xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_ext.c (revision e24659df354c31626f78f4d46d453e14959a9953) 
155e291a4SJuan Castillo /*
2*e24659dfSSoby Mathew  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
355e291a4SJuan Castillo  *
482cb2c1aSdp-arm  * SPDX-License-Identifier: BSD-3-Clause
555e291a4SJuan Castillo  */
655e291a4SJuan Castillo 
755e291a4SJuan Castillo #include <stdio.h>
855e291a4SJuan Castillo #include <string.h>
955e291a4SJuan Castillo #include <openssl/err.h>
1055e291a4SJuan Castillo #include <openssl/x509v3.h>
11bb41eb7aSMasahiro Yamada 
12bb41eb7aSMasahiro Yamada #if USE_TBBR_DEFS
13bb41eb7aSMasahiro Yamada #include <tbbr_oid.h>
14bb41eb7aSMasahiro Yamada #else
15bb41eb7aSMasahiro Yamada #include <platform_oid.h>
16bb41eb7aSMasahiro Yamada #endif
17bb41eb7aSMasahiro Yamada 
1855e291a4SJuan Castillo #include "ext.h"
1955e291a4SJuan Castillo #include "tbbr/tbb_ext.h"
2055e291a4SJuan Castillo #include "tbbr/tbb_key.h"
2155e291a4SJuan Castillo 
2255e291a4SJuan Castillo /* TODO: get these values from the command line */
2355e291a4SJuan Castillo #define TRUSTED_WORLD_NVCTR_VALUE	0
2455e291a4SJuan Castillo #define NORMAL_WORLD_NVCTR_VALUE	0
2555e291a4SJuan Castillo 
2655e291a4SJuan Castillo static ext_t tbb_ext[] = {
27516beb58SJuan Castillo 	[TRUSTED_FW_NVCOUNTER_EXT] = {
28516beb58SJuan Castillo 		.oid = TRUSTED_FW_NVCOUNTER_OID,
2996103d5aSJuan Castillo 		.opt = "tfw-nvctr",
3096103d5aSJuan Castillo 		.help_msg = "Trusted Firmware Non-Volatile counter value",
3155e291a4SJuan Castillo 		.sn = "TrustedWorldNVCounter",
3255e291a4SJuan Castillo 		.ln = "Trusted World Non-Volatile counter",
3355e291a4SJuan Castillo 		.asn1_type = V_ASN1_INTEGER,
3455e291a4SJuan Castillo 		.type = EXT_TYPE_NVCOUNTER,
3596103d5aSJuan Castillo 		.attr.nvctr_type = NVCTR_TYPE_TFW
3655e291a4SJuan Castillo 	},
37516beb58SJuan Castillo 	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
38516beb58SJuan Castillo 		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
3996103d5aSJuan Castillo 		.opt = "ntfw-nvctr",
4096103d5aSJuan Castillo 		.help_msg = "Non-Trusted Firmware Non-Volatile counter value",
4155e291a4SJuan Castillo 		.sn = "NormalWorldNVCounter",
4296103d5aSJuan Castillo 		.ln = "Non-Trusted Firmware Non-Volatile counter",
4355e291a4SJuan Castillo 		.asn1_type = V_ASN1_INTEGER,
4455e291a4SJuan Castillo 		.type = EXT_TYPE_NVCOUNTER,
4596103d5aSJuan Castillo 		.attr.nvctr_type = NVCTR_TYPE_NTFW
4655e291a4SJuan Castillo 	},
47516beb58SJuan Castillo 	[TRUSTED_BOOT_FW_HASH_EXT] = {
48516beb58SJuan Castillo 		.oid = TRUSTED_BOOT_FW_HASH_OID,
49516beb58SJuan Castillo 		.opt = "tb-fw",
50159807e2SJuan Castillo 		.help_msg = "Trusted Boot Firmware image file",
5155e291a4SJuan Castillo 		.sn = "TrustedBootFirmwareHash",
52516beb58SJuan Castillo 		.ln = "Trusted Boot Firmware hash (SHA256)",
5355e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
5455e291a4SJuan Castillo 		.type = EXT_TYPE_HASH
