1 /* 2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * Redistributions of source code must retain the above copyright notice, this 8 * list of conditions and the following disclaimer. 9 * 10 * Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * Neither the name of ARM nor the names of its contributors may be used 15 * to endorse or promote products derived from this software without specific 16 * prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "tbbr/tbb_cert.h" 32 #include "tbbr/tbb_ext.h" 33 #include "tbbr/tbb_key.h" 34 35 /* 36 * Certificates used in the chain of trust 37 * 38 * The order of the certificates must follow the enumeration specified in 39 * tbb_cert.h. All certificates are self-signed, so the issuer certificate 40 * field points to itself. 41 */ 42 static cert_t tbb_certs[] = { 43 [TRUSTED_BOOT_FW_CERT] = { 44 .id = TRUSTED_BOOT_FW_CERT, 45 .opt = "tb-fw-cert", 46 .help_msg = "Trusted Boot FW Certificate (output file)", 47 .fn = NULL, 48 .cn = "Trusted Boot FW Certificate", 49 .key = ROT_KEY, 50 .issuer = TRUSTED_BOOT_FW_CERT, 51 .ext = { 52 TRUSTED_BOOT_FW_HASH_EXT 53 }, 54 .num_ext = 1 55 }, 56 [TRUSTED_KEY_CERT] = { 57 .id = TRUSTED_KEY_CERT, 58 .opt = "trusted-key-cert", 59 .help_msg = "Trusted Key Certificate (output file)", 60 .fn = NULL, 61 .cn = "Trusted Key Certificate", 62 .key = ROT_KEY, 63 .issuer = TRUSTED_KEY_CERT, 64 .ext = { 65 TRUSTED_WORLD_PK_EXT, 66 NON_TRUSTED_WORLD_PK_EXT 67 }, 68 .num_ext = 2 69 }, 70 [SCP_FW_KEY_CERT] = { 71 .id = SCP_FW_KEY_CERT, 72 .opt = "scp-fw-key-cert", 73 .help_msg = "SCP Firmware Key Certificate (output file)", 74 .fn = NULL, 75 .cn = "SCP Firmware Key Certificate", 76 .key = TRUSTED_WORLD_KEY, 77 .issuer = SCP_FW_KEY_CERT, 78 .ext = { 79 SCP_FW_CONTENT_CERT_PK_EXT 80 }, 81 .num_ext = 1 82 }, 83 [SCP_FW_CONTENT_CERT] = { 84 .id = SCP_FW_CONTENT_CERT, 85 .opt = "scp-fw-cert", 86 .help_msg = "SCP Firmware Content Certificate (output file)", 87 .fn = NULL, 88 .cn = "SCP Firmware Content Certificate", 89 .key = SCP_FW_CONTENT_CERT_KEY, 90 .issuer = SCP_FW_CONTENT_CERT, 91 .ext = { 92 SCP_FW_HASH_EXT 93 }, 94 .num_ext = 1 95 }, 96 [SOC_FW_KEY_CERT] = { 97 .id = SOC_FW_KEY_CERT, 98 .opt = "soc-fw-key-cert", 99 .help_msg = "SoC Firmware Key Certificate (output file)", 100 .fn = NULL, 101 .cn = "SoC Firmware Key Certificate", 102 .key = TRUSTED_WORLD_KEY, 103 .issuer = SOC_FW_KEY_CERT, 104 .ext = { 105 SOC_FW_CONTENT_CERT_PK_EXT 106 }, 107 .num_ext = 1 108 }, 109 [SOC_FW_CONTENT_CERT] = { 110 .id = SOC_FW_CONTENT_CERT, 111 .opt = "soc-fw-cert", 112 .help_msg = "SoC Firmware Content Certificate (output file)", 113 .fn = NULL, 114 .cn = "SoC Firmware Content Certificate", 115 .key = SOC_FW_CONTENT_CERT_KEY, 116 .issuer = SOC_FW_CONTENT_CERT, 117 .ext = { 118 SOC_AP_FW_HASH_EXT 119 }, 120 .num_ext = 1 121 }, 122 [TRUSTED_OS_FW_KEY_CERT] = { 123 .id = TRUSTED_OS_FW_KEY_CERT, 124 .opt = "tos-fw-key-cert", 125 .help_msg = "Trusted OS Firmware Key Certificate (output file)", 126 .fn = NULL, 127 .cn = "Trusted OS Firmware Key Certificate", 128 .key = TRUSTED_WORLD_KEY, 129 .issuer = TRUSTED_OS_FW_KEY_CERT, 130 .ext = { 131 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT 132 }, 133 .num_ext = 1 134 }, 135 [TRUSTED_OS_FW_CONTENT_CERT] = { 136 .id = TRUSTED_OS_FW_CONTENT_CERT, 137 .opt = "tos-fw-cert", 138 .help_msg = "Trusted OS Firmware Content Certificate (output file)", 139 .fn = NULL, 140 .cn = "Trusted OS Firmware Content Certificate", 141 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY, 142 .issuer = TRUSTED_OS_FW_CONTENT_CERT, 143 .ext = { 144 TRUSTED_OS_FW_HASH_EXT 145 }, 146 .num_ext = 1 147 }, 148 [NON_TRUSTED_FW_KEY_CERT] = { 149 .id = NON_TRUSTED_FW_KEY_CERT, 150 .opt = "nt-fw-key-cert", 151 .help_msg = "Non-Trusted Firmware Key Certificate (output file)", 152 .fn = NULL, 153 .cn = "Non-Trusted Firmware Key Certificate", 154 .key = NON_TRUSTED_WORLD_KEY, 155 .issuer = NON_TRUSTED_FW_KEY_CERT, 156 .ext = { 157 NON_TRUSTED_FW_CONTENT_CERT_PK_EXT 158 }, 159 .num_ext = 1 160 }, 161 [NON_TRUSTED_FW_CONTENT_CERT] = { 162 .id = NON_TRUSTED_FW_CONTENT_CERT, 163 .opt = "nt-fw-cert", 164 .help_msg = "Non-Trusted Firmware Content Certificate (output file)", 165 .fn = NULL, 166 .cn = "Non-Trusted Firmware Content Certificate", 167 .key = NON_TRUSTED_FW_CONTENT_CERT_KEY, 168 .issuer = NON_TRUSTED_FW_CONTENT_CERT, 169 .ext = { 170 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT 171 }, 172 .num_ext = 1 173 }, 174 [FWU_CERT] = { 175 .id = FWU_CERT, 176 .opt = "fwu-cert", 177 .help_msg = "Firmware Update Certificate (output file)", 178 .fn = NULL, 179 .cn = "Firmware Update Certificate", 180 .key = ROT_KEY, 181 .issuer = FWU_CERT, 182 .ext = { 183 SCP_FWU_CFG_HASH_EXT, 184 AP_FWU_CFG_HASH_EXT, 185 FWU_HASH_EXT 186 }, 187 .num_ext = 3 188 } 189 }; 190 191 REGISTER_COT(tbb_certs); 192