155e291a4SJuan Castillo /* 2bb41eb7aSMasahiro Yamada * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. 355e291a4SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 555e291a4SJuan Castillo */ 655e291a4SJuan Castillo 755e291a4SJuan Castillo #include <stdio.h> 855e291a4SJuan Castillo #include <string.h> 955e291a4SJuan Castillo #include <openssl/err.h> 1055e291a4SJuan Castillo #include <openssl/x509v3.h> 11bb41eb7aSMasahiro Yamada 12bb41eb7aSMasahiro Yamada #if USE_TBBR_DEFS 13bb41eb7aSMasahiro Yamada #include <tbbr_oid.h> 14bb41eb7aSMasahiro Yamada #else 15bb41eb7aSMasahiro Yamada #include <platform_oid.h> 16bb41eb7aSMasahiro Yamada #endif 17bb41eb7aSMasahiro Yamada 1855e291a4SJuan Castillo #include "ext.h" 1955e291a4SJuan Castillo #include "tbbr/tbb_ext.h" 2055e291a4SJuan Castillo #include "tbbr/tbb_key.h" 2155e291a4SJuan Castillo 2255e291a4SJuan Castillo /* TODO: get these values from the command line */ 2355e291a4SJuan Castillo #define TRUSTED_WORLD_NVCTR_VALUE 0 2455e291a4SJuan Castillo #define NORMAL_WORLD_NVCTR_VALUE 0 2555e291a4SJuan Castillo 2655e291a4SJuan Castillo static ext_t tbb_ext[] = { 27516beb58SJuan Castillo [TRUSTED_FW_NVCOUNTER_EXT] = { 28516beb58SJuan Castillo .oid = TRUSTED_FW_NVCOUNTER_OID, 2996103d5aSJuan Castillo .opt = "tfw-nvctr", 3096103d5aSJuan Castillo .help_msg = "Trusted Firmware Non-Volatile counter value", 3155e291a4SJuan Castillo .sn = "TrustedWorldNVCounter", 3255e291a4SJuan Castillo .ln = "Trusted World Non-Volatile counter", 3355e291a4SJuan Castillo .asn1_type = V_ASN1_INTEGER, 3455e291a4SJuan Castillo .type = EXT_TYPE_NVCOUNTER, 3596103d5aSJuan Castillo .attr.nvctr_type = NVCTR_TYPE_TFW 3655e291a4SJuan Castillo }, 37516beb58SJuan Castillo [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 38516beb58SJuan Castillo .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 3996103d5aSJuan Castillo .opt = "ntfw-nvctr", 4096103d5aSJuan Castillo .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 4155e291a4SJuan Castillo .sn = "NormalWorldNVCounter", 4296103d5aSJuan Castillo .ln = "Non-Trusted Firmware Non-Volatile counter", 4355e291a4SJuan Castillo .asn1_type = V_ASN1_INTEGER, 4455e291a4SJuan Castillo .type = EXT_TYPE_NVCOUNTER, 4596103d5aSJuan Castillo .attr.nvctr_type = NVCTR_TYPE_NTFW 4655e291a4SJuan Castillo }, 47516beb58SJuan Castillo [TRUSTED_BOOT_FW_HASH_EXT] = { 48516beb58SJuan Castillo .oid = TRUSTED_BOOT_FW_HASH_OID, 49516beb58SJuan Castillo .opt = "tb-fw", 50159807e2SJuan Castillo .help_msg = "Trusted Boot Firmware image file", 5155e291a4SJuan Castillo .sn = "TrustedBootFirmwareHash", 52516beb58SJuan Castillo .ln = "Trusted Boot Firmware hash (SHA256)", 5355e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 5455e291a4SJuan Castillo .type = EXT_TYPE_HASH 5555e291a4SJuan Castillo }, 56516beb58SJuan Castillo [TRUSTED_WORLD_PK_EXT] = { 57516beb58SJuan Castillo .oid = TRUSTED_WORLD_PK_OID, 5855e291a4SJuan Castillo .sn = "TrustedWorldPublicKey", 5955e291a4SJuan Castillo .ln = "Trusted World Public Key", 6055e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 6155e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 6296103d5aSJuan Castillo .attr.key = TRUSTED_WORLD_KEY 6355e291a4SJuan Castillo }, 64516beb58SJuan Castillo [NON_TRUSTED_WORLD_PK_EXT] = { 65516beb58SJuan Castillo .oid = NON_TRUSTED_WORLD_PK_OID, 6655e291a4SJuan Castillo .sn = "NonTrustedWorldPublicKey", 6755e291a4SJuan Castillo .ln = "Non-Trusted World Public Key", 6855e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 