xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_cert.c (revision 9fb8af33c40f21becde99fc15db73b1f4d82059c) 
1 /*
2  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include "tbbr/tbb_cert.h"
8 #include "tbbr/tbb_ext.h"
9 #include "tbbr/tbb_key.h"
10 
11 /*
12  * Certificates used in the chain of trust
13  *
14  * The order of the certificates must follow the enumeration specified in
15  * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16  * field points to itself.
17  */
18 static cert_t tbb_certs[] = {
19 	[TRUSTED_BOOT_FW_CERT] = {
20 		.id = TRUSTED_BOOT_FW_CERT,
21 		.opt = "tb-fw-cert",
22 		.help_msg = "Trusted Boot FW Certificate (output file)",
23 		.fn = NULL,
24 		.cn = "Trusted Boot FW Certificate",
25 		.key = ROT_KEY,
26 		.issuer = TRUSTED_BOOT_FW_CERT,
27 		.ext = {
28 			TRUSTED_FW_NVCOUNTER_EXT,
29 			TRUSTED_BOOT_FW_HASH_EXT,
30 			TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
31 			HW_CONFIG_HASH_EXT
32 		},
33 		.num_ext = 4
34 	},
35 	[TRUSTED_KEY_CERT] = {
36 		.id = TRUSTED_KEY_CERT,
37 		.opt = "trusted-key-cert",
38 		.help_msg = "Trusted Key Certificate (output file)",
39 		.fn = NULL,
40 		.cn = "Trusted Key Certificate",
41 		.key = ROT_KEY,
42 		.issuer = TRUSTED_KEY_CERT,
43 		.ext = {
44 			TRUSTED_FW_NVCOUNTER_EXT,
45 			TRUSTED_WORLD_PK_EXT,
46 			NON_TRUSTED_WORLD_PK_EXT
47 		},
48 		.num_ext = 3
49 	},
50 	[SCP_FW_KEY_CERT] = {
51 		.id = SCP_FW_KEY_CERT,
52 		.opt = "scp-fw-key-cert",
53 		.help_msg = "SCP Firmware Key Certificate (output file)",
54 		.fn = NULL,
55 		.cn = "SCP Firmware Key Certificate",
56 		.key = TRUSTED_WORLD_KEY,
57 		.issuer = SCP_FW_KEY_CERT,
58 		.ext = {
59 			TRUSTED_FW_NVCOUNTER_EXT,
60 			SCP_FW_CONTENT_CERT_PK_EXT
61 		},
62 		.num_ext = 2
63 	},
64 	[SCP_FW_CONTENT_CERT] = {
65 		.id = SCP_FW_CONTENT_CERT,
66 		.opt = "scp-fw-cert",
67 		.help_msg = "SCP Firmware Content Certificate (output file)",
68 		.fn = NULL,
69 		.cn = "SCP Firmware Content Certificate",
70 		.key = SCP_FW_CONTENT_CERT_KEY,
71 		.issuer = SCP_FW_CONTENT_CERT,
72 		.ext = {
73 			TRUSTED_FW_NVCOUNTER_EXT,
74 			SCP_FW_HASH_EXT
75 		},
76 		.num_ext = 2
77 	},
78 	[SOC_FW_KEY_CERT] = {
79 		.id = SOC_FW_KEY_CERT,
80 		.opt = "soc-fw-key-cert",
81 		.help_msg = "SoC Firmware Key Certificate (output file)",
82 		.fn = NULL,
83 		.cn = "SoC Firmware Key Certificate",
84 		.key = TRUSTED_WORLD_KEY,
85 		.issuer = SOC_FW_KEY_CERT,
86 		.ext = {
87 			TRUSTED_FW_NVCOUNTER_EXT,
88 			SOC_FW_CONTENT_CERT_PK_EXT
89 		},
90 		.num_ext = 2
91 	},
92 	[SOC_FW_CONTENT_CERT] = {
93 		.id = SOC_FW_CONTENT_CERT,
94 		.opt = "soc-fw-cert",
95 		.help_msg = "SoC Firmware Content Certificate (output file)",
