155e291a4SJuan Castillo /* 2e24659dfSSoby Mathew * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. 355e291a4SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 555e291a4SJuan Castillo */ 655e291a4SJuan Castillo 755e291a4SJuan Castillo #include <stdio.h> 855e291a4SJuan Castillo #include <string.h> 955e291a4SJuan Castillo #include <openssl/err.h> 1055e291a4SJuan Castillo #include <openssl/x509v3.h> 11bb41eb7aSMasahiro Yamada 12bb41eb7aSMasahiro Yamada #if USE_TBBR_DEFS 13bb41eb7aSMasahiro Yamada #include <tbbr_oid.h> 14bb41eb7aSMasahiro Yamada #else 15bb41eb7aSMasahiro Yamada #include <platform_oid.h> 16bb41eb7aSMasahiro Yamada #endif 17bb41eb7aSMasahiro Yamada 1855e291a4SJuan Castillo #include "ext.h" 1955e291a4SJuan Castillo #include "tbbr/tbb_ext.h" 2055e291a4SJuan Castillo #include "tbbr/tbb_key.h" 2155e291a4SJuan Castillo 2255e291a4SJuan Castillo static ext_t tbb_ext[] = { 23516beb58SJuan Castillo [TRUSTED_FW_NVCOUNTER_EXT] = { 24516beb58SJuan Castillo .oid = TRUSTED_FW_NVCOUNTER_OID, 2596103d5aSJuan Castillo .opt = "tfw-nvctr", 2696103d5aSJuan Castillo .help_msg = "Trusted Firmware Non-Volatile counter value", 2755e291a4SJuan Castillo .sn = "TrustedWorldNVCounter", 2855e291a4SJuan Castillo .ln = "Trusted World Non-Volatile counter", 2955e291a4SJuan Castillo .asn1_type = V_ASN1_INTEGER, 3055e291a4SJuan Castillo .type = EXT_TYPE_NVCOUNTER, 3196103d5aSJuan Castillo .attr.nvctr_type = NVCTR_TYPE_TFW 3255e291a4SJuan Castillo }, 33516beb58SJuan Castillo [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 34516beb58SJuan Castillo .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 3596103d5aSJuan Castillo .opt = "ntfw-nvctr", 3696103d5aSJuan Castillo .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 3755e291a4SJuan Castillo .sn = "NormalWorldNVCounter", 3896103d5aSJuan Castillo .ln = "Non-Trusted Firmware Non-Volatile counter", 3955e291a4SJuan Castillo .asn1_type = V_ASN1_INTEGER, 4055e291a4SJuan Castillo .type = EXT_TYPE_NVCOUNTER, 4196103d5aSJuan Castillo .attr.nvctr_type = NVCTR_TYPE_NTFW 4255e291a4SJuan Castillo }, 43516beb58SJuan Castillo [TRUSTED_BOOT_FW_HASH_EXT] = { 44516beb58SJuan Castillo .oid = TRUSTED_BOOT_FW_HASH_OID, 45516beb58SJuan Castillo .opt = "tb-fw", 46159807e2SJuan Castillo .help_msg = "Trusted Boot Firmware image file", 4755e291a4SJuan Castillo .sn = "TrustedBootFirmwareHash", 48516beb58SJuan Castillo .ln = "Trusted Boot Firmware hash (SHA256)", 4955e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 5055e291a4SJuan Castillo .type = EXT_TYPE_HASH 5155e291a4SJuan Castillo }, 52e24659dfSSoby Mathew [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { 53e24659dfSSoby Mathew .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, 54e24659dfSSoby Mathew .opt = "tb-fw-config", 55e24659dfSSoby Mathew .help_msg = "Trusted Boot Firmware Config file", 56e24659dfSSoby Mathew .sn = "TrustedBootFirmwareConfigHash", 57e24659dfSSoby Mathew .ln = "Trusted Boot Firmware Config hash", 58e24659dfSSoby Mathew .asn1_type = V_ASN1_OCTET_STRING, 59e24659dfSSoby Mathew .type = EXT_TYPE_HASH, 60e24659dfSSoby Mathew .optional = 1 61e24659dfSSoby Mathew }, 62e24659dfSSoby Mathew [HW_CONFIG_HASH_EXT] = { 63e24659dfSSoby Mathew .oid = HW_CONFIG_HASH_OID, 64e24659dfSSoby Mathew .opt = "hw-config", 65e24659dfSSoby Mathew .help_msg = "HW Config file", 66e24659dfSSoby Mathew .sn = "HWConfigHash", 67e24659dfSSoby Mathew .ln = "HW Config hash", 68e24659dfSSoby Mathew .asn1_type = V_ASN1_OCTET_STRING, 69e24659dfSSoby Mathew .type = EXT_TYPE_HASH, 70e24659dfSSoby Mathew .optional = 1 71e24659dfSSoby Mathew }, 72516beb58SJuan Castillo [TRUSTED_WORLD_PK_EXT] = { 73516beb58SJuan Castillo .oid = TRUSTED_WORLD_PK_OID, 7455e291a4SJuan Castillo .sn = "TrustedWorldPublicKey", 7555e291a4SJuan Castillo .ln = "Trusted World Public Key", 7655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 7755e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 7896103d5aSJuan Castillo .attr.key = TRUSTED_WORLD_KEY 7955e291a4SJuan Castillo }, 80516beb58SJuan Castillo [NON_TRUSTED_WORLD_PK_EXT] = { 81516beb58SJuan Castillo .oid = NON_TRUSTED_WORLD_PK_OID, 8255e291a4SJuan Castillo .sn = "NonTrustedWorldPublicKey", 8355e291a4SJuan Castillo .ln = "Non-Trusted World Public Key", 8455e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 8555e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 8696103d5aSJuan Castillo .attr.key = NON_TRUSTED_WORLD_KEY 8755e291a4SJuan Castillo }, 88516beb58SJuan Castillo [SCP_FW_CONTENT_CERT_PK_EXT] = { 89516beb58SJuan Castillo .oid = SCP_FW_CONTENT_CERT_PK_OID, 9055e291a4SJuan Castillo .sn = "SCPFirmwareContentCertPK", 9155e291a4SJuan Castillo .ln = "SCP Firmware content certificate public key", 9255e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 9355e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 9496103d5aSJuan Castillo .attr.key = SCP_FW_CONTENT_CERT_KEY 9555e291a4SJuan Castillo }, 96516beb58SJuan Castillo [SCP_FW_HASH_EXT] = { 97516beb58SJuan Castillo .oid = SCP_FW_HASH_OID, 98516beb58SJuan Castillo .opt = "scp-fw", 99159807e2SJuan Castillo .help_msg = "SCP Firmware image file", 10055e291a4SJuan Castillo .sn = "SCPFirmwareHash", 101516beb58SJuan Castillo .ln = "SCP Firmware hash (SHA256)", 10255e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 10355e291a4SJuan Castillo .type = EXT_TYPE_HASH 10455e291a4SJuan Castillo }, 105516beb58SJuan Castillo [SOC_FW_CONTENT_CERT_PK_EXT] = { 106516beb58SJuan Castillo .oid = SOC_FW_CONTENT_CERT_PK_OID, 10755e291a4SJuan Castillo .sn = "SoCFirmwareContentCertPK", 10855e291a4SJuan Castillo .ln = "SoC Firmware content certificate public key", 10955e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 11055e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 11196103d5aSJuan Castillo .attr.key = SOC_FW_CONTENT_CERT_KEY 11255e291a4SJuan Castillo }, 113516beb58SJuan Castillo [SOC_AP_FW_HASH_EXT] = { 114516beb58SJuan Castillo .oid = SOC_AP_FW_HASH_OID, 115516beb58SJuan Castillo .opt = "soc-fw", 116159807e2SJuan Castillo .help_msg = "SoC AP Firmware image file", 11755e291a4SJuan Castillo .sn = "SoCAPFirmwareHash", 118516beb58SJuan Castillo .ln = "SoC AP Firmware hash (SHA256)", 11955e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 12055e291a4SJuan Castillo .type = EXT_TYPE_HASH 12155e291a4SJuan Castillo }, 12217bc617eSSoby Mathew [SOC_FW_CONFIG_HASH_EXT] = { 12317bc617eSSoby Mathew .oid = SOC_FW_CONFIG_HASH_OID, 12417bc617eSSoby Mathew .opt = "soc-fw-config", 12517bc617eSSoby Mathew .help_msg = "SoC Firmware Config file", 12617bc617eSSoby Mathew .sn = "SocFirmwareConfigHash", 12717bc617eSSoby Mathew .ln = "SoC Firmware Config hash", 12817bc617eSSoby Mathew .asn1_type = V_ASN1_OCTET_STRING, 12917bc617eSSoby Mathew .type = EXT_TYPE_HASH, 13017bc617eSSoby Mathew .optional = 1 13117bc617eSSoby Mathew }, 132516beb58SJuan Castillo [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { 133516beb58SJuan Castillo .