-arm }, 315*0a6bf811Slaurenw-arm 316*0a6bf811Slaurenw-arm [PLAT_PK_EXT] = { 317*0a6bf811Slaurenw-arm .oid = PLAT_PK_OID, 318*0a6bf811Slaurenw-arm .sn = "PLATKey", 319*0a6bf811Slaurenw-arm .ln = "Platform Public Key", 320*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 321*0a6bf811Slaurenw-arm .type = EXT_TYPE_PKEY, 322*0a6bf811Slaurenw-arm .attr.key = PLAT_KEY 323*0a6bf811Slaurenw-arm }, 324*0a6bf811Slaurenw-arm 325*0a6bf811Slaurenw-arm [SP_PKG5_HASH_EXT] = { 326*0a6bf811Slaurenw-arm .oid = SP_PKG5_HASH_OID, 327*0a6bf811Slaurenw-arm .opt = "sp-pkg5", 328*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package5 file", 329*0a6bf811Slaurenw-arm .sn = "SPPkg5Hash", 330*0a6bf811Slaurenw-arm .ln = "SP Pkg5 hash (SHA256)", 331*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 332*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 333*0a6bf811Slaurenw-arm .optional = 1 334*0a6bf811Slaurenw-arm }, 335*0a6bf811Slaurenw-arm [SP_PKG6_HASH_EXT] = { 336*0a6bf811Slaurenw-arm .oid = SP_PKG6_HASH_OID, 337*0a6bf811Slaurenw-arm .opt = "sp-pkg6", 338*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package6 file", 339*0a6bf811Slaurenw-arm .sn = "SPPkg6Hash", 340*0a6bf811Slaurenw-arm .ln = "SP Pkg6 hash (SHA256)", 341*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 342*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 343*0a6bf811Slaurenw-arm .optional = 1 344*0a6bf811Slaurenw-arm }, 345*0a6bf811Slaurenw-arm [SP_PKG7_HASH_EXT] = { 346*0a6bf811Slaurenw-arm .oid = SP_PKG7_HASH_OID, 347*0a6bf811Slaurenw-arm .opt = "sp-pkg7", 348*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package7 file", 349*0a6bf811Slaurenw-arm .sn = "SPPkg7Hash", 350*0a6bf811Slaurenw-arm .ln = "SP Pkg7 hash (SHA256)", 351*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 352*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 353*0a6bf811Slaurenw-arm .optional = 1 354*0a6bf811Slaurenw-arm }, 355*0a6bf811Slaurenw-arm [SP_PKG8_HASH_EXT] = { 356*0a6bf811Slaurenw-arm .oid = SP_PKG8_HASH_OID, 357*0a6bf811Slaurenw-arm .opt = "sp-pkg8", 358*0a6bf811Slaurenw-arm .help_msg = "Secure Partition Package8 file", 359*0a6bf811Slaurenw-arm .sn = "SPPkg8Hash", 360*0a6bf811Slaurenw-arm .ln = "SP Pkg8 hash (SHA256)", 361*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 362*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 363*0a6bf811Slaurenw-arm .optional = 1 364*0a6bf811Slaurenw-arm }, 365*0a6bf811Slaurenw-arm 366*0a6bf811Slaurenw-arm [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 367*0a6bf811Slaurenw-arm .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 368*0a6bf811Slaurenw-arm .opt = "ntfw-nvctr", 369*0a6bf811Slaurenw-arm .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 370*0a6bf811Slaurenw-arm .sn = "NormalWorldNVCounter", 371*0a6bf811Slaurenw-arm .ln = "Non-Trusted Firmware Non-Volatile counter", 372*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_INTEGER, 373*0a6bf811Slaurenw-arm .type = EXT_TYPE_NVCOUNTER, 374*0a6bf811Slaurenw-arm .attr.nvctr_type = NVCTR_TYPE_NTFW 375*0a6bf811Slaurenw-arm }, 376*0a6bf811Slaurenw-arm 377*0a6bf811Slaurenw-arm [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 378*0a6bf811Slaurenw-arm .