xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_ext.c (revision b8ce71e2300a44a02ef495eb35c7425ecf8c33cc) 
1 /*
2  * Copyright (c) 2015-2025, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <stdio.h>
8 #include <string.h>
9 #include <openssl/err.h>
10 #include <openssl/x509v3.h>
11 
12 #if USE_TBBR_DEFS
13 #include <tbbr_oid.h>
14 #else
15 #include <platform_oid.h>
16 #endif
17 
18 #include "ext.h"
19 #include "tbbr/tbb_ext.h"
20 #include "tbbr/tbb_key.h"
21 
22 static ext_t tbb_ext[] = {
23 	[TRUSTED_FW_NVCOUNTER_EXT] = {
24 		.oid = TRUSTED_FW_NVCOUNTER_OID,
25 		.opt = "tfw-nvctr",
26 		.help_msg = "Trusted Firmware Non-Volatile counter value",
27 		.sn = "TrustedWorldNVCounter",
28 		.ln = "Trusted World Non-Volatile counter",
29 		.asn1_type = V_ASN1_INTEGER,
30 		.type = EXT_TYPE_NVCOUNTER,
31 		.attr.nvctr_type = NVCTR_TYPE_TFW
32 	},
33 	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
34 		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
35 		.opt = "ntfw-nvctr",
36 		.help_msg = "Non-Trusted Firmware Non-Volatile counter value",
37 		.sn = "NormalWorldNVCounter",
38 		.ln = "Non-Trusted Firmware Non-Volatile counter",
39 		.asn1_type = V_ASN1_INTEGER,
40 		.type = EXT_TYPE_NVCOUNTER,
41 		.attr.nvctr_type = NVCTR_TYPE_NTFW
42 	},
43 	[TRUSTED_BOOT_FW_HASH_EXT] = {
44 		.oid = TRUSTED_BOOT_FW_HASH_OID,
45 		.opt = "tb-fw",
46 		.help_msg = "Trusted Boot Firmware image file",
47 		.sn = "TrustedBootFirmwareHash",
48 		.ln = "Trusted Boot Firmware hash (SHA256)",
49 		.asn1_type = V_ASN1_OCTET_STRING,
50 		.type = EXT_TYPE_HASH,
51 		.optional = 1
52 	},
53 	[TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
54 		.oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
55 		.opt = "tb-fw-config",
56 		.help_msg = "Trusted Boot Firmware Config file",
57 		.sn = "TrustedBootFirmwareConfigHash",
58 		.ln = "Trusted Boot Firmware Config hash",
59 		.asn1_type = V_ASN1_OCTET_STRING,
60 		.type = EXT_TYPE_HASH,
61 		.optional = 1
62 	},
63 	[HW_CONFIG_HASH_EXT] = {
64 		.oid = HW_CONFIG_HASH_OID,
65 		.opt = "hw-config",
66 		.help_msg = "HW Config file",
67 		.sn = "HWConfigHash",
68 		.ln = "HW Config hash",
69 		.asn1_type = V_ASN1_OCTET_STRING,
70 		.type = EXT_TYPE_HASH,
71 		.optional = 1
72 	},
73 	[FW_CONFIG_HASH_EXT] = {
74 		.oid = FW_CONFIG_HASH_OID,
75 		.opt = "fw-config",
76 		.help_msg = "Firmware Config file",
77 		.sn = "FirmwareConfigHash",
78 		.ln = "Firmware Config hash",
79 		.asn1_type = V_ASN1_OCTET_STRING,
80 		.type = EXT_TYPE_HASH,
81 		.optional = 1
82 	},
83 	[TRUSTED_WORLD_PK_EXT] = {
84 		.oid = TRUSTED_WORLD_PK_OID,
85 		.sn = "TrustedWorldPublicKey",
86 		.ln = "Trusted World Public Key",
87 		.asn1_type = V_ASN1_OCTET_STRING,