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, 13455e291a4SJuan Castillo .sn = "TrustedOSFirmwareContentCertPK", 13555e291a4SJuan Castillo .ln = "Trusted OS Firmware content certificate public key", 13655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 13755e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 13896103d5aSJuan Castillo .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY 13955e291a4SJuan Castillo }, 140516beb58SJuan Castillo [TRUSTED_OS_FW_HASH_EXT] = { 141516beb58SJuan Castillo .oid = TRUSTED_OS_FW_HASH_OID, 142516beb58SJuan Castillo .opt = "tos-fw", 143159807e2SJuan Castillo .help_msg = "Trusted OS image file", 14455e291a4SJuan Castillo .sn = "TrustedOSHash", 145516beb58SJuan Castillo .ln = "Trusted OS hash (SHA256)", 14655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 14755e291a4SJuan Castillo .type = EXT_TYPE_HASH 14855e291a4SJuan Castillo }, 14971fb3964SSummer Qin [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = { 15071fb3964SSummer Qin .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID, 15171fb3964SSummer Qin .opt = "tos-fw-extra1", 15271fb3964SSummer Qin .help_msg = "Trusted OS Extra1 image file", 15371fb3964SSummer Qin .sn = "TrustedOSExtra1Hash", 15471fb3964SSummer Qin .ln = "Trusted OS Extra1 hash (SHA256)", 15571fb3964SSummer Qin .asn1_type = V_ASN1_OCTET_STRING, 15671fb3964SSummer Qin .type = EXT_TYPE_HASH, 15771fb3964SSummer Qin .optional = 1 15871fb3964SSummer Qin }, 15971fb3964SSummer Qin [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = { 16071fb3964SSummer Qin .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID, 16171fb3964SSummer Qin .opt = "tos-fw-extra2", 16271fb3964SSummer Qin .help_msg = "Trusted OS Extra2 image file", 16371fb3964SSummer Qin .sn = "TrustedOSExtra2Hash", 16471fb3964SSummer Qin .ln = "Trusted OS Extra2 hash (SHA256)", 16571fb3964SSummer Qin .asn1_type = V_ASN1_OCTET_STRING, 16671fb3964SSummer Qin .type = EXT_TYPE_HASH, 16771fb3964SSummer Qin .optional = 1 16871fb3964SSummer Qin }, 16917bc617eSSoby Mathew [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { 17017bc617eSSoby Mathew .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, 17117bc617eSSoby Mathew .opt = "tos-fw-config", 17217bc617eSSoby Mathew .help_msg = "Trusted OS Firmware Config file", 17317bc617eSSoby Mathew .sn = "TrustedOSFirmwareConfigHash", 17417bc617eSSoby Mathew .ln = "Trusted OS Firmware Config hash", 17517bc617eSSoby Mathew .asn1_type = V_ASN1_OCTET_STRING, 17617bc617eSSoby Mathew .type = EXT_TYPE_HASH, 17717bc617eSSoby Mathew .optional = 1 17817bc617eSSoby Mathew }, 179516beb58SJuan Castillo [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { 180516beb58SJuan Castillo .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, 18155e291a4SJuan Castillo .sn = "NonTrustedFirmwareContentCertPK", 18255e291a4SJuan Castillo .ln = "Non-Trusted Firmware content certificate public key", 18355e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 18455e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 18596103d5aSJuan Castillo .attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY 18655e291a4SJuan Castillo }, 187516beb58SJuan Castillo [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 188516beb58SJuan Castillo .