96 		.fn = NULL,
97 		.cn = "SoC Firmware Content Certificate",
98 		.key = SOC_FW_CONTENT_CERT_KEY,
99 		.issuer = SOC_FW_CONTENT_CERT,
100 		.ext = {
101 			TRUSTED_FW_NVCOUNTER_EXT,
102 			SOC_AP_FW_HASH_EXT
103 		},
104 		.num_ext = 2
105 	},
106 	[TRUSTED_OS_FW_KEY_CERT] = {
107 		.id = TRUSTED_OS_FW_KEY_CERT,
108 		.opt = "tos-fw-key-cert",
109 		.help_msg = "Trusted OS Firmware Key Certificate (output file)",
110 		.fn = NULL,
111 		.cn = "Trusted OS Firmware Key Certificate",
112 		.key = TRUSTED_WORLD_KEY,
113 		.issuer = TRUSTED_OS_FW_KEY_CERT,
114 		.ext = {
115 			TRUSTED_FW_NVCOUNTER_EXT,
116 			TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
117 		},
118 		.num_ext = 2
119 	},
120 	[TRUSTED_OS_FW_CONTENT_CERT] = {
121 		.id = TRUSTED_OS_FW_CONTENT_CERT,
122 		.opt = "tos-fw-cert",
123 		.help_msg = "Trusted OS Firmware Content Certificate (output file)",
124 		.fn = NULL,
125 		.cn = "Trusted OS Firmware Content Certificate",
126 		.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
127 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
128 		.ext = {
129 			TRUSTED_FW_NVCOUNTER_EXT,
130 			TRUSTED_OS_FW_HASH_EXT,
131 			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
132 			TRUSTED_OS_FW_EXTRA2_HASH_EXT
133 		},
134 		.num_ext = 4
135 	},
136 	[NON_TRUSTED_FW_KEY_CERT] = {
137 		.id = NON_TRUSTED_FW_KEY_CERT,
138 		.opt = "nt-fw-key-cert",
139 		.help_msg = "Non-Trusted Firmware Key Certificate (output file)",
140 		.fn = NULL,
141 		.cn = "Non-Trusted Firmware Key Certificate",
142 		.key = NON_TRUSTED_WORLD_KEY,
143 		.issuer = NON_TRUSTED_FW_KEY_CERT,
144 		.ext = {
145 			NON_TRUSTED_FW_NVCOUNTER_EXT,
146 			NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
147 		},
148 		.num_ext = 2
149 	},
150 	[NON_TRUSTED_FW_CONTENT_CERT] = {
151 		.id = NON_TRUSTED_FW_CONTENT_CERT,
152 		.opt = "nt-fw-cert",
153 		.help_msg = "Non-Trusted Firmware Content Certificate (output file)",
154 		.fn = NULL,
155 		.cn = "Non-Trusted Firmware Content Certificate",
156 		.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
157 		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
158 		.ext = {
159 			NON_TRUSTED_FW_NVCOUNTER_EXT,
160 			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
161 		},
162 		.num_ext = 2
163 	},
164 	[FWU_CERT] = {
165 		.id = FWU_CERT,
166 		.opt = "fwu-cert",
167 		.help_msg = "Firmware Update Certificate (output file)",
168 		.fn = NULL,
169 		.cn = "Firmware Update Certificate",
170 		.key = ROT_KEY,
171 		.issuer = FWU_CERT,
172 		.ext = {
173 			SCP_FWU_CFG_HASH_EXT,
174 			AP_FWU_CFG_HASH_EXT,
175 			FWU_HASH_EXT
176 		},
177 		.num_ext = 3
178 	}
179 };
180 
181 REGISTER_COT(tbb_certs);
182