88 		.type = EXT_TYPE_PKEY,
89 		.attr.key = TRUSTED_WORLD_KEY
90 	},
91 	[NON_TRUSTED_WORLD_PK_EXT] = {
92 		.oid = NON_TRUSTED_WORLD_PK_OID,
93 		.sn = "NonTrustedWorldPublicKey",
94 		.ln = "Non-Trusted World Public Key",
95 		.asn1_type = V_ASN1_OCTET_STRING,
96 		.type = EXT_TYPE_PKEY,
97 		.attr.key = NON_TRUSTED_WORLD_KEY
98 	},
99 	[SCP_FW_CONTENT_CERT_PK_EXT] = {
100 		.oid = SCP_FW_CONTENT_CERT_PK_OID,
101 		.sn = "SCPFirmwareContentCertPK",
102 		.ln = "SCP Firmware content certificate public key",
103 		.asn1_type = V_ASN1_OCTET_STRING,
104 		.type = EXT_TYPE_PKEY,
105 		.attr.key = SCP_FW_CONTENT_CERT_KEY
106 	},
107 	[SCP_FW_HASH_EXT] = {
108 		.oid = SCP_FW_HASH_OID,
109 		.opt = "scp-fw",
110 		.help_msg = "SCP Firmware image file",
111 		.sn = "SCPFirmwareHash",
112 		.ln = "SCP Firmware hash (SHA256)",
113 		.asn1_type = V_ASN1_OCTET_STRING,
114 		.type = EXT_TYPE_HASH
115 	},
116 	[SOC_FW_CONTENT_CERT_PK_EXT] = {
117 		.oid = SOC_FW_CONTENT_CERT_PK_OID,
118 		.sn = "SoCFirmwareContentCertPK",
119 		.ln = "SoC Firmware content certificate public key",
120 		.asn1_type = V_ASN1_OCTET_STRING,
121 		.type = EXT_TYPE_PKEY,
122 		.attr.key = SOC_FW_CONTENT_CERT_KEY
123 	},
124 	[SOC_AP_FW_HASH_EXT] = {
125 		.oid = SOC_AP_FW_HASH_OID,
126 		.opt = "soc-fw",
127 		.help_msg = "SoC AP Firmware image file",
128 		.sn = "SoCAPFirmwareHash",
129 		.ln = "SoC AP Firmware hash (SHA256)",
130 		.asn1_type = V_ASN1_OCTET_STRING,
131 		.type = EXT_TYPE_HASH,
132 		.optional = 1
133 	},
134 	[SOC_FW_CONFIG_HASH_EXT] = {
135 		.oid = SOC_FW_CONFIG_HASH_OID,
136 		.opt = "soc-fw-config",
137 		.help_msg = "SoC Firmware Config file",
138 		.sn = "SocFirmwareConfigHash",
139 		.ln = "SoC Firmware Config hash",
140 		.asn1_type = V_ASN1_OCTET_STRING,
141 		.type = EXT_TYPE_HASH,
142 		.optional = 1
143 	},
144 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
145 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
146 		.sn = "TrustedOSFirmwareContentCertPK",
147 		.ln = "Trusted OS Firmware content certificate public key",
148 		.asn1_type = V_ASN1_OCTET_STRING,
149 		.type = EXT_TYPE_PKEY,
150 		.attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
151 	},
152 	[TRUSTED_OS_FW_HASH_EXT] = {
153 		.oid = TRUSTED_OS_FW_HASH_OID,
154 		.opt = "tos-fw",
155 		.help_msg = "Trusted OS image file",
156 		.sn = "TrustedOSHash",
157 		.ln = "Trusted OS hash (SHA256)",
158 		.asn1_type = V_ASN1_OCTET_STRING,
159 		.type = EXT_TYPE_HASH
160 	},
161 	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
162 		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
163 		.opt = "tos-fw-extra1",
164 		.help_msg = "Trusted OS Extra1 image file",
165 		.sn = "TrustedOSExtra1Hash",