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 189516beb58SJuan Castillo .opt = "nt-fw", 190159807e2SJuan Castillo .help_msg = "Non-Trusted World Bootloader image file", 19155e291a4SJuan Castillo .sn = "NonTrustedWorldBootloaderHash", 192516beb58SJuan Castillo .ln = "Non-Trusted World hash (SHA256)", 19355e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 19455e291a4SJuan Castillo .type = EXT_TYPE_HASH 195cebe1f23SYatharth Kochar }, 19617bc617eSSoby Mathew [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { 19717bc617eSSoby Mathew .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, 19817bc617eSSoby Mathew .opt = "nt-fw-config", 19917bc617eSSoby Mathew .help_msg = "Non Trusted OS Firmware Config file", 20017bc617eSSoby Mathew .sn = "NonTrustedOSFirmwareConfigHash", 20117bc617eSSoby Mathew .ln = "Non-Trusted OS Firmware Config hash", 20217bc617eSSoby Mathew .asn1_type = V_ASN1_OCTET_STRING, 20317bc617eSSoby Mathew .type = EXT_TYPE_HASH, 20417bc617eSSoby Mathew .optional = 1 20517bc617eSSoby Mathew }, 206*a8818bbfSManish Pandey [SP_PKG1_HASH_EXT] = { 207*a8818bbfSManish Pandey .oid = SP_PKG1_HASH_OID, 208*a8818bbfSManish Pandey .opt = "sp-pkg1", 209*a8818bbfSManish Pandey .help_msg = "Secure Partition Package1 file", 210*a8818bbfSManish Pandey .sn = "SPPkg1Hash", 211*a8818bbfSManish Pandey .ln = "SP Pkg1 hash (SHA256)", 212*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 213*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 214*a8818bbfSManish Pandey .optional = 1 215*a8818bbfSManish Pandey }, 216*a8818bbfSManish Pandey [SP_PKG2_HASH_EXT] = { 217*a8818bbfSManish Pandey .oid = SP_PKG2_HASH_OID, 218*a8818bbfSManish Pandey .opt = "sp-pkg2", 219*a8818bbfSManish Pandey .help_msg = "Secure Partition Package2 file", 220*a8818bbfSManish Pandey .sn = "SPPkg2Hash", 221*a8818bbfSManish Pandey .ln = "SP Pkg2 hash (SHA256)", 222*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 223*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 224*a8818bbfSManish Pandey .optional = 1 225*a8818bbfSManish Pandey }, 226*a8818bbfSManish Pandey [SP_PKG3_HASH_EXT] = { 227*a8818bbfSManish Pandey .oid = SP_PKG3_HASH_OID, 228*a8818bbfSManish Pandey .opt = "sp-pkg3", 229*a8818bbfSManish Pandey .help_msg = "Secure Partition Package3 file", 230*a8818bbfSManish Pandey .sn = "SPPkg3Hash", 231*a8818bbfSManish Pandey .ln = "SP Pkg3 hash (SHA256)", 232*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 233*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 234*a8818bbfSManish Pandey .optional = 1 235*a8818bbfSManish Pandey }, 236*a8818bbfSManish Pandey [SP_PKG4_HASH_EXT] = { 237*a8818bbfSManish Pandey .oid = SP_PKG4_HASH_OID, 238*a8818bbfSManish Pandey .opt = "sp-pkg4", 239*a8818bbfSManish Pandey .help_msg = "Secure Partition Package4 file", 240*a8818bbfSManish Pandey .sn = "SPPkg4Hash", 241*a8818bbfSManish Pandey .ln = "SP Pkg4 hash (SHA256)", 242*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 243*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 244*a8818bbfSManish Pandey .optional = 1 245*a8818bbfSManish Pandey }, 246*a8818bbfSManish Pandey [SP_PKG5_HASH_EXT] = { 247*a8818bbfSManish Pandey .oid = SP_PKG5_HASH_OID, 248*a8818bbfSManish Pandey .opt = "sp-pkg5", 249*a8818bbfSManish Pandey .help_msg = "Secure Partition Package5 file", 250*a8818bbfSManish Pandey .sn = "SPPkg5Hash", 251*a8818bbfSManish Pandey .ln = "SP Pkg5 hash (SHA256)", 252*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 