155e291a4SJuan Castillo /* 255e291a4SJuan Castillo * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 355e291a4SJuan Castillo * 455e291a4SJuan Castillo * Redistribution and use in source and binary forms, with or without 555e291a4SJuan Castillo * modification, are permitted provided that the following conditions are met: 655e291a4SJuan Castillo * 755e291a4SJuan Castillo * Redistributions of source code must retain the above copyright notice, this 855e291a4SJuan Castillo * list of conditions and the following disclaimer. 955e291a4SJuan Castillo * 1055e291a4SJuan Castillo * Redistributions in binary form must reproduce the above copyright notice, 1155e291a4SJuan Castillo * this list of conditions and the following disclaimer in the documentation 1255e291a4SJuan Castillo * and/or other materials provided with the distribution. 1355e291a4SJuan Castillo * 1455e291a4SJuan Castillo * Neither the name of ARM nor the names of its contributors may be used 1555e291a4SJuan Castillo * to endorse or promote products derived from this software without specific 1655e291a4SJuan Castillo * prior written permission. 1755e291a4SJuan Castillo * 1855e291a4SJuan Castillo * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 1955e291a4SJuan Castillo * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2055e291a4SJuan Castillo * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2155e291a4SJuan Castillo * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 2255e291a4SJuan Castillo * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2355e291a4SJuan Castillo * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2455e291a4SJuan Castillo * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2555e291a4SJuan Castillo * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2655e291a4SJuan Castillo * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2755e291a4SJuan Castillo * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2855e291a4SJuan Castillo * POSSIBILITY OF SUCH DAMAGE. 2955e291a4SJuan Castillo */ 3055e291a4SJuan Castillo 3155e291a4SJuan Castillo #include <stdio.h> 3255e291a4SJuan Castillo #include <string.h> 3355e291a4SJuan Castillo #include <openssl/err.h> 3455e291a4SJuan Castillo #include <openssl/x509v3.h> 3555e291a4SJuan Castillo #include "ext.h" 3655e291a4SJuan Castillo #include "platform_oid.h" 3755e291a4SJuan Castillo #include "tbbr/tbb_ext.h" 3855e291a4SJuan Castillo #include "tbbr/tbb_key.h" 3955e291a4SJuan Castillo 4055e291a4SJuan Castillo /* TODO: get these values from the command line */ 4155e291a4SJuan Castillo #define TRUSTED_WORLD_NVCTR_VALUE 0 4255e291a4SJuan Castillo #define NORMAL_WORLD_NVCTR_VALUE 0 4355e291a4SJuan Castillo 4455e291a4SJuan Castillo static ext_t tbb_ext[] = { 4555e291a4SJuan Castillo [TZ_FW_NVCOUNTER_EXT] = { 4655e291a4SJuan Castillo .oid = TZ_FW_NVCOUNTER_OID, 4755e291a4SJuan Castillo .sn = "TrustedWorldNVCounter", 4855e291a4SJuan Castillo .ln = "Trusted World Non-Volatile counter", 4955e291a4SJuan Castillo .asn1_type = V_ASN1_INTEGER, 5055e291a4SJuan Castillo .type = EXT_TYPE_NVCOUNTER, 5155e291a4SJuan Castillo .data.nvcounter = TRUSTED_WORLD_NVCTR_VALUE 5255e291a4SJuan Castillo }, 5355e291a4SJuan Castillo [NTZ_FW_NVCOUNTER_EXT] = { 5455e291a4SJuan Castillo .oid = NTZ_FW_NVCOUNTER_OID, 5555e291a4SJuan Castillo .sn = "NormalWorldNVCounter", 5655e291a4SJuan Castillo .ln = "Normal World Non-Volatile counter", 5755e291a4SJuan Castillo .asn1_type = V_ASN1_INTEGER, 5855e291a4SJuan Castillo .type = EXT_TYPE_NVCOUNTER, 5955e291a4SJuan Castillo .data.nvcounter = NORMAL_WORLD_NVCTR_VALUE 6055e291a4SJuan Castillo }, 6155e291a4SJuan Castillo [BL2_HASH_EXT] = { 6255e291a4SJuan Castillo .oid = BL2_HASH_OID, 63*ad2c1a9aSJuan Castillo .opt = "bl2", 6455e291a4SJuan Castillo .sn = "TrustedBootFirmwareHash", 6555e291a4SJuan Castillo .ln = "Trusted Boot Firmware (BL2) hash (SHA256)", 6655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 6755e291a4SJuan Castillo .type = EXT_TYPE_HASH 6855e291a4SJuan Castillo }, 6955e291a4SJuan Castillo [TZ_WORLD_PK_EXT] = { 7055e291a4SJuan Castillo .oid = TZ_WORLD_PK_OID, 7155e291a4SJuan Castillo .sn = "TrustedWorldPublicKey", 7255e291a4SJuan Castillo .ln = "Trusted World Public Key", 7355e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 7455e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 7555e291a4SJuan Castillo .data.key = TRUSTED_WORLD_KEY 7655e291a4SJuan Castillo }, 7755e291a4SJuan Castillo [NTZ_WORLD_PK_EXT] = { 7855e291a4SJuan Castillo .oid = NTZ_WORLD_PK_OID, 7955e291a4SJuan Castillo .sn = "NonTrustedWorldPublicKey", 8055e291a4SJuan Castillo .ln = "Non-Trusted World Public Key", 8155e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 8255e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 8355e291a4SJuan Castillo .data.key = NON_TRUSTED_WORLD_KEY 8455e291a4SJuan Castillo }, 8555e291a4SJuan Castillo [BL30_CONTENT_CERT_PK_EXT] = { 8655e291a4SJuan Castillo .oid = BL30_CONTENT_CERT_PK_OID, 8755e291a4SJuan Castillo .sn = "SCPFirmwareContentCertPK", 8855e291a4SJuan Castillo .ln = "SCP Firmware content certificate public key", 8955e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 9055e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 9155e291a4SJuan Castillo .data.key = BL30_KEY 9255e291a4SJuan Castillo }, 9355e291a4SJuan Castillo [BL30_HASH_EXT] = { 9455e291a4SJuan Castillo .oid = BL30_HASH_OID, 95*ad2c1a9aSJuan Castillo .opt = "bl30", 9655e291a4SJuan Castillo .sn = "SCPFirmwareHash", 9755e291a4SJuan Castillo .ln = "SCP Firmware (BL30) hash (SHA256)", 9855e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 9955e291a4SJuan Castillo .type = EXT_TYPE_HASH 10055e291a4SJuan Castillo }, 10155e291a4SJuan Castillo [BL31_CONTENT_CERT_PK_EXT] = { 10255e291a4SJuan Castillo .oid = BL31_CONTENT_CERT_PK_OID, 10355e291a4SJuan Castillo .sn = "SoCFirmwareContentCertPK", 10455e291a4SJuan Castillo .ln = "SoC Firmware content certificate public key", 10555e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 10655e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 10755e291a4SJuan Castillo .data.key = BL31_KEY 10855e291a4SJuan Castillo }, 10955e291a4SJuan Castillo [BL31_HASH_EXT] = { 11055e291a4SJuan Castillo .oid = BL31_HASH_OID, 111*ad2c1a9aSJuan Castillo .opt = "bl31", 11255e291a4SJuan Castillo .sn = "SoCAPFirmwareHash", 11355e291a4SJuan Castillo .ln = "SoC AP Firmware (BL31) hash (SHA256)", 11455e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 11555e291a4SJuan Castillo .type = EXT_TYPE_HASH 11655e291a4SJuan Castillo }, 11755e291a4SJuan Castillo [BL32_CONTENT_CERT_PK_EXT] = { 11855e291a4SJuan Castillo .oid = BL32_CONTENT_CERT_PK_OID, 11955e291a4SJuan Castillo .sn = "TrustedOSFirmwareContentCertPK", 12055e291a4SJuan Castillo .ln = "Trusted OS Firmware content certificate public key", 12155e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 12255e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 12355e291a4SJuan Castillo .data.key = BL32_KEY 12455e291a4SJuan Castillo }, 12555e291a4SJuan Castillo [BL32_HASH_EXT] = { 12655e291a4SJuan Castillo .oid = BL32_HASH_OID, 127*ad2c1a9aSJuan Castillo .opt = "bl32", 12855e291a4SJuan Castillo .sn = "TrustedOSHash", 12955e291a4SJuan Castillo .ln = "Trusted OS (BL32) hash (SHA256)", 13055e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 13155e291a4SJuan Castillo .type = EXT_TYPE_HASH 13255e291a4SJuan Castillo }, 13355e291a4SJuan Castillo [BL33_CONTENT_CERT_PK_EXT] = { 13455e291a4SJuan Castillo .oid = BL33_CONTENT_CERT_PK_OID, 13555e291a4SJuan Castillo .sn = "NonTrustedFirmwareContentCertPK", 13655e291a4SJuan Castillo .ln = "Non-Trusted Firmware content certificate public key", 13755e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 13855e291a4SJuan Castillo .type = EXT_TYPE_PKEY, 13955e291a4SJuan Castillo .data.key = BL33_KEY 14055e291a4SJuan Castillo }, 14155e291a4SJuan Castillo [BL33_HASH_EXT] = { 14255e291a4SJuan Castillo .oid = BL33_HASH_OID, 143*ad2c1a9aSJuan Castillo .opt = "bl33", 14455e291a4SJuan Castillo .sn = "NonTrustedWorldBootloaderHash", 14555e291a4SJuan Castillo .ln = "Non-Trusted World (BL33) hash (SHA256)", 14655e291a4SJuan Castillo .asn1_type = V_ASN1_OCTET_STRING, 14755e291a4SJuan Castillo .type = EXT_TYPE_HASH 14855e291a4SJuan Castillo } 14955e291a4SJuan Castillo }; 15055e291a4SJuan Castillo 15155e291a4SJuan Castillo REGISTER_EXTENSIONS(tbb_ext); 152