166 		.ln = "Trusted OS Extra1 hash (SHA256)",
167 		.asn1_type = V_ASN1_OCTET_STRING,
168 		.type = EXT_TYPE_HASH,
169 		.optional = 1
170 	},
171 	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
172 		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
173 		.opt = "tos-fw-extra2",
174 		.help_msg = "Trusted OS Extra2 image file",
175 		.sn = "TrustedOSExtra2Hash",
176 		.ln = "Trusted OS Extra2 hash (SHA256)",
177 		.asn1_type = V_ASN1_OCTET_STRING,
178 		.type = EXT_TYPE_HASH,
179 		.optional = 1
180 	},
181 	[TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
182 		.oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
183 		.opt = "tos-fw-config",
184 		.help_msg = "Trusted OS Firmware Config file",
185 		.sn = "TrustedOSFirmwareConfigHash",
186 		.ln = "Trusted OS Firmware Config hash",
187 		.asn1_type = V_ASN1_OCTET_STRING,
188 		.type = EXT_TYPE_HASH,
189 		.optional = 1
190 	},
191 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
192 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
193 		.sn = "NonTrustedFirmwareContentCertPK",
194 		.ln = "Non-Trusted Firmware content certificate public key",
195 		.asn1_type = V_ASN1_OCTET_STRING,
196 		.type = EXT_TYPE_PKEY,
197 		.attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
198 	},
199 	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
200 		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
201 		.opt = "nt-fw",
202 		.help_msg = "Non-Trusted World Bootloader image file",
203 		.sn = "NonTrustedWorldBootloaderHash",
204 		.ln = "Non-Trusted World hash (SHA256)",
205 		.asn1_type = V_ASN1_OCTET_STRING,
206 		.type = EXT_TYPE_HASH
207 	},
208 	[NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
209 		.oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
210 		.opt = "nt-fw-config",
211 		.help_msg = "Non Trusted OS Firmware Config file",
212 		.sn = "NonTrustedOSFirmwareConfigHash",
213 		.ln = "Non-Trusted OS Firmware Config hash",
214 		.asn1_type = V_ASN1_OCTET_STRING,
215 		.type = EXT_TYPE_HASH,
216 		.optional = 1
217 	},
218 	[SP_PKG1_HASH_EXT] = {
219 		.oid = SP_PKG1_HASH_OID,
220 		.opt = "sp-pkg1",
221 		.help_msg = "Secure Partition Package1 file",
222 		.sn = "SPPkg1Hash",
223 		.ln = "SP Pkg1 hash (SHA256)",
224 		.asn1_type = V_ASN1_OCTET_STRING,
225 		.type = EXT_TYPE_HASH,
226 		.optional = 1
227 	},
228 	[SP_PKG2_HASH_EXT] = {
229 		.oid = SP_PKG2_HASH_OID,
230 		.opt = "sp-pkg2",
231 		.help_msg = "Secure Partition Package2 file",
232 		.sn = "SPPkg2Hash",
233 		.ln = "SP Pkg2 hash (SHA256)",
234 		.asn1_type = V_ASN1_OCTET_STRING,
235 		.type = EXT_TYPE_HASH,
236 		.optional = 1
237 	},
238 	[SP_PKG3_HASH_EXT] = {
239 		.oid = SP_PKG3_HASH_OID,