253*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 254*a8818bbfSManish Pandey .optional = 1 255*a8818bbfSManish Pandey }, 256*a8818bbfSManish Pandey [SP_PKG6_HASH_EXT] = { 257*a8818bbfSManish Pandey .oid = SP_PKG6_HASH_OID, 258*a8818bbfSManish Pandey .opt = "sp-pkg6", 259*a8818bbfSManish Pandey .help_msg = "Secure Partition Package6 file", 260*a8818bbfSManish Pandey .sn = "SPPkg6Hash", 261*a8818bbfSManish Pandey .ln = "SP Pkg6 hash (SHA256)", 262*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 263*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 264*a8818bbfSManish Pandey .optional = 1 265*a8818bbfSManish Pandey }, 266*a8818bbfSManish Pandey [SP_PKG7_HASH_EXT] = { 267*a8818bbfSManish Pandey .oid = SP_PKG7_HASH_OID, 268*a8818bbfSManish Pandey .opt = "sp-pkg7", 269*a8818bbfSManish Pandey .help_msg = "Secure Partition Package7 file", 270*a8818bbfSManish Pandey .sn = "SPPkg7Hash", 271*a8818bbfSManish Pandey .ln = "SP Pkg7 hash (SHA256)", 272*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 273*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 274*a8818bbfSManish Pandey .optional = 1 275*a8818bbfSManish Pandey }, 276*a8818bbfSManish Pandey [SP_PKG8_HASH_EXT] = { 277*a8818bbfSManish Pandey .oid = SP_PKG8_HASH_OID, 278*a8818bbfSManish Pandey .opt = "sp-pkg8", 279*a8818bbfSManish Pandey .help_msg = "Secure Partition Package8 file", 280*a8818bbfSManish Pandey .sn = "SPPkg8Hash", 281*a8818bbfSManish Pandey .ln = "SP Pkg8 hash (SHA256)", 282*a8818bbfSManish Pandey .asn1_type = V_ASN1_OCTET_STRING, 283*a8818bbfSManish Pandey .type = EXT_TYPE_HASH, 284*a8818bbfSManish Pandey .optional = 1 285*a8818bbfSManish Pandey }, 286516beb58SJuan Castillo [SCP_FWU_CFG_HASH_EXT] = { 287516beb58SJuan Castillo .oid = SCP_FWU_CFG_HASH_OID, 288516beb58SJuan Castillo .opt = "scp-fwu-cfg", 289159807e2SJuan Castillo .help_msg = "SCP Firmware Update Config image file", 290cebe1f23SYatharth Kochar .sn = "SCPFWUpdateConfig", 291516beb58SJuan Castillo .ln = "SCP Firmware Update Config hash (SHA256)", 292cebe1f23SYatharth Kochar .asn1_type = V_ASN1_OCTET_STRING, 293cebe1f23SYatharth Kochar .type = EXT_TYPE_HASH, 294cebe1f23SYatharth Kochar .optional = 1 295cebe1f23SYatharth Kochar }, 296516beb58SJuan Castillo [AP_FWU_CFG_HASH_EXT] = { 297516beb58SJuan Castillo .oid = AP_FWU_CFG_HASH_OID, 298516beb58SJuan Castillo .opt = "ap-fwu-cfg", 299159807e2SJuan Castillo .help_msg = "AP Firmware Update Config image file", 300cebe1f23SYatharth Kochar .sn = "APFWUpdateConfig", 301516beb58SJuan Castillo .ln = "AP Firmware Update Config hash (SHA256)", 302cebe1f23SYatharth Kochar .asn1_type = V_ASN1_OCTET_STRING, 303cebe1f23SYatharth Kochar .type = EXT_TYPE_HASH, 304cebe1f23SYatharth Kochar .optional = 1 305cebe1f23SYatharth Kochar }, 306516beb58SJuan Castillo [FWU_HASH_EXT] = { 307516beb58SJuan Castillo .oid = FWU_HASH_OID, 308516beb58SJuan Castillo .opt = "fwu", 309159807e2SJuan Castillo .help_msg = "Firmware Updater image file", 310cebe1f23SYatharth Kochar .sn = "FWUpdaterHash", 311516beb58SJuan Castillo .ln = "Firmware Updater hash (SHA256)", 312cebe1f23SYatharth Kochar .asn1_type = V_ASN1_OCTET_STRING, 313cebe1f23SYatharth Kochar .type = EXT_TYPE_HASH, 314cebe1f23SYatharth Kochar .optional = 1 31555e291a4SJuan Castillo } 31655e291a4SJuan Castillo }; 31755e291a4SJuan Castillo 31855e291a4SJuan Castillo REGISTER_EXTENSIONS(tbb_ext); 319