1 /* 2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include "tbbr/tbb_cert.h" 8 #include "tbbr/tbb_ext.h" 9 #include "tbbr/tbb_key.h" 10 11 /* 12 * Certificates used in the chain of trust 13 * 14 * The order of the certificates must follow the enumeration specified in 15 * tbb_cert.h. All certificates are self-signed, so the issuer certificate 16 * field points to itself. 17 */ 18 static cert_t tbb_certs[] = { 19 [TRUSTED_BOOT_FW_CERT] = { 20 .id = TRUSTED_BOOT_FW_CERT, 21 .opt = "tb-fw-cert", 22 .help_msg = "Trusted Boot FW Certificate (output file)", 23 .fn = NULL, 24 .cn = "Trusted Boot FW Certificate", 25 .key = ROT_KEY, 26 .issuer = TRUSTED_BOOT_FW_CERT, 27 .ext = { 28 TRUSTED_FW_NVCOUNTER_EXT, 29 TRUSTED_BOOT_FW_HASH_EXT 30 }, 31 .num_ext = 2 32 }, 33 [TRUSTED_KEY_CERT] = { 34 .id = TRUSTED_KEY_CERT, 35 .opt = "trusted-key-cert", 36 .help_msg = "Trusted Key Certificate (output file)", 37 .fn = NULL, 38 .cn = "Trusted Key Certificate", 39 .key = ROT_KEY, 40 .issuer = TRUSTED_KEY_CERT, 41 .ext = { 42 TRUSTED_FW_NVCOUNTER_EXT, 43 TRUSTED_WORLD_PK_EXT, 44 NON_TRUSTED_WORLD_PK_EXT 45 }, 46 .num_ext = 3 47 }, 48 [SCP_FW_KEY_CERT] = { 49 .id = SCP_FW_KEY_CERT, 50 .opt = "scp-fw-key-cert", 51 .help_msg = "SCP Firmware Key Certificate (output file)", 52 .fn = NULL, 53 .cn = "SCP Firmware Key Certificate", 54 .key = TRUSTED_WORLD_KEY, 55 .issuer = SCP_FW_KEY_CERT, 56 .ext = { 57 TRUSTED_FW_NVCOUNTER_EXT, 58 SCP_FW_CONTENT_CERT_PK_EXT 59 }, 60 .num_ext = 2 61 }, 62 [SCP_FW_CONTENT_CERT] = { 63 .id = SCP_FW_CONTENT_CERT, 64 .opt = "scp-fw-cert", 65 .help_msg = "SCP Firmware Content Certificate (output file)", 66 .fn = NULL, 67 .cn = "SCP Firmware Content Certificate", 68 .key = SCP_FW_CONTENT_CERT_KEY, 69 .issuer = SCP_FW_CONTENT_CERT, 70 .ext = { 71 TRUSTED_FW_NVCOUNTER_EXT, 72 SCP_FW_HASH_EXT 73 }, 74 .num_ext = 2 75 }, 76 [SOC_FW_KEY_CERT] = { 77 .id = SOC_FW_KEY_CERT, 78 .opt = "soc-fw-key-cert", 79 .help_msg = "SoC Firmware Key Certificate (output file)", 80 .fn = NULL, 81 .cn = "SoC Firmware Key Certificate", 82 .key = TRUSTED_WORLD_KEY, 83 .issuer = SOC_FW_KEY_CERT, 84 .ext = { 85 TRUSTED_FW_NVCOUNTER_EXT, 86 SOC_FW_CONTENT_CERT_PK_EXT 87 }, 88 .num_ext = 2 89 }, 90 [SOC_FW_CONTENT_CERT] = { 91 .id = SOC_FW_CONTENT_CERT, 92 .opt = "soc-fw-cert", 93 .help_msg = "SoC Firmware Content Certificate (output file)", 94 .fn = NULL, 95 .cn = "SoC Firmware Content Certificate", 96 .key = SOC_FW_CONTENT_CERT_KEY, 97 .issuer = SOC_FW_CONTENT_CERT, 98 .ext = { 99 TRUSTED_FW_NVCOUNTER_EXT, 100 SOC_AP_FW_HASH_EXT 101 }, 102 .num_ext = 2 103 }, 104 [TRUSTED_OS_FW_KEY_CERT] = { 105 .id = TRUSTED_OS_FW_KEY_CERT, 106 .opt = "tos-fw-key-cert", 107 .help_msg = "Trusted OS Firmware Key Certificate (output file)", 108 .fn = NULL, 109 .cn = "Trusted OS Firmware Key Certificate", 110 .key = TRUSTED_WORLD_KEY, 111 .issuer = TRUSTED_OS_FW_KEY_CERT, 112 .ext = { 113 TRUSTED_FW_NVCOUNTER_EXT, 114 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT 115 }, 116 .num_ext = 2 117 }, 118 [TRUSTED_OS_FW_CONTENT_CERT] = { 119 .id = TRUSTED_OS_FW_CONTENT_CERT, 120 .opt = "tos-fw-cert", 121 .help_msg = "Trusted OS Firmware Content Certificate (output file)", 122 .fn = NULL, 123 .cn = "Trusted OS Firmware Content Certificate", 124 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY, 125 .issuer = TRUSTED_OS_FW_CONTENT_CERT, 126 .ext = { 127 TRUSTED_FW_NVCOUNTER_EXT, 128 TRUSTED_OS_FW_HASH_EXT, 129 TRUSTED_OS_FW_EXTRA1_HASH_EXT, 130 TRUSTED_OS_FW_EXTRA2_HASH_EXT 131 }, 132 .num_ext = 4 133 }, 134 [NON_TRUSTED_FW_KEY_CERT] = { 135 .id = NON_TRUSTED_FW_KEY_CERT, 136 .opt = "nt-fw-key-cert", 137 .help_msg = "Non-Trusted Firmware Key Certificate (output file)", 138 .fn = NULL, 139 .cn = "Non-Trusted Firmware Key Certificate", 140 .key = NON_TRUSTED_WORLD_KEY, 141 .issuer = NON_TRUSTED_FW_KEY_CERT, 142 .ext = { 143 NON_TRUSTED_FW_NVCOUNTER_EXT, 144 NON_TRUSTED_FW_CONTENT_CERT_PK_EXT 145 }, 146 .num_ext = 2 147 }, 148 [NON_TRUSTED_FW_CONTENT_CERT] = { 149 .id = NON_TRUSTED_FW_CONTENT_CERT, 150 .opt = "nt-fw-cert", 151 .help_msg = "Non-Trusted Firmware Content Certificate (output file)", 152 .fn = NULL, 153 .cn = "Non-Trusted Firmware Content Certificate", 154 .key = NON_TRUSTED_FW_CONTENT_CERT_KEY, 155 .issuer = NON_TRUSTED_FW_CONTENT_CERT, 156 .ext = { 157 NON_TRUSTED_FW_NVCOUNTER_EXT, 158 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT 159 }, 160 .num_ext = 2 161 }, 162 [FWU_CERT] = { 163 .id = FWU_CERT, 164 .opt = "fwu-cert", 165 .help_msg = "Firmware Update Certificate (output file)", 166 .fn = NULL, 167 .cn = "Firmware Update Certificate", 168 .key = ROT_KEY, 169 .issuer = FWU_CERT, 170 .ext = { 171 SCP_FWU_CFG_HASH_EXT, 172 AP_FWU_CFG_HASH_EXT, 173 FWU_HASH_EXT 174 }, 175 .num_ext = 3 176 } 177 }; 178 179 REGISTER_COT(tbb_certs); 180