xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_cert.c (revision f59821d51255f14e0ac00eef7bc98ef75c686876) 
1 /*
2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include "tbbr/tbb_cert.h"
32 #include "tbbr/tbb_ext.h"
33 #include "tbbr/tbb_key.h"
34 
35 /*
36  * Certificates used in the chain of trust
37  *
38  * The order of the certificates must follow the enumeration specified in
39  * tbb_cert.h. All certificates are self-signed, so the issuer certificate
40  * field points to itself.
41  */
42 static cert_t tbb_certs[] = {
43 	[TRUSTED_BOOT_FW_CERT] = {
44 		.id = TRUSTED_BOOT_FW_CERT,
45 		.opt = "tb-fw-cert",
46 		.fn = NULL,
47 		.cn = "Trusted Boot FW Certificate",
48 		.key = ROT_KEY,
49 		.issuer = TRUSTED_BOOT_FW_CERT,
50 		.ext = {
51 			TRUSTED_BOOT_FW_HASH_EXT
52 		},
53 		.num_ext = 1
54 	},
55 	[TRUSTED_KEY_CERT] = {
56 		.id = TRUSTED_KEY_CERT,
57 		.opt = "trusted-key-cert",
58 		.fn = NULL,
59 		.cn = "Trusted Key Certificate",
60 		.key = ROT_KEY,
61 		.issuer = TRUSTED_KEY_CERT,
62 		.ext = {
63 			TRUSTED_WORLD_PK_EXT,
64 			NON_TRUSTED_WORLD_PK_EXT
65 		},
66 		.num_ext = 2
67 	},
68 	[SCP_FW_KEY_CERT] = {
69 		.id = SCP_FW_KEY_CERT,
70 		.opt = "scp-fw-key-cert",
71 		.fn = NULL,
72 		.cn = "SCP Firmware Key Certificate",
73 		.key = TRUSTED_WORLD_KEY,
74 		.issuer = SCP_FW_KEY_CERT,
75 		.ext = {
76 			SCP_FW_CONTENT_CERT_PK_EXT
77 		},
78 		.num_ext = 1
79 	},
80 	[SCP_FW_CONTENT_CERT] = {
81 		.id = SCP_FW_CONTENT_CERT,
82 		.opt = "scp-fw-cert",
83 		.fn = NULL,
84 		.cn = "SCP Firmware Content Certificate",
85 		.key = SCP_FW_CONTENT_CERT_KEY,
86 		.issuer = SCP_FW_CONTENT_CERT,
87 		.ext = {
88 			SCP_FW_HASH_EXT
89 		},
90 		.num_ext = 1
91 	},
92 	[SOC_FW_KEY_CERT] = {
93 		.id = SOC_FW_KEY_CERT,
94 		.opt = "soc-fw-key-cert",
95 		.fn = NULL,
96 		.cn = "SoC Firmware Key Certificate",
97 		.key = TRUSTED_WORLD_KEY,
98 		.issuer = SOC_FW_KEY_CERT,
99 		.ext = {
100 			SOC_FW_CONTENT_CERT_PK_EXT
101 		},
102 		.num_ext = 1
103 	},
104 	[SOC_FW_CONTENT_CERT] = {
105 		.id = SOC_FW_CONTENT_CERT,
106 		.opt = "soc-fw-cert",
107 		.fn = NULL,
108 		.cn = "SoC Firmware Content Certificate",
109 		.key = SOC_FW_CONTENT_CERT_KEY,
110 		.issuer = SOC_FW_CONTENT_CERT,
111 		.ext = {
112 			SOC_AP_FW_HASH_EXT
113 		},
114 		.num_ext = 1
115 	},
116 	[TRUSTED_OS_FW_KEY_CERT] = {
117 		.id = TRUSTED_OS_FW_KEY_CERT,
118 		.opt = "tos-fw-key-cert",
119 		.fn = NULL,
120 		.cn = "Trusted OS Firmware Key Certificate",
121 		.key = TRUSTED_WORLD_KEY,
122 		.issuer = TRUSTED_OS_FW_KEY_CERT,
123 		.ext = {
124 			TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
125 		},
126 		.num_ext = 1
127 	},
128 	[TRUSTED_OS_FW_CONTENT_CERT] = {
129 		.id = TRUSTED_OS_FW_CONTENT_CERT,
130 		.opt = "tos-fw-cert",
131 		.fn = NULL,
132 		.cn = "Trusted OS Firmware Content Certificate",
133 		.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
134 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
135 		.ext = {
136 			TRUSTED_OS_FW_HASH_EXT
137 		},
138 		.num_ext = 1
139 	},
140 	[NON_TRUSTED_FW_KEY_CERT] = {
141 		.id = NON_TRUSTED_FW_KEY_CERT,
142 		.opt = "nt-fw-key-cert",
143 		.fn = NULL,
144 		.cn = "Non-Trusted Firmware Key Certificate",
145 		.key = NON_TRUSTED_WORLD_KEY,
146 		.issuer = NON_TRUSTED_FW_KEY_CERT,
147 		.ext = {
148 			NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
149 		},
150 		.num_ext = 1
151 	},
152 	[NON_TRUSTED_FW_CONTENT_CERT] = {
153 		.id = NON_TRUSTED_FW_CONTENT_CERT,
154 		.opt = "nt-fw-cert",
155 		.fn = NULL,
156 		.cn = "Non-Trusted Firmware Content Certificate",
157 		.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
158 		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
159 		.ext = {
160 			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
161 		},
162 		.num_ext = 1
163 	},
164 	[FWU_CERT] = {
165 		.id = FWU_CERT,
166 		.opt = "fwu-cert",
167 		.fn = NULL,
168 		.cn = "FWU Certificate",
169 		.key = ROT_KEY,
170 		.issuer = FWU_CERT,
171 		.ext = {
172 			SCP_FWU_CFG_HASH_EXT,
173 			AP_FWU_CFG_HASH_EXT,
174 			FWU_HASH_EXT
175 		},
176 		.num_ext = 3
177 	}
178 };
179 
180 REGISTER_COT(tbb_certs);
181