5555e291a4SJuan Castillo 	},
56*e24659dfSSoby Mathew 	[TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
57*e24659dfSSoby Mathew 		.oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
58*e24659dfSSoby Mathew 		.opt = "tb-fw-config",
59*e24659dfSSoby Mathew 		.help_msg = "Trusted Boot Firmware Config file",
60*e24659dfSSoby Mathew 		.sn = "TrustedBootFirmwareConfigHash",
61*e24659dfSSoby Mathew 		.ln = "Trusted Boot Firmware Config hash",
62*e24659dfSSoby Mathew 		.asn1_type = V_ASN1_OCTET_STRING,
63*e24659dfSSoby Mathew 		.type = EXT_TYPE_HASH,
64*e24659dfSSoby Mathew 		.optional = 1
65*e24659dfSSoby Mathew 	},
66*e24659dfSSoby Mathew 	[HW_CONFIG_HASH_EXT] = {
67*e24659dfSSoby Mathew 		.oid = HW_CONFIG_HASH_OID,
68*e24659dfSSoby Mathew 		.opt = "hw-config",
69*e24659dfSSoby Mathew 		.help_msg = "HW Config file",
70*e24659dfSSoby Mathew 		.sn = "HWConfigHash",
71*e24659dfSSoby Mathew 		.ln = "HW Config hash",
72*e24659dfSSoby Mathew 		.asn1_type = V_ASN1_OCTET_STRING,
73*e24659dfSSoby Mathew 		.type = EXT_TYPE_HASH,
74*e24659dfSSoby Mathew 		.optional = 1
75*e24659dfSSoby Mathew 	},
76516beb58SJuan Castillo 	[TRUSTED_WORLD_PK_EXT] = {
77516beb58SJuan Castillo 		.oid = TRUSTED_WORLD_PK_OID,
7855e291a4SJuan Castillo 		.sn = "TrustedWorldPublicKey",
7955e291a4SJuan Castillo 		.ln = "Trusted World Public Key",
8055e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
8155e291a4SJuan Castillo 		.type = EXT_TYPE_PKEY,
8296103d5aSJuan Castillo 		.attr.key = TRUSTED_WORLD_KEY
8355e291a4SJuan Castillo 	},
84516beb58SJuan Castillo 	[NON_TRUSTED_WORLD_PK_EXT] = {
85516beb58SJuan Castillo 		.oid = NON_TRUSTED_WORLD_PK_OID,
8655e291a4SJuan Castillo 		.sn = "NonTrustedWorldPublicKey",
8755e291a4SJuan Castillo 		.ln = "Non-Trusted World Public Key",
8855e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
8955e291a4SJuan Castillo 		.type = EXT_TYPE_PKEY,
9096103d5aSJuan Castillo 		.attr.key = NON_TRUSTED_WORLD_KEY
9155e291a4SJuan Castillo 	},
92516beb58SJuan Castillo 	[SCP_FW_CONTENT_CERT_PK_EXT] = {
93516beb58SJuan Castillo 		.oid = SCP_FW_CONTENT_CERT_PK_OID,
9455e291a4SJuan Castillo 		.sn = "SCPFirmwareContentCertPK",
9555e291a4SJuan Castillo 		.ln = "SCP Firmware content certificate public key",
9655e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
9755e291a4SJuan Castillo 		.type = EXT_TYPE_PKEY,
9896103d5aSJuan Castillo 		.attr.key = SCP_FW_CONTENT_CERT_KEY
9955e291a4SJuan Castillo 	},
100516beb58SJuan Castillo 	[SCP_FW_HASH_EXT] = {
101516beb58SJuan Castillo 		.oid = SCP_FW_HASH_OID,
102516beb58SJuan Castillo 		.opt = "scp-fw",
103159807e2SJuan Castillo 		.help_msg = "SCP Firmware image file",
10455e291a4SJuan Castillo 		.sn = "SCPFirmwareHash",
105516beb58SJuan Castillo 		.ln = "SCP Firmware hash (SHA256)",
10655e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
10755e291a4SJuan Castillo 		.type = EXT_TYPE_HASH
10855e291a4SJuan Castillo 	},
109516beb58SJuan Castillo 	[SOC_FW_CONTENT_CERT_PK_EXT] = {
