xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_ext.c (revision 73a9605197ba04aaf02d436a2a4ad56e695b426c) 
1 /*
2  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <stdio.h>
8 #include <string.h>
9 #include <openssl/err.h>
10 #include <openssl/x509v3.h>
11 
12 #if USE_TBBR_DEFS
13 #include <tbbr_oid.h>
14 #else
15 #include <platform_oid.h>
16 #endif
17 
18 #include "ext.h"
19 #include "tbbr/tbb_ext.h"
20 #include "tbbr/tbb_key.h"
21 
22 /* TODO: get these values from the command line */
23 #define TRUSTED_WORLD_NVCTR_VALUE	0
24 #define NORMAL_WORLD_NVCTR_VALUE	0
25 
26 static ext_t tbb_ext[] = {
27 	[TRUSTED_FW_NVCOUNTER_EXT] = {
28 		.oid = TRUSTED_FW_NVCOUNTER_OID,
29 		.opt = "tfw-nvctr",
30 		.help_msg = "Trusted Firmware Non-Volatile counter value",
31 		.sn = "TrustedWorldNVCounter",
32 		.ln = "Trusted World Non-Volatile counter",
33 		.asn1_type = V_ASN1_INTEGER,
34 		.type = EXT_TYPE_NVCOUNTER,
35 		.attr.nvctr_type = NVCTR_TYPE_TFW
36 	},
37 	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
38 		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
39 		.opt = "ntfw-nvctr",
40 		.help_msg = "Non-Trusted Firmware Non-Volatile counter value",
41 		.sn = "NormalWorldNVCounter",
42 		.ln = "Non-Trusted Firmware Non-Volatile counter",
43 		.asn1_type = V_ASN1_INTEGER,
44 		.type = EXT_TYPE_NVCOUNTER,
45 		.attr.nvctr_type = NVCTR_TYPE_NTFW
46 	},
47 	[TRUSTED_BOOT_FW_HASH_EXT] = {
48 		.oid = TRUSTED_BOOT_FW_HASH_OID,
49 		.opt = "tb-fw",
50 		.help_msg = "Trusted Boot Firmware image file",
51 		.sn = "TrustedBootFirmwareHash",
52 		.ln = "Trusted Boot Firmware hash (SHA256)",
53 		.asn1_type = V_ASN1_OCTET_STRING,
54 		.type = EXT_TYPE_HASH
55 	},
56 	[TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
57 		.oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
58 		.opt = "tb-fw-config",
59 		.help_msg = "Trusted Boot Firmware Config file",
60 		.sn = "TrustedBootFirmwareConfigHash",
61 		.ln = "Trusted Boot Firmware Config hash",
62 		.asn1_type = V_ASN1_OCTET_STRING,
63 		.type = EXT_TYPE_HASH,
64 		.optional = 1
65 	},
66 	[HW_CONFIG_HASH_EXT] = {
67 		.oid = HW_CONFIG_HASH_OID,
68 		.opt = "hw-config",
69 		.help_msg = "HW Config file",
70 		.sn = "HWConfigHash",
71 		.ln = "HW Config hash",
72 		.asn1_type = V_ASN1_OCTET_STRING,
73 		.type = EXT_TYPE_HASH,
74 		.optional = 1
75 	},
76 	[TRUSTED_WORLD_PK_EXT] = {
77 		.oid = TRUSTED_WORLD_PK_OID,
78 		.sn = "TrustedWorldPublicKey",
79 		.ln = "Trusted World Public Key",
80 		.asn1_type = V_ASN1_OCTET_STRING,
81 		.type = EXT_TYPE_PKEY,
82 		.attr.key = TRUSTED_WORLD_KEY
83 	},
84 	[NON_TRUSTED_WORLD_PK_EXT] = {
85 		.oid = NON_TRUSTED_WORLD_PK_OID,
86 		.sn = "NonTrustedWorldPublicKey",
87 		.ln = "Non-Trusted World Public Key",
88 		.asn1_type = V_ASN1_OCTET_STRING,
89 		.type = EXT_TYPE_PKEY,
90 		.attr.key = NON_TRUSTED_WORLD_KEY
91 	},
92 	[SCP_FW_CONTENT_CERT_PK_EXT] = {
93 		.oid = SCP_FW_CONTENT_CERT_PK_OID,
94 		.sn = "SCPFirmwareContentCertPK",
95 		.ln = "SCP Firmware content certificate public key",
96 		.asn1_type = V_ASN1_OCTET_STRING,
97 		.type = EXT_TYPE_PKEY,
98 		.attr.key = SCP_FW_CONTENT_CERT_KEY
99 	},
100 	[SCP_FW_HASH_EXT] = {
101 		.oid = SCP_FW_HASH_OID,
102 		.opt = "scp-fw",
103 		.help_msg = "SCP Firmware image file",
104 		.sn = "SCPFirmwareHash",
105 		.ln = "SCP Firmware hash (SHA256)",
106 		.asn1_type = V_ASN1_OCTET_STRING,
107 		.type = EXT_TYPE_HASH
108 	},
109 	[SOC_FW_CONTENT_CERT_PK_EXT] = {
110 		.oid = SOC_FW_CONTENT_CERT_PK_OID,
111 		.sn = "SoCFirmwareContentCertPK",
112 		.ln = "SoC Firmware content certificate public key",
