xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_cert.c (revision c948f77136c42a92d0bb660543a3600c36dcf7f1) 
1 /*
2  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include "tbbr/tbb_cert.h"
8 #include "tbbr/tbb_ext.h"
9 #include "tbbr/tbb_key.h"
10 
11 /*
12  * Certificates used in the chain of trust
13  *
14  * The order of the certificates must follow the enumeration specified in
15  * tbb_cert.h. All certificates are self-signed, so the issuer certificate
16  * field points to itself.
17  */
18 static cert_t tbb_certs[] = {
19 	[TRUSTED_BOOT_FW_CERT] = {
20 		.id = TRUSTED_BOOT_FW_CERT,
21 		.opt = "tb-fw-cert",
22 		.help_msg = "Trusted Boot FW Certificate (output file)",
23 		.fn = NULL,
24 		.cn = "Trusted Boot FW Certificate",
25 		.key = ROT_KEY,
26 		.issuer = TRUSTED_BOOT_FW_CERT,
27 		.ext = {
28 			TRUSTED_FW_NVCOUNTER_EXT,
29 			TRUSTED_BOOT_FW_HASH_EXT,
30 			TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
31 			HW_CONFIG_HASH_EXT
32 		},
33 		.num_ext = 4
34 	},
35 	[TRUSTED_KEY_CERT] = {
36 		.id = TRUSTED_KEY_CERT,
37 		.opt = "trusted-key-cert",
38 		.help_msg = "Trusted Key Certificate (output file)",
39 		.fn = NULL,
40 		.cn = "Trusted Key Certificate",
41 		.key = ROT_KEY,
42 		.issuer = TRUSTED_KEY_CERT,
43 		.ext = {
44 			TRUSTED_FW_NVCOUNTER_EXT,
45 			TRUSTED_WORLD_PK_EXT,
46 			NON_TRUSTED_WORLD_PK_EXT
47 		},
48 		.num_ext = 3
49 	},
50 	[SCP_FW_KEY_CERT] = {
51 		.id = SCP_FW_KEY_CERT,
52 		.opt = "scp-fw-key-cert",
53 		.help_msg = "SCP Firmware Key Certificate (output file)",
54 		.fn = NULL,
55 		.cn = "SCP Firmware Key Certificate",
56 		.key = TRUSTED_WORLD_KEY,
57 		.issuer = SCP_FW_KEY_CERT,
58 		.ext = {
59 			TRUSTED_FW_NVCOUNTER_EXT,
60 			SCP_FW_CONTENT_CERT_PK_EXT
61 		},
62 		.num_ext = 2
63 	},
64 	[SCP_FW_CONTENT_CERT] = {
65 		.id = SCP_FW_CONTENT_CERT,
66 		.opt = "scp-fw-cert",
67 		.help_msg = "SCP Firmware Content Certificate (output file)",
68 		.fn = NULL,
69 		.cn = "SCP Firmware Content Certificate",
70 		.key = SCP_FW_CONTENT_CERT_KEY,
71 		.issuer = SCP_FW_CONTENT_CERT,
72 		.ext = {
73 			TRUSTED_FW_NVCOUNTER_EXT,
74 			SCP_FW_HASH_EXT
75 		},
76 		.num_ext = 2
77 	},
78 	[SOC_FW_KEY_CERT] = {
79 		.id = SOC_FW_KEY_CERT,
80 		.opt = "soc-fw-key-cert",
81 		.help_msg = "SoC Firmware Key Certificate (output file)",
82 		.fn = NULL,
83 		.cn = "SoC Firmware Key Certificate",
84 		.key = TRUSTED_WORLD_KEY,
85 		.issuer = SOC_FW_KEY_CERT,
86 		.ext = {
87 			TRUSTED_FW_NVCOUNTER_EXT,
88 			SOC_FW_CONTENT_CERT_PK_EXT
89 		},
90 		.num_ext = 2
91 	},
92 	[SOC_FW_CONTENT_CERT] = {
93 		.id = SOC_FW_CONTENT_CERT,
94 		.opt = "soc-fw-cert",
95 		.help_msg = "SoC Firmware Content Certificate (output file)",
96 		.fn = NULL,
97 		.cn = "SoC Firmware Content Certificate",
