1 /* 2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stdio.h> 8 #include <string.h> 9 #include <openssl/err.h> 10 #include <openssl/x509v3.h> 11 12 #if USE_TBBR_DEFS 13 #include <tbbr_oid.h> 14 #else 15 #include <platform_oid.h> 16 #endif 17 18 #include "ext.h" 19 #include "tbbr/tbb_ext.h" 20 #include "tbbr/tbb_key.h" 21 22 /* TODO: get these values from the command line */ 23 #define TRUSTED_WORLD_NVCTR_VALUE 0 24 #define NORMAL_WORLD_NVCTR_VALUE 0 25 26 static ext_t tbb_ext[] = { 27 [TRUSTED_FW_NVCOUNTER_EXT] = { 28 .oid = TRUSTED_FW_NVCOUNTER_OID, 29 .opt = "tfw-nvctr", 30 .help_msg = "Trusted Firmware Non-Volatile counter value", 31 .sn = "TrustedWorldNVCounter", 32 .ln = "Trusted World Non-Volatile counter", 33 .asn1_type = V_ASN1_INTEGER, 34 .type = EXT_TYPE_NVCOUNTER, 35 .attr.nvctr_type = NVCTR_TYPE_TFW 36 }, 37 [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 38 .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 39 .opt = "ntfw-nvctr", 40 .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 41 .sn = "NormalWorldNVCounter", 42 .ln = "Non-Trusted Firmware Non-Volatile counter", 43 .asn1_type = V_ASN1_INTEGER, 44 .type = EXT_TYPE_NVCOUNTER, 45 .attr.nvctr_type = NVCTR_TYPE_NTFW 46 }, 47 [TRUSTED_BOOT_FW_HASH_EXT] = { 48 .oid = TRUSTED_BOOT_FW_HASH_OID, 49 .opt = "tb-fw", 50 .help_msg = "Trusted Boot Firmware image file", 51 .sn = "TrustedBootFirmwareHash", 52 .ln = "Trusted Boot Firmware hash (SHA256)", 53 .asn1_type = V_ASN1_OCTET_STRING, 54 .type = EXT_TYPE_HASH 55 }, 56 [TRUSTED_WORLD_PK_EXT] = { 57 .oid = TRUSTED_WORLD_PK_OID, 58 .sn = "TrustedWorldPublicKey", 59 .ln = "Trusted World Public Key", 60 .asn1_type = V_ASN1_OCTET_STRING, 61 .type = EXT_TYPE_PKEY, 62 .attr.key = TRUSTED_WORLD_KEY 63 }, 64 [NON_TRUSTED_WORLD_PK_EXT] = { 65 .oid = NON_TRUSTED_WORLD_PK_OID, 66 .sn = "NonTrustedWorldPublicKey", 67 .ln = "Non-Trusted World Public Key", 68 .asn1_type = V_ASN1_OCTET_STRING, 69 .type = EXT_TYPE_PKEY, 70 .attr.key = NON_TRUSTED_WORLD_KEY 71 }, 72 [SCP_FW_CONTENT_CERT_PK_EXT] = { 73 .oid = SCP_FW_CONTENT_CERT_PK_OID, 74 .sn = "SCPFirmwareContentCertPK", 75 .ln = "SCP Firmware content certificate public key", 76 .asn1_type = V_ASN1_OCTET_STRING, 77 .type = EXT_TYPE_PKEY, 78 .attr.key = SCP_FW_CONTENT_CERT_KEY 79 }, 80 [SCP_FW_HASH_EXT] = { 81 .oid = SCP_FW_HASH_OID, 82 .opt = "scp-fw", 83 .help_msg = "SCP Firmware image file", 84 .sn = "SCPFirmwareHash", 85 .ln = "SCP Firmware hash (SHA256)", 86 .asn1_type = V_ASN1_OCTET_STRING, 87 .type = EXT_TYPE_HASH 88 }, 89 [SOC_FW_CONTENT_CERT_PK_EXT] = { 90 .oid = SOC_FW_CONTENT_CERT_PK_OID, 91 .sn = "SoCFirmwareContentCertPK", 92 .ln = "SoC Firmware content certificate public key", 93 .asn1_type = V_ASN1_OCTET_STRING, 94 .type = EXT_TYPE_PKEY, 95 .attr.key = SOC_FW_CONTENT_CERT_KEY 96 }, 97 [SOC_AP_FW_HASH_EXT] = { 98 .oid = SOC_AP_FW_HASH_OID, 99 .opt = "soc-fw", 100 .help_msg = "SoC AP Firmware image file", 101 .sn = "SoCAPFirmwareHash", 102 .ln = "SoC AP Firmware hash (SHA256)", 103 .asn1_type = V_ASN1_OCTET_STRING, 104 .type = EXT_TYPE_HASH 105 }, 106 [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { 107 .