113 		.asn1_type = V_ASN1_OCTET_STRING,
114 		.type = EXT_TYPE_PKEY,
115 		.attr.key = SOC_FW_CONTENT_CERT_KEY
116 	},
117 	[SOC_AP_FW_HASH_EXT] = {
118 		.oid = SOC_AP_FW_HASH_OID,
119 		.opt = "soc-fw",
120 		.help_msg = "SoC AP Firmware image file",
121 		.sn = "SoCAPFirmwareHash",
122 		.ln = "SoC AP Firmware hash (SHA256)",
123 		.asn1_type = V_ASN1_OCTET_STRING,
124 		.type = EXT_TYPE_HASH
125 	},
126 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
127 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
128 		.sn = "TrustedOSFirmwareContentCertPK",
129 		.ln = "Trusted OS Firmware content certificate public key",
130 		.asn1_type = V_ASN1_OCTET_STRING,
131 		.type = EXT_TYPE_PKEY,
132 		.attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
133 	},
134 	[TRUSTED_OS_FW_HASH_EXT] = {
135 		.oid = TRUSTED_OS_FW_HASH_OID,
136 		.opt = "tos-fw",
137 		.help_msg = "Trusted OS image file",
138 		.sn = "TrustedOSHash",
139 		.ln = "Trusted OS hash (SHA256)",
140 		.asn1_type = V_ASN1_OCTET_STRING,
141 		.type = EXT_TYPE_HASH
142 	},
143 	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
144 		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
145 		.opt = "tos-fw-extra1",
146 		.help_msg = "Trusted OS Extra1 image file",
147 		.sn = "TrustedOSExtra1Hash",
148 		.ln = "Trusted OS Extra1 hash (SHA256)",
149 		.asn1_type = V_ASN1_OCTET_STRING,
150 		.type = EXT_TYPE_HASH,
151 		.optional = 1
152 	},
153 	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
154 		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
155 		.opt = "tos-fw-extra2",
156 		.help_msg = "Trusted OS Extra2 image file",
157 		.sn = "TrustedOSExtra2Hash",
158 		.ln = "Trusted OS Extra2 hash (SHA256)",
159 		.asn1_type = V_ASN1_OCTET_STRING,
160 		.type = EXT_TYPE_HASH,
161 		.optional = 1
162 	},
163 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
164 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
165 		.sn = "NonTrustedFirmwareContentCertPK",
166 		.ln = "Non-Trusted Firmware content certificate public key",
167 		.asn1_type = V_ASN1_OCTET_STRING,
168 		.type = EXT_TYPE_PKEY,
169 		.attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
170 	},
171 	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
172 		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
173 		.opt = "nt-fw",
174 		.help_msg = "Non-Trusted World Bootloader image file",
175 		.sn = "NonTrustedWorldBootloaderHash",
176 		.ln = "Non-Trusted World hash (SHA256)",
177 		.asn1_type = V_ASN1_OCTET_STRING,
178 		.type = EXT_TYPE_HASH
179 	},
180 	[SCP_FWU_CFG_HASH_EXT] = {
181 		.oid = SCP_FWU_CFG_HASH_OID,
182 		.opt = "scp-fwu-cfg",
183 		.help_msg = "SCP Firmware Update Config image file",
184 		.sn = "SCPFWUpdateConfig",
185 		.ln = "SCP Firmware Update Config hash (SHA256)",
186 		.asn1_type = V_ASN1_OCTET_STRING,
187 		.type = EXT_TYPE_HASH,
188 		.optional = 1
189 	},
190 	[AP_FWU_CFG_HASH_EXT] = {
191 		.oid = AP_FWU_CFG_HASH_OID,
192 		.opt = "ap-fwu-cfg",
193 		.help_msg = "AP Firmware Update Config image file",
194 		.sn = "APFWUpdateConfig",
195 		.ln = "AP Firmware Update Config hash (SHA256)",
196 		.asn1_type = V_ASN1_OCTET_STRING,
197 		.type = EXT_TYPE_HASH,
198 		.optional = 1
199 	},
200 	[FWU_HASH_EXT] = {
201 		.oid = FWU_HASH_OID,
202 		.opt = "fwu",
203 		.help_msg = "Firmware Updater image file",
204 		.sn = "FWUpdaterHash",
205 		.ln = "Firmware Updater hash (SHA256)",
206 		.asn1_type = V_ASN1_OCTET_STRING,
207 		.type = EXT_TYPE_HASH,
208 		.optional = 1
209 	}
210 };
211 
212 REGISTER_EXTENSIONS(tbb_ext);
213