xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_ext.c (revision 3105f7ba9a3a9f6f0e78761e8bdd4da621254730) 
1 /*
2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <stdio.h>
32 #include <string.h>
33 #include <openssl/err.h>
34 #include <openssl/x509v3.h>
35 #include "ext.h"
36 #include "platform_oid.h"
37 #include "tbbr/tbb_ext.h"
38 #include "tbbr/tbb_key.h"
39 
40 /* TODO: get these values from the command line */
41 #define TRUSTED_WORLD_NVCTR_VALUE	0
42 #define NORMAL_WORLD_NVCTR_VALUE	0
43 
44 static ext_t tbb_ext[] = {
45 	[TRUSTED_FW_NVCOUNTER_EXT] = {
46 		.oid = TRUSTED_FW_NVCOUNTER_OID,
47 		.sn = "TrustedWorldNVCounter",
48 		.ln = "Trusted World Non-Volatile counter",
49 		.asn1_type = V_ASN1_INTEGER,
50 		.type = EXT_TYPE_NVCOUNTER,
51 		.data.nvcounter = TRUSTED_WORLD_NVCTR_VALUE
52 	},
53 	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
54 		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
55 		.sn = "NormalWorldNVCounter",
56 		.ln = "Normal World Non-Volatile counter",
57 		.asn1_type = V_ASN1_INTEGER,
58 		.type = EXT_TYPE_NVCOUNTER,
59 		.data.nvcounter = NORMAL_WORLD_NVCTR_VALUE
60 	},
61 	[TRUSTED_BOOT_FW_HASH_EXT] = {
62 		.oid = TRUSTED_BOOT_FW_HASH_OID,
63 		.opt = "tb-fw",
64 		.help_msg = "Trusted Boot Firmware image file",
65 		.sn = "TrustedBootFirmwareHash",
66 		.ln = "Trusted Boot Firmware hash (SHA256)",
67 		.asn1_type = V_ASN1_OCTET_STRING,
68 		.type = EXT_TYPE_HASH
69 	},
70 	[TRUSTED_WORLD_PK_EXT] = {
71 		.oid = TRUSTED_WORLD_PK_OID,
72 		.sn = "TrustedWorldPublicKey",
73 		.ln = "Trusted World Public Key",
74 		.asn1_type = V_ASN1_OCTET_STRING,
75 		.type = EXT_TYPE_PKEY,
76 		.data.key = TRUSTED_WORLD_KEY
77 	},
78 	[NON_TRUSTED_WORLD_PK_EXT] = {
79 		.oid = NON_TRUSTED_WORLD_PK_OID,
80 		.sn = "NonTrustedWorldPublicKey",
81 		.ln = "Non-Trusted World Public Key",
82 		.asn1_type = V_ASN1_OCTET_STRING,
83 		.type = EXT_TYPE_PKEY,
84 		.data.key = NON_TRUSTED_WORLD_KEY
85 	},
86 	[SCP_FW_CONTENT_CERT_PK_EXT] = {
87 		.oid = SCP_FW_CONTENT_CERT_PK_OID,
88 		.sn = "SCPFirmwareContentCertPK",
89 		.ln = "SCP Firmware content certificate public key",
90 		.asn1_type = V_ASN1_OCTET_STRING,
91 		.type = EXT_TYPE_PKEY,
92 		.data.key = SCP_FW_CONTENT_CERT_KEY
93 	},
94 	[SCP_FW_HASH_EXT] = {
95 		.oid = SCP_FW_HASH_OID,
96 		.opt = "scp-fw",
97 		.help_msg = "SCP Firmware image file",
98 		.sn = "SCPFirmwareHash",
99 		.ln = "SCP Firmware hash (SHA256)",
100 		.asn1_type = V_ASN1_OCTET_STRING,
101 		.type = EXT_TYPE_HASH
102 	},
103 	[SOC_FW_CONTENT_CERT_PK_EXT] = {
104 		.oid = SOC_FW_CONTENT_CERT_PK_OID,
105 		.sn = "SoCFirmwareContentCertPK",
106 		.ln = "SoC Firmware content certificate public key",
107 		.asn1_type = V_ASN1_OCTET_STRING,
108 		.type = EXT_TYPE_PKEY,