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 379*0a6bf811Slaurenw-arm .opt = "nt-fw", 380*0a6bf811Slaurenw-arm .help_msg = "Non-Trusted World Bootloader image file", 381*0a6bf811Slaurenw-arm .sn = "NonTrustedWorldBootloaderHash", 382*0a6bf811Slaurenw-arm .ln = "Non-Trusted World hash (SHA256)", 383*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 384*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH 385*0a6bf811Slaurenw-arm }, 386*0a6bf811Slaurenw-arm 387*0a6bf811Slaurenw-arm [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { 388*0a6bf811Slaurenw-arm .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, 389*0a6bf811Slaurenw-arm .opt = "nt-fw-config", 390*0a6bf811Slaurenw-arm .help_msg = "Non Trusted OS Firmware Config file", 391*0a6bf811Slaurenw-arm .sn = "NonTrustedOSFirmwareConfigHash", 392*0a6bf811Slaurenw-arm .ln = "Non-Trusted OS Firmware Config hash", 393*0a6bf811Slaurenw-arm .asn1_type = V_ASN1_OCTET_STRING, 394*0a6bf811Slaurenw-arm .type = EXT_TYPE_HASH, 395*0a6bf811Slaurenw-arm .optional = 1 396*0a6bf811Slaurenw-arm }, 397*0a6bf811Slaurenw-arm }; 398*0a6bf811Slaurenw-arm 399*0a6bf811Slaurenw-arm REGISTER_EXTENSIONS(cot_ext); 400*0a6bf811Slaurenw-arm 401*0a6bf811Slaurenw-arm /* Keys used to establish the chain of trust. */ 402*0a6bf811Slaurenw-arm static key_t cot_keys[] = { 403*0a6bf811Slaurenw-arm [ROT_KEY] = { 404*0a6bf811Slaurenw-arm .id = ROT_KEY, 405*0a6bf811Slaurenw-arm .opt = "rot-key", 406*0a6bf811Slaurenw-arm .help_msg = "Root Of Trust key (input/output file)", 407*0a6bf811Slaurenw-arm .desc = "Root Of Trust key" 408*0a6bf811Slaurenw-arm }, 409*0a6bf811Slaurenw-arm 410*0a6bf811Slaurenw-arm [SWD_ROT_KEY] = { 411*0a6bf811Slaurenw-arm .id = SWD_ROT_KEY, 412*0a6bf811Slaurenw-arm .opt = "swd-rot-key", 413*0a6bf811Slaurenw-arm .help_msg = "Secure World Root of Trust key", 414*0a6bf811Slaurenw-arm .desc = "Secure World Root of Trust key" 415*0a6bf811Slaurenw-arm }, 416*0a6bf811Slaurenw-arm 417*0a6bf811Slaurenw-arm [CORE_SWD_KEY] = { 418*0a6bf811Slaurenw-arm .id = CORE_SWD_KEY, 419*0a6bf811Slaurenw-arm .opt = "core-swd-key", 420*0a6bf811Slaurenw-arm .help_msg = "Core Secure World key", 421*0a6bf811Slaurenw-arm .desc = "Core Secure World key" 422*0a6bf811Slaurenw-arm }, 423*0a6bf811Slaurenw-arm 424*0a6bf811Slaurenw-arm [PROT_KEY] = { 425*0a6bf811Slaurenw-arm .id = PROT_KEY, 426*0a6bf811Slaurenw-arm .opt = "prot-key", 427*0a6bf811Slaurenw-arm .help_msg = "Platform Root of Trust key", 428*0a6bf811Slaurenw-arm .desc = "Platform Root of Trust key" 429*0a6bf811Slaurenw-arm }, 430*0a6bf811Slaurenw-arm 431*0a6bf811Slaurenw-arm [PLAT_KEY] = { 432*0a6bf811Slaurenw-arm .id = PLAT_KEY, 433*0a6bf811Slaurenw-arm .opt = "plat-key", 434*0a6bf811Slaurenw-arm .help_msg = "Platform key", 435*0a6bf811Slaurenw-arm .desc = "Platform key" 436*0a6bf811Slaurenw-arm }, 437*0a6bf811Slaurenw-arm }; 438*0a6bf811Slaurenw-arm 439*0a6bf811Slaurenw-arm REGISTER_KEYS(cot_keys); 440