110516beb58SJuan Castillo 		.oid = SOC_FW_CONTENT_CERT_PK_OID,
11155e291a4SJuan Castillo 		.sn = "SoCFirmwareContentCertPK",
11255e291a4SJuan Castillo 		.ln = "SoC Firmware content certificate public key",
11355e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
11455e291a4SJuan Castillo 		.type = EXT_TYPE_PKEY,
11596103d5aSJuan Castillo 		.attr.key = SOC_FW_CONTENT_CERT_KEY
11655e291a4SJuan Castillo 	},
117516beb58SJuan Castillo 	[SOC_AP_FW_HASH_EXT] = {
118516beb58SJuan Castillo 		.oid = SOC_AP_FW_HASH_OID,
119516beb58SJuan Castillo 		.opt = "soc-fw",
120159807e2SJuan Castillo 		.help_msg = "SoC AP Firmware image file",
12155e291a4SJuan Castillo 		.sn = "SoCAPFirmwareHash",
122516beb58SJuan Castillo 		.ln = "SoC AP Firmware hash (SHA256)",
12355e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
12455e291a4SJuan Castillo 		.type = EXT_TYPE_HASH
12555e291a4SJuan Castillo 	},
126516beb58SJuan Castillo 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
127516beb58SJuan Castillo 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
12855e291a4SJuan Castillo 		.sn = "TrustedOSFirmwareContentCertPK",
12955e291a4SJuan Castillo 		.ln = "Trusted OS Firmware content certificate public key",
13055e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
13155e291a4SJuan Castillo 		.type = EXT_TYPE_PKEY,
13296103d5aSJuan Castillo 		.attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
13355e291a4SJuan Castillo 	},
134516beb58SJuan Castillo 	[TRUSTED_OS_FW_HASH_EXT] = {
135516beb58SJuan Castillo 		.oid = TRUSTED_OS_FW_HASH_OID,
136516beb58SJuan Castillo 		.opt = "tos-fw",
137159807e2SJuan Castillo 		.help_msg = "Trusted OS image file",
13855e291a4SJuan Castillo 		.sn = "TrustedOSHash",
139516beb58SJuan Castillo 		.ln = "Trusted OS hash (SHA256)",
14055e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
14155e291a4SJuan Castillo 		.type = EXT_TYPE_HASH
14255e291a4SJuan Castillo 	},
14371fb3964SSummer Qin 	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
14471fb3964SSummer Qin 		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
14571fb3964SSummer Qin 		.opt = "tos-fw-extra1",
14671fb3964SSummer Qin 		.help_msg = "Trusted OS Extra1 image file",
14771fb3964SSummer Qin 		.sn = "TrustedOSExtra1Hash",
14871fb3964SSummer Qin 		.ln = "Trusted OS Extra1 hash (SHA256)",
14971fb3964SSummer Qin 		.asn1_type = V_ASN1_OCTET_STRING,
15071fb3964SSummer Qin 		.type = EXT_TYPE_HASH,
15171fb3964SSummer Qin 		.optional = 1
15271fb3964SSummer Qin 	},
15371fb3964SSummer Qin 	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
15471fb3964SSummer Qin 		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
15571fb3964SSummer Qin 		.opt = "tos-fw-extra2",
15671fb3964SSummer Qin 		.help_msg = "Trusted OS Extra2 image file",
15771fb3964SSummer Qin 		.sn = "TrustedOSExtra2Hash",
15871fb3964SSummer Qin 		.ln = "Trusted OS Extra2 hash (SHA256)",
15971fb3964SSummer Qin 		.asn1_type = V_ASN1_OCTET_STRING,
16071fb3964SSummer Qin 		.type = EXT_TYPE_HASH,
