xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_ext.c (revision 51faada71a219a8b94cd8d8e423f0f22e9da4d8f) 
1 /*
2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <stdio.h>
32 #include <string.h>
33 #include <openssl/err.h>
34 #include <openssl/x509v3.h>
35 #include "ext.h"
36 #include "platform_oid.h"
37 #include "tbbr/tbb_ext.h"
38 #include "tbbr/tbb_key.h"
39 
40 /* TODO: get these values from the command line */
41 #define TRUSTED_WORLD_NVCTR_VALUE	0
42 #define NORMAL_WORLD_NVCTR_VALUE	0
43 
44 static ext_t tbb_ext[] = {
45 	[TRUSTED_FW_NVCOUNTER_EXT] = {
46 		.oid = TRUSTED_FW_NVCOUNTER_OID,
47 		.opt = "tfw-nvctr",
48 		.help_msg = "Trusted Firmware Non-Volatile counter value",
49 		.sn = "TrustedWorldNVCounter",
50 		.ln = "Trusted World Non-Volatile counter",
51 		.asn1_type = V_ASN1_INTEGER,
52 		.type = EXT_TYPE_NVCOUNTER,
53 		.attr.nvctr_type = NVCTR_TYPE_TFW
54 	},
55 	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
56 		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
57 		.opt = "ntfw-nvctr",
58 		.help_msg = "Non-Trusted Firmware Non-Volatile counter value",
59 		.sn = "NormalWorldNVCounter",
60 		.ln = "Non-Trusted Firmware Non-Volatile counter",
61 		.asn1_type = V_ASN1_INTEGER,
62 		.type = EXT_TYPE_NVCOUNTER,
63 		.attr.nvctr_type = NVCTR_TYPE_NTFW
64 	},
65 	[TRUSTED_BOOT_FW_HASH_EXT] = {
66 		.oid = TRUSTED_BOOT_FW_HASH_OID,
67 		.opt = "tb-fw",
68 		.help_msg = "Trusted Boot Firmware image file",
69 		.sn = "TrustedBootFirmwareHash",
70 		.ln = "Trusted Boot Firmware hash (SHA256)",
71 		.asn1_type = V_ASN1_OCTET_STRING,
72 		.type = EXT_TYPE_HASH
73 	},
74 	[TRUSTED_WORLD_PK_EXT] = {
75 		.oid = TRUSTED_WORLD_PK_OID,
76 		.sn = "TrustedWorldPublicKey",
77 		.ln = "Trusted World Public Key",
78 		.asn1_type = V_ASN1_OCTET_STRING,
79 		.type = EXT_TYPE_PKEY,
80 		.attr.key = TRUSTED_WORLD_KEY
81 	},
82 	[NON_TRUSTED_WORLD_PK_EXT] = {
83 		.oid = NON_TRUSTED_WORLD_PK_OID,
84 		.sn = "NonTrustedWorldPublicKey",
85 		.ln = "Non-Trusted World Public Key",
86 		.asn1_type = V_ASN1_OCTET_STRING,
87 		.type = EXT_TYPE_PKEY,
88 		.attr.key = NON_TRUSTED_WORLD_KEY
89 	},
90 	[SCP_FW_CONTENT_CERT_PK_EXT] = {
91 		.oid = SCP_FW_CONTENT_CERT_PK_OID,
92 		.sn = "SCPFirmwareContentCertPK",
93 		.ln = "SCP Firmware content certificate public key",
94 		.asn1_type = V_ASN1_OCTET_STRING,
95 		.type = EXT_TYPE_PKEY,
96 		.attr.key = SCP_FW_CONTENT_CERT_KEY
97 	},
98 	[SCP_FW_HASH_EXT] = {
99 		.oid = SCP_FW_HASH_OID,
100 		.opt = "scp-fw",
101 		.help_msg = "SCP Firmware image file",
102 		.sn = "SCPFirmwareHash",
103 		.ln = "SCP Firmware hash (SHA256)",
104 		.asn1_type = V_ASN1_OCTET_STRING,
105 		.type = EXT_TYPE_HASH
106 	},
107 	[SOC_FW_CONTENT_CERT_PK_EXT] = {
108 		.oid = SOC_FW_CONTENT_CERT_PK_OID,
109 		.sn = "SoCFirmwareContentCertPK",