98 		.key = SOC_FW_CONTENT_CERT_KEY,
99 		.issuer = SOC_FW_CONTENT_CERT,
100 		.ext = {
101 			TRUSTED_FW_NVCOUNTER_EXT,
102 			SOC_AP_FW_HASH_EXT,
103 			SOC_FW_CONFIG_HASH_EXT,
104 		},
105 		.num_ext = 3
106 	},
107 	[TRUSTED_OS_FW_KEY_CERT] = {
108 		.id = TRUSTED_OS_FW_KEY_CERT,
109 		.opt = "tos-fw-key-cert",
110 		.help_msg = "Trusted OS Firmware Key Certificate (output file)",
111 		.fn = NULL,
112 		.cn = "Trusted OS Firmware Key Certificate",
113 		.key = TRUSTED_WORLD_KEY,
114 		.issuer = TRUSTED_OS_FW_KEY_CERT,
115 		.ext = {
116 			TRUSTED_FW_NVCOUNTER_EXT,
117 			TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
118 		},
119 		.num_ext = 2
120 	},
121 	[TRUSTED_OS_FW_CONTENT_CERT] = {
122 		.id = TRUSTED_OS_FW_CONTENT_CERT,
123 		.opt = "tos-fw-cert",
124 		.help_msg = "Trusted OS Firmware Content Certificate (output file)",
125 		.fn = NULL,
126 		.cn = "Trusted OS Firmware Content Certificate",
127 		.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
128 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
129 		.ext = {
130 			TRUSTED_FW_NVCOUNTER_EXT,
131 			TRUSTED_OS_FW_HASH_EXT,
132 			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
133 			TRUSTED_OS_FW_EXTRA2_HASH_EXT,
134 			TRUSTED_OS_FW_CONFIG_HASH_EXT,
135 		},
136 		.num_ext = 5
137 	},
138 	[NON_TRUSTED_FW_KEY_CERT] = {
139 		.id = NON_TRUSTED_FW_KEY_CERT,
140 		.opt = "nt-fw-key-cert",
141 		.help_msg = "Non-Trusted Firmware Key Certificate (output file)",
142 		.fn = NULL,
143 		.cn = "Non-Trusted Firmware Key Certificate",
144 		.key = NON_TRUSTED_WORLD_KEY,
145 		.issuer = NON_TRUSTED_FW_KEY_CERT,
146 		.ext = {
147 			NON_TRUSTED_FW_NVCOUNTER_EXT,
148 			NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
149 		},
150 		.num_ext = 2
151 	},
152 	[NON_TRUSTED_FW_CONTENT_CERT] = {
153 		.id = NON_TRUSTED_FW_CONTENT_CERT,
154 		.opt = "nt-fw-cert",
155 		.help_msg = "Non-Trusted Firmware Content Certificate (output file)",
156 		.fn = NULL,
157 		.cn = "Non-Trusted Firmware Content Certificate",
158 		.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
159 		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
160 		.ext = {
161 			NON_TRUSTED_FW_NVCOUNTER_EXT,
162 			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
163 			NON_TRUSTED_FW_CONFIG_HASH_EXT,
164 		},
165 		.num_ext = 3
166 	},
167 	[FWU_CERT] = {
168 		.id = FWU_CERT,
169 		.opt = "fwu-cert",
170 		.help_msg = "Firmware Update Certificate (output file)",
171 		.fn = NULL,
172 		.cn = "Firmware Update Certificate",
173 		.key = ROT_KEY,
174 		.issuer = FWU_CERT,
175 		.ext = {
176 			SCP_FWU_CFG_HASH_EXT,
177 			AP_FWU_CFG_HASH_EXT,
178 			FWU_HASH_EXT
179 		},
180 		.num_ext = 3
181 	}
182 };
183 
184 REGISTER_COT(tbb_certs);
185