6955e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 7096103d5aSJuan Castillo .attr.key = NON_TRUSTED_WORLD_KEY 7155e291a4SJuan Castillo }, 72516beb58SJuan Castillo [SCP_FW_CONTENT_CERT_PK_EXT] = { 73516beb58SJuan Castillo .oid = SCP_FW_CONTENT_CERT_PK_OID, 7455e291a4SJuan Castillo .sn = "SCPFirmwareContentCertPK", 7555e291a4SJuan Castillo .ln = "SCP Firmware content certificate public key", 7655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 7755e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 7896103d5aSJuan Castillo .attr.key = SCP_FW_CONTENT_CERT_KEY 7955e291a4SJuan Castillo }, 80516beb58SJuan Castillo [SCP_FW_HASH_EXT] = { 81516beb58SJuan Castillo .oid = SCP_FW_HASH_OID, 82516beb58SJuan Castillo .opt = "scp-fw", 83159807e2SJuan Castillo .help_msg = "SCP Firmware image file", 8455e291a4SJuan Castillo .sn = "SCPFirmwareHash", 85516beb58SJuan Castillo .ln = "SCP Firmware hash (SHA256)", 8655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 8755e291a4SJuan Castillo .type = EXT_TYPE_HASH 8855e291a4SJuan Castillo }, 89516beb58SJuan Castillo [SOC_FW_CONTENT_CERT_PK_EXT] = { 90516beb58SJuan Castillo .oid = SOC_FW_CONTENT_CERT_PK_OID, 9155e291a4SJuan Castillo .sn = "SoCFirmwareContentCertPK", 9255e291a4SJuan Castillo .ln = "SoC Firmware content certificate public key", 9355e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 9455e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 9596103d5aSJuan Castillo .attr.key = SOC_FW_CONTENT_CERT_KEY 9655e291a4SJuan Castillo }, 97516beb58SJuan Castillo [SOC_AP_FW_HASH_EXT] = { 98516beb58SJuan Castillo .oid = SOC_AP_FW_HASH_OID, 99516beb58SJuan Castillo .opt = "soc-fw", 100159807e2SJuan Castillo .help_msg = "SoC AP Firmware image file", 10155e291a4SJuan Castillo .sn = "SoCAPFirmwareHash", 102516beb58SJuan Castillo .ln = "SoC AP Firmware hash (SHA256)", 10355e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 10455e291a4SJuan Castillo .type = EXT_TYPE_HASH 10555e291a4SJuan Castillo }, 106516beb58SJuan Castillo [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { 107516beb58SJuan Castillo .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, 10855e291a4SJuan Castillo .sn = "TrustedOSFirmwareContentCertPK", 10955e291a4SJuan Castillo .ln = "Trusted OS Firmware content certificate public key", 11055e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 11155e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 11296103d5aSJuan Castillo .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY 11355e291a4SJuan Castillo }, 114516beb58SJuan Castillo [TRUSTED_OS_FW_HASH_EXT] = { 115516beb58SJuan Castillo .oid = TRUSTED_OS_FW_HASH_OID, 116516beb58SJuan Castillo .opt = "tos-fw", 117159807e2SJuan Castillo .help_msg = "Trusted OS image file", 11855e291a4SJuan Castillo .sn = "TrustedOSHash", 119516beb58SJuan Castillo .ln = "Trusted OS hash (SHA256)", 12055e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 12155e291a4SJuan Castillo .type = EXT_TYPE_HASH 12255e291a4SJuan Castillo }, 123*71fb3964SSummer Qin [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = { 124*71fb3964SSummer Qin .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID, 125*71fb3964SSummer Qin .opt = "tos-fw-extra1", 126*71fb3964SSummer Qin .help_msg = "Trusted OS Extra1 image file", 127*71fb3964SSummer Qin .sn = "TrustedOSExtra1Hash", 128*71fb3964SSummer Qin .ln = "Trusted OS Extra1 hash (SHA256)", 129*71fb3964SSummer Qin .asn1_type = V_ASN1_OCTET_STRING, 130*71fb3964SSummer Qin .type = EXT_TYPE_HASH, 131*71fb3964SSummer Qin .optional = 1 132*71fb3964SSummer Qin }, 133*71fb3964SSummer Qin [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = { 134*71fb3964SSummer Qin .