109 		.data.key = SOC_FW_CONTENT_CERT_KEY
110 	},
111 	[SOC_AP_FW_HASH_EXT] = {
112 		.oid = SOC_AP_FW_HASH_OID,
113 		.opt = "soc-fw",
114 		.help_msg = "SoC AP Firmware image file",
115 		.sn = "SoCAPFirmwareHash",
116 		.ln = "SoC AP Firmware hash (SHA256)",
117 		.asn1_type = V_ASN1_OCTET_STRING,
118 		.type = EXT_TYPE_HASH
119 	},
120 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
121 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
122 		.sn = "TrustedOSFirmwareContentCertPK",
123 		.ln = "Trusted OS Firmware content certificate public key",
124 		.asn1_type = V_ASN1_OCTET_STRING,
125 		.type = EXT_TYPE_PKEY,
126 		.data.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
127 	},
128 	[TRUSTED_OS_FW_HASH_EXT] = {
129 		.oid = TRUSTED_OS_FW_HASH_OID,
130 		.opt = "tos-fw",
131 		.help_msg = "Trusted OS image file",
132 		.sn = "TrustedOSHash",
133 		.ln = "Trusted OS hash (SHA256)",
134 		.asn1_type = V_ASN1_OCTET_STRING,
135 		.type = EXT_TYPE_HASH
136 	},
137 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
138 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
139 		.sn = "NonTrustedFirmwareContentCertPK",
140 		.ln = "Non-Trusted Firmware content certificate public key",
141 		.asn1_type = V_ASN1_OCTET_STRING,
142 		.type = EXT_TYPE_PKEY,
143 		.data.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
144 	},
145 	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
146 		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
147 		.opt = "nt-fw",
148 		.help_msg = "Non-Trusted World Bootloader image file",
149 		.sn = "NonTrustedWorldBootloaderHash",
150 		.ln = "Non-Trusted World hash (SHA256)",
151 		.asn1_type = V_ASN1_OCTET_STRING,
152 		.type = EXT_TYPE_HASH
153 	},
154 	[SCP_FWU_CFG_HASH_EXT] = {
155 		.oid = SCP_FWU_CFG_HASH_OID,
156 		.opt = "scp-fwu-cfg",
157 		.help_msg = "SCP Firmware Update Config image file",
158 		.sn = "SCPFWUpdateConfig",
159 		.ln = "SCP Firmware Update Config hash (SHA256)",
160 		.asn1_type = V_ASN1_OCTET_STRING,
161 		.type = EXT_TYPE_HASH,
162 		.optional = 1
163 	},
164 	[AP_FWU_CFG_HASH_EXT] = {
165 		.oid = AP_FWU_CFG_HASH_OID,
166 		.opt = "ap-fwu-cfg",
167 		.help_msg = "AP Firmware Update Config image file",
168 		.sn = "APFWUpdateConfig",
169 		.ln = "AP Firmware Update Config hash (SHA256)",
170 		.asn1_type = V_ASN1_OCTET_STRING,
171 		.type = EXT_TYPE_HASH,
172 		.optional = 1
173 	},
174 	[FWU_HASH_EXT] = {
175 		.oid = FWU_HASH_OID,
176 		.opt = "fwu",
177 		.help_msg = "Firmware Updater image file",
178 		.sn = "FWUpdaterHash",
179 		.ln = "Firmware Updater hash (SHA256)",
180 		.asn1_type = V_ASN1_OCTET_STRING,
181 		.type = EXT_TYPE_HASH,
182 		.optional = 1
183 	}
184 };
185 
186 REGISTER_EXTENSIONS(tbb_ext);
187