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, 108 .sn = "TrustedOSFirmwareContentCertPK", 109 .ln = "Trusted OS Firmware content certificate public key", 110 .asn1_type = V_ASN1_OCTET_STRING, 111 .type = EXT_TYPE_PKEY, 112 .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY 113 }, 114 [TRUSTED_OS_FW_HASH_EXT] = { 115 .oid = TRUSTED_OS_FW_HASH_OID, 116 .opt = "tos-fw", 117 .help_msg = "Trusted OS image file", 118 .sn = "TrustedOSHash", 119 .ln = "Trusted OS hash (SHA256)", 120 .asn1_type = V_ASN1_OCTET_STRING, 121 .type = EXT_TYPE_HASH 122 }, 123 [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = { 124 .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID, 125 .opt = "tos-fw-extra1", 126 .help_msg = "Trusted OS Extra1 image file", 127 .sn = "TrustedOSExtra1Hash", 128 .ln = "Trusted OS Extra1 hash (SHA256)", 129 .asn1_type = V_ASN1_OCTET_STRING, 130 .type = EXT_TYPE_HASH, 131 .optional = 1 132 }, 133 [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = { 134 .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID, 135 .opt = "tos-fw-extra2", 136 .help_msg = "Trusted OS Extra2 image file", 137 .sn = "TrustedOSExtra2Hash", 138 .ln = "Trusted OS Extra2 hash (SHA256)", 139 .asn1_type = V_ASN1_OCTET_STRING, 140 .type = EXT_TYPE_HASH, 141 .optional = 1 142 }, 143 [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { 144 .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, 145 .sn = "NonTrustedFirmwareContentCertPK", 146 .ln = "Non-Trusted Firmware content certificate public key", 147 .asn1_type = V_ASN1_OCTET_STRING, 148 .type = EXT_TYPE_PKEY, 149 .attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY 150 }, 151 [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 152 .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 153 .opt = "nt-fw", 154 .help_msg = "Non-Trusted World Bootloader image file", 155 .sn = "NonTrustedWorldBootloaderHash", 156 .ln = "Non-Trusted World hash (SHA256)", 157 .asn1_type = V_ASN1_OCTET_STRING, 158 .type = EXT_TYPE_HASH 159 }, 160 [SCP_FWU_CFG_HASH_EXT] = { 161 .oid = SCP_FWU_CFG_HASH_OID, 162 .opt = "scp-fwu-cfg", 163 .help_msg = "SCP Firmware Update Config image file", 164 .sn = "SCPFWUpdateConfig", 165 .ln = "SCP Firmware Update Config hash (SHA256)", 166 .asn1_type = V_ASN1_OCTET_STRING, 167 .type = EXT_TYPE_HASH, 168 .optional = 1 169 }, 170 [AP_FWU_CFG_HASH_EXT] = { 171 .oid = AP_FWU_CFG_HASH_OID, 172 .opt = "ap-fwu-cfg", 173 .help_msg = "AP Firmware Update Config image file", 174 .sn = "APFWUpdateConfig", 175 .ln = "AP Firmware Update Config hash (SHA256)", 176 .asn1_type = V_ASN1_OCTET_STRING, 177 .type = EXT_TYPE_HASH, 178 .optional = 1 179 }, 180 [FWU_HASH_EXT] = { 181 .oid = FWU_HASH_OID, 182 .opt = "fwu", 183 .help_msg = "Firmware Updater image file", 184 .sn = "FWUpdaterHash", 185 .ln = "Firmware Updater hash (SHA256)", 186 .asn1_type = V_ASN1_OCTET_STRING, 187 .type = EXT_TYPE_HASH, 188 .optional = 1 189 } 190 }; 191 192 REGISTER_EXTENSIONS(tbb_ext); 193