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID, 135*71fb3964SSummer Qin .opt = "tos-fw-extra2", 136*71fb3964SSummer Qin .help_msg = "Trusted OS Extra2 image file", 137*71fb3964SSummer Qin .sn = "TrustedOSExtra2Hash", 138*71fb3964SSummer Qin .ln = "Trusted OS Extra2 hash (SHA256)", 139*71fb3964SSummer Qin .asn1_type = V_ASN1_OCTET_STRING, 140*71fb3964SSummer Qin .type = EXT_TYPE_HASH, 141*71fb3964SSummer Qin .optional = 1 142*71fb3964SSummer Qin }, 143516beb58SJuan Castillo [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { 144516beb58SJuan Castillo .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, 14555e291a4SJuan Castillo .sn = "NonTrustedFirmwareContentCertPK", 14655e291a4SJuan Castillo .ln = "Non-Trusted Firmware content certificate public key", 14755e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 14855e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 14996103d5aSJuan Castillo .attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY 15055e291a4SJuan Castillo }, 151516beb58SJuan Castillo [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 152516beb58SJuan Castillo .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 153516beb58SJuan Castillo .opt = "nt-fw", 154159807e2SJuan Castillo .help_msg = "Non-Trusted World Bootloader image file", 15555e291a4SJuan Castillo .sn = "NonTrustedWorldBootloaderHash", 156516beb58SJuan Castillo .ln = "Non-Trusted World hash (SHA256)", 15755e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 15855e291a4SJuan Castillo .type = EXT_TYPE_HASH 159cebe1f23SYatharth Kochar }, 160516beb58SJuan Castillo [SCP_FWU_CFG_HASH_EXT] = { 161516beb58SJuan Castillo .oid = SCP_FWU_CFG_HASH_OID, 162516beb58SJuan Castillo .opt = "scp-fwu-cfg", 163159807e2SJuan Castillo .help_msg = "SCP Firmware Update Config image file", 164cebe1f23SYatharth Kochar .sn = "SCPFWUpdateConfig", 165516beb58SJuan Castillo .ln = "SCP Firmware Update Config hash (SHA256)", 166cebe1f23SYatharth Kochar .asn1_type = V_ASN1_OCTET_STRING, 167cebe1f23SYatharth Kochar .type = EXT_TYPE_HASH, 168cebe1f23SYatharth Kochar .optional = 1 169cebe1f23SYatharth Kochar }, 170516beb58SJuan Castillo [AP_FWU_CFG_HASH_EXT] = { 171516beb58SJuan Castillo .oid = AP_FWU_CFG_HASH_OID, 172516beb58SJuan Castillo .opt = "ap-fwu-cfg", 173159807e2SJuan Castillo .help_msg = "AP Firmware Update Config image file", 174cebe1f23SYatharth Kochar .sn = "APFWUpdateConfig", 175516beb58SJuan Castillo .ln = "AP Firmware Update Config hash (SHA256)", 176cebe1f23SYatharth Kochar .asn1_type = V_ASN1_OCTET_STRING, 177cebe1f23SYatharth Kochar .type = EXT_TYPE_HASH, 178cebe1f23SYatharth Kochar .optional = 1 179cebe1f23SYatharth Kochar }, 180516beb58SJuan Castillo [FWU_HASH_EXT] = { 181516beb58SJuan Castillo .oid = FWU_HASH_OID, 182516beb58SJuan Castillo .opt = "fwu", 183159807e2SJuan Castillo .help_msg = "Firmware Updater image file", 184cebe1f23SYatharth Kochar .sn = "FWUpdaterHash", 185516beb58SJuan Castillo .ln = "Firmware Updater hash (SHA256)", 186cebe1f23SYatharth Kochar .asn1_type = V_ASN1_OCTET_STRING, 187cebe1f23SYatharth Kochar .type = EXT_TYPE_HASH, 188cebe1f23SYatharth Kochar .optional = 1 18955e291a4SJuan Castillo } 19055e291a4SJuan Castillo }; 19155e291a4SJuan Castillo 19255e291a4SJuan Castillo REGISTER_EXTENSIONS(tbb_ext); 193