240 		.opt = "sp-pkg3",
241 		.help_msg = "Secure Partition Package3 file",
242 		.sn = "SPPkg3Hash",
243 		.ln = "SP Pkg3 hash (SHA256)",
244 		.asn1_type = V_ASN1_OCTET_STRING,
245 		.type = EXT_TYPE_HASH,
246 		.optional = 1
247 	},
248 	[SP_PKG4_HASH_EXT] = {
249 		.oid = SP_PKG4_HASH_OID,
250 		.opt = "sp-pkg4",
251 		.help_msg = "Secure Partition Package4 file",
252 		.sn = "SPPkg4Hash",
253 		.ln = "SP Pkg4 hash (SHA256)",
254 		.asn1_type = V_ASN1_OCTET_STRING,
255 		.type = EXT_TYPE_HASH,
256 		.optional = 1
257 	},
258 	[SP_PKG5_HASH_EXT] = {
259 		.oid = SP_PKG5_HASH_OID,
260 		.opt = "sp-pkg5",
261 		.help_msg = "Secure Partition Package5 file",
262 		.sn = "SPPkg5Hash",
263 		.ln = "SP Pkg5 hash (SHA256)",
264 		.asn1_type = V_ASN1_OCTET_STRING,
265 		.type = EXT_TYPE_HASH,
266 		.optional = 1
267 	},
268 	[SP_PKG6_HASH_EXT] = {
269 		.oid = SP_PKG6_HASH_OID,
270 		.opt = "sp-pkg6",
271 		.help_msg = "Secure Partition Package6 file",
272 		.sn = "SPPkg6Hash",
273 		.ln = "SP Pkg6 hash (SHA256)",
274 		.asn1_type = V_ASN1_OCTET_STRING,
275 		.type = EXT_TYPE_HASH,
276 		.optional = 1
277 	},
278 	[SP_PKG7_HASH_EXT] = {
279 		.oid = SP_PKG7_HASH_OID,
280 		.opt = "sp-pkg7",
281 		.help_msg = "Secure Partition Package7 file",
282 		.sn = "SPPkg7Hash",
283 		.ln = "SP Pkg7 hash (SHA256)",
284 		.asn1_type = V_ASN1_OCTET_STRING,
285 		.type = EXT_TYPE_HASH,
286 		.optional = 1
287 	},
288 	[SP_PKG8_HASH_EXT] = {
289 		.oid = SP_PKG8_HASH_OID,
290 		.opt = "sp-pkg8",
291 		.help_msg = "Secure Partition Package8 file",
292 		.sn = "SPPkg8Hash",
293 		.ln = "SP Pkg8 hash (SHA256)",
294 		.asn1_type = V_ASN1_OCTET_STRING,
295 		.type = EXT_TYPE_HASH,
296 		.optional = 1
297 	},
298 	[SCP_FWU_CFG_HASH_EXT] = {
299 		.oid = SCP_FWU_CFG_HASH_OID,
300 		.opt = "scp-fwu-cfg",
301 		.help_msg = "SCP Firmware Update Config image file",
302 		.sn = "SCPFWUpdateConfig",
303 		.ln = "SCP Firmware Update Config hash (SHA256)",
304 		.asn1_type = V_ASN1_OCTET_STRING,
305 		.type = EXT_TYPE_HASH,
306 		.optional = 1
307 	},
308 	[AP_FWU_CFG_HASH_EXT] = {
309 		.oid = AP_FWU_CFG_HASH_OID,
310 		.opt = "ap-fwu-cfg",
311 		.help_msg = "AP Firmware Update Config image file",
312 		.sn = "APFWUpdateConfig",
313 		.ln = "AP Firmware Update Config hash (SHA256)",
314 		.asn1_type = V_ASN1_OCTET_STRING,
315 		.type = EXT_TYPE_HASH,
316 		.optional = 1
317 	},
318 	[FWU_HASH_EXT] = {
319 		.oid = FWU_HASH_OID,
320 		.opt = "fwu",
321 		.help_msg = "Firmware Updater image file",
322 		.sn = "FWUpdaterHash",
323 		.ln = "Firmware Updater hash (SHA256)",
324 		.asn1_type = V_ASN1_OCTET_STRING,
325 		.type = EXT_TYPE_HASH,
326 		.optional = 1
327 	}
328 };
329 
330 REGISTER_EXTENSIONS(tbb_ext);
331