xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_cert.c (revision 82cb2c1ad9897473743f08437d0a3995bed561b9) 
1 /*
2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include "tbbr/tbb_cert.h"
8 #include "tbbr/tbb_ext.h"
9 #include "tbbr/tbb_key.h"
10 
11 /*
12  * Certificates used in the chain of trust
13  *
14  * The order of the certificates must follow the enumeration specified in
15  * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16  * field points to itself.
17  */
18 static cert_t tbb_certs[] = {
19 	[TRUSTED_BOOT_FW_CERT] = {
20 		.id = TRUSTED_BOOT_FW_CERT,
21 		.opt = "tb-fw-cert",
22 		.help_msg = "Trusted Boot FW Certificate (output file)",
23 		.fn = NULL,
24 		.cn = "Trusted Boot FW Certificate",
25 		.key = ROT_KEY,
26 		.issuer = TRUSTED_BOOT_FW_CERT,
27 		.ext = {
28 			TRUSTED_FW_NVCOUNTER_EXT,
29 			TRUSTED_BOOT_FW_HASH_EXT
30 		},
31 		.num_ext = 2
32 	},
33 	[TRUSTED_KEY_CERT] = {
34 		.id = TRUSTED_KEY_CERT,
35 		.opt = "trusted-key-cert",
36 		.help_msg = "Trusted Key Certificate (output file)",
37 		.fn = NULL,
38 		.cn = "Trusted Key Certificate",
39 		.key = ROT_KEY,
40 		.issuer = TRUSTED_KEY_CERT,
41 		.ext = {
42 			TRUSTED_FW_NVCOUNTER_EXT,
43 			TRUSTED_WORLD_PK_EXT,
44 			NON_TRUSTED_WORLD_PK_EXT
45 		},
46 		.num_ext = 3
47 	},
48 	[SCP_FW_KEY_CERT] = {
49 		.id = SCP_FW_KEY_CERT,
50 		.opt = "scp-fw-key-cert",
51 		.help_msg = "SCP Firmware Key Certificate (output file)",
52 		.fn = NULL,
53 		.cn = "SCP Firmware Key Certificate",
54 		.key = TRUSTED_WORLD_KEY,
55 		.issuer = SCP_FW_KEY_CERT,
56 		.ext = {
57 			TRUSTED_FW_NVCOUNTER_EXT,
58 			SCP_FW_CONTENT_CERT_PK_EXT
59 		},
60 		.num_ext = 2
61 	},
62 	[SCP_FW_CONTENT_CERT] = {
63 		.id = SCP_FW_CONTENT_CERT,
64 		.opt = "scp-fw-cert",
65 		.help_msg = "SCP Firmware Content Certificate (output file)",
66 		.fn = NULL,
67 		.cn = "SCP Firmware Content Certificate",
68 		.key = SCP_FW_CONTENT_CERT_KEY,
69 		.issuer = SCP_FW_CONTENT_CERT,
70 		.ext = {
71 			TRUSTED_FW_NVCOUNTER_EXT,
72 			SCP_FW_HASH_EXT
73 		},
74 		.num_ext = 2
75 	},
76 	[SOC_FW_KEY_CERT] = {
77 		.id = SOC_FW_KEY_CERT,
78 		.opt = "soc-fw-key-cert",
79 		.help_msg = "SoC Firmware Key Certificate (output file)",
80 		.fn = NULL,
81 		.cn = "SoC Firmware Key Certificate",
82 		.key = TRUSTED_WORLD_KEY,
83 		.issuer = SOC_FW_KEY_CERT,
84 		.ext = {
85 			TRUSTED_FW_NVCOUNTER_EXT,
86 			SOC_FW_CONTENT_CERT_PK_EXT
87 		},
88 		.num_ext = 2
89 	},
90 	[SOC_FW_CONTENT_CERT] = {
91 		.id = SOC_FW_CONTENT_CERT,
92 		.opt = "soc-fw-cert",
93 		.help_msg = "SoC Firmware Content Certificate (output file)",
94 		.fn = NULL,
95 		.cn = "SoC Firmware Content Certificate",
96 		.key = SOC_FW_CONTENT_CERT_KEY,
97 		.issuer = SOC_FW_CONTENT_CERT,
98 		.ext = {
99 			TRUSTED_FW_NVCOUNTER_EXT,
100 			SOC_AP_FW_HASH_EXT
101 		},
102 		.num_ext = 2
103 	},
104 	[TRUSTED_OS_FW_KEY_CERT] = {
105 		.id = TRUSTED_OS_FW_KEY_CERT,
106 		.opt = "tos-fw-key-cert",
107 		.help_msg = "Trusted OS Firmware Key Certificate (output file)",
108 		.fn = NULL,
109 		.cn = "Trusted OS Firmware Key Certificate",
110 		.key = TRUSTED_WORLD_KEY,
111 		.issuer = TRUSTED_OS_FW_KEY_CERT,
112 		.ext = {
113 			TRUSTED_FW_NVCOUNTER_EXT,
114 			TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
115 		},
116 		.num_ext = 2
117 	},
118 	[TRUSTED_OS_FW_CONTENT_CERT] = {
119 		.id = TRUSTED_OS_FW_CONTENT_CERT,
120 		.opt = "tos-fw-cert",
121 		.help_msg = "Trusted OS Firmware Content Certificate (output file)",
122 		.fn = NULL,
123 		.cn = "Trusted OS Firmware Content Certificate",
124 		.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
125 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
126 		.ext = {
127 			TRUSTED_FW_NVCOUNTER_EXT,
128 			TRUSTED_OS_FW_HASH_EXT
129 		},
130 		.num_ext = 2
131 	},
132 	[NON_TRUSTED_FW_KEY_CERT] = {
133 		.id = NON_TRUSTED_FW_KEY_CERT,
134 		.opt = "nt-fw-key-cert",
135 		.help_msg = "Non-Trusted Firmware Key Certificate (output file)",
136 		.fn = NULL,
137 		.cn = "Non-Trusted Firmware Key Certificate",
138 		.key = NON_TRUSTED_WORLD_KEY,
139 		.issuer = NON_TRUSTED_FW_KEY_CERT,
140 		.ext = {
141 			NON_TRUSTED_FW_NVCOUNTER_EXT,
142 			NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
143 		},
144 		.num_ext = 2
145 	},
146 	[NON_TRUSTED_FW_CONTENT_CERT] = {
147 		.id = NON_TRUSTED_FW_CONTENT_CERT,
148 		.opt = "nt-fw-cert",
149 		.help_msg = "Non-Trusted Firmware Content Certificate (output file)",
150 		.fn = NULL,
151 		.cn = "Non-Trusted Firmware Content Certificate",
152 		.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
153 		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
154 		.ext = {
155 			NON_TRUSTED_FW_NVCOUNTER_EXT,
156 			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
157 		},
158 		.num_ext = 2
159 	},
160 	[FWU_CERT] = {
161 		.id = FWU_CERT,
162 		.opt = "fwu-cert",
163 		.help_msg = "Firmware Update Certificate (output file)",
164 		.fn = NULL,
165 		.cn = "Firmware Update Certificate",
166 		.key = ROT_KEY,
167 		.issuer = FWU_CERT,
168 		.ext = {
169 			SCP_FWU_CFG_HASH_EXT,
170 			AP_FWU_CFG_HASH_EXT,
171 			FWU_HASH_EXT
172 		},
173 		.num_ext = 3
174 	}
175 };
176 
177 REGISTER_COT(tbb_certs);
178