110 		.ln = "SoC Firmware content certificate public key",
111 		.asn1_type = V_ASN1_OCTET_STRING,
112 		.type = EXT_TYPE_PKEY,
113 		.attr.key = SOC_FW_CONTENT_CERT_KEY
114 	},
115 	[SOC_AP_FW_HASH_EXT] = {
116 		.oid = SOC_AP_FW_HASH_OID,
117 		.opt = "soc-fw",
118 		.help_msg = "SoC AP Firmware image file",
119 		.sn = "SoCAPFirmwareHash",
120 		.ln = "SoC AP Firmware hash (SHA256)",
121 		.asn1_type = V_ASN1_OCTET_STRING,
122 		.type = EXT_TYPE_HASH
123 	},
124 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
125 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
126 		.sn = "TrustedOSFirmwareContentCertPK",
127 		.ln = "Trusted OS Firmware content certificate public key",
128 		.asn1_type = V_ASN1_OCTET_STRING,
129 		.type = EXT_TYPE_PKEY,
130 		.attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
131 	},
132 	[TRUSTED_OS_FW_HASH_EXT] = {
133 		.oid = TRUSTED_OS_FW_HASH_OID,
134 		.opt = "tos-fw",
135 		.help_msg = "Trusted OS image file",
136 		.sn = "TrustedOSHash",
137 		.ln = "Trusted OS hash (SHA256)",
138 		.asn1_type = V_ASN1_OCTET_STRING,
139 		.type = EXT_TYPE_HASH
140 	},
141 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
142 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
143 		.sn = "NonTrustedFirmwareContentCertPK",
144 		.ln = "Non-Trusted Firmware content certificate public key",
145 		.asn1_type = V_ASN1_OCTET_STRING,
146 		.type = EXT_TYPE_PKEY,
147 		.attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
148 	},
149 	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
150 		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
151 		.opt = "nt-fw",
152 		.help_msg = "Non-Trusted World Bootloader image file",
153 		.sn = "NonTrustedWorldBootloaderHash",
154 		.ln = "Non-Trusted World hash (SHA256)",
155 		.asn1_type = V_ASN1_OCTET_STRING,
156 		.type = EXT_TYPE_HASH
157 	},
158 	[SCP_FWU_CFG_HASH_EXT] = {
159 		.oid = SCP_FWU_CFG_HASH_OID,
160 		.opt = "scp-fwu-cfg",
161 		.help_msg = "SCP Firmware Update Config image file",
162 		.sn = "SCPFWUpdateConfig",
163 		.ln = "SCP Firmware Update Config hash (SHA256)",
164 		.asn1_type = V_ASN1_OCTET_STRING,
165 		.type = EXT_TYPE_HASH,
166 		.optional = 1
167 	},
168 	[AP_FWU_CFG_HASH_EXT] = {
169 		.oid = AP_FWU_CFG_HASH_OID,
170 		.opt = "ap-fwu-cfg",
171 		.help_msg = "AP Firmware Update Config image file",
172 		.sn = "APFWUpdateConfig",
173 		.ln = "AP Firmware Update Config hash (SHA256)",
174 		.asn1_type = V_ASN1_OCTET_STRING,
175 		.type = EXT_TYPE_HASH,
176 		.optional = 1
177 	},
178 	[FWU_HASH_EXT] = {
179 		.oid = FWU_HASH_OID,
180 		.opt = "fwu",
181 		.help_msg = "Firmware Updater image file",
182 		.sn = "FWUpdaterHash",
183 		.ln = "Firmware Updater hash (SHA256)",
184 		.asn1_type = V_ASN1_OCTET_STRING,
185 		.type = EXT_TYPE_HASH,
186 		.optional = 1
187 	}
188 };
189 
190 REGISTER_EXTENSIONS(tbb_ext);
191