16171fb3964SSummer Qin 		.optional = 1
16271fb3964SSummer Qin 	},
163516beb58SJuan Castillo 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
164516beb58SJuan Castillo 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
16555e291a4SJuan Castillo 		.sn = "NonTrustedFirmwareContentCertPK",
16655e291a4SJuan Castillo 		.ln = "Non-Trusted Firmware content certificate public key",
16755e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
16855e291a4SJuan Castillo 		.type = EXT_TYPE_PKEY,
16996103d5aSJuan Castillo 		.attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
17055e291a4SJuan Castillo 	},
171516beb58SJuan Castillo 	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
172516beb58SJuan Castillo 		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
173516beb58SJuan Castillo 		.opt = "nt-fw",
174159807e2SJuan Castillo 		.help_msg = "Non-Trusted World Bootloader image file",
17555e291a4SJuan Castillo 		.sn = "NonTrustedWorldBootloaderHash",
176516beb58SJuan Castillo 		.ln = "Non-Trusted World hash (SHA256)",
17755e291a4SJuan Castillo 		.asn1_type = V_ASN1_OCTET_STRING,
17855e291a4SJuan Castillo 		.type = EXT_TYPE_HASH
179cebe1f23SYatharth Kochar 	},
180516beb58SJuan Castillo 	[SCP_FWU_CFG_HASH_EXT] = {
181516beb58SJuan Castillo 		.oid = SCP_FWU_CFG_HASH_OID,
182516beb58SJuan Castillo 		.opt = "scp-fwu-cfg",
183159807e2SJuan Castillo 		.help_msg = "SCP Firmware Update Config image file",
184cebe1f23SYatharth Kochar 		.sn = "SCPFWUpdateConfig",
185516beb58SJuan Castillo 		.ln = "SCP Firmware Update Config hash (SHA256)",
186cebe1f23SYatharth Kochar 		.asn1_type = V_ASN1_OCTET_STRING,
187cebe1f23SYatharth Kochar 		.type = EXT_TYPE_HASH,
188cebe1f23SYatharth Kochar 		.optional = 1
189cebe1f23SYatharth Kochar 	},
190516beb58SJuan Castillo 	[AP_FWU_CFG_HASH_EXT] = {
191516beb58SJuan Castillo 		.oid = AP_FWU_CFG_HASH_OID,
192516beb58SJuan Castillo 		.opt = "ap-fwu-cfg",
193159807e2SJuan Castillo 		.help_msg = "AP Firmware Update Config image file",
194cebe1f23SYatharth Kochar 		.sn = "APFWUpdateConfig",
195516beb58SJuan Castillo 		.ln = "AP Firmware Update Config hash (SHA256)",
196cebe1f23SYatharth Kochar 		.asn1_type = V_ASN1_OCTET_STRING,
197cebe1f23SYatharth Kochar 		.type = EXT_TYPE_HASH,
198cebe1f23SYatharth Kochar 		.optional = 1
199cebe1f23SYatharth Kochar 	},
200516beb58SJuan Castillo 	[FWU_HASH_EXT] = {
201516beb58SJuan Castillo 		.oid = FWU_HASH_OID,
202516beb58SJuan Castillo 		.opt = "fwu",
203159807e2SJuan Castillo 		.help_msg = "Firmware Updater image file",
204cebe1f23SYatharth Kochar 		.sn = "FWUpdaterHash",
205516beb58SJuan Castillo 		.ln = "Firmware Updater hash (SHA256)",
206cebe1f23SYatharth Kochar 		.asn1_type = V_ASN1_OCTET_STRING,
207cebe1f23SYatharth Kochar 		.type = EXT_TYPE_HASH,
208cebe1f23SYatharth Kochar 		.optional = 1
20955e291a4SJuan Castillo 	}
21055e291a4SJuan Castillo };
21155e291a4SJuan Castillo 
21255e291a4SJuan Castillo REGISTER_EXTENSIONS(tbb_ext);
213