Support Trusted OS firmware extra images in TF tools

Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com>
author: Summer Qin <summer.qin@arm.com> 2017-04-20 16:28:39 +0100
committer: Edison Ai <edison.ai@arm.com> 2017-08-09 18:06:05 +0800
commit: 71fb396440f51b21401f24c925b9a97a224a4d24 (patch)
tree: 3d42bb4619181f218107b84b48abf8ed6119bc20 /tools/cert_create
parent: ca9915c2bbce951a2955d4314d255270a8f5a0b3 (diff)
3 files changed, 28 insertions, 4 deletions
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 72d33854..85ad3595 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -21,6 +21,8 @@ enum {
 	SOC_AP_FW_HASH_EXT,
 	TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
 	TRUSTED_OS_FW_HASH_EXT,
+	TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+	TRUSTED_OS_FW_EXTRA2_HASH_EXT,
 	NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
 	NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
 	SCP_FWU_CFG_HASH_EXT,
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 376096b6..c815178c 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -125,9 +125,11 @@ static cert_t tbb_certs[] = {
 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
 		.ext = {
 			TRUSTED_FW_NVCOUNTER_EXT,
-			TRUSTED_OS_FW_HASH_EXT
+			TRUSTED_OS_FW_HASH_EXT,
+			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+			TRUSTED_OS_FW_EXTRA2_HASH_EXT
 		},
-		.num_ext = 2
+		.num_ext = 4
 	},
 	[NON_TRUSTED_FW_KEY_CERT] = {
 		.id = NON_TRUSTED_FW_KEY_CERT,
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index d9a8ea26..504b0fc0 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -120,6 +120,26 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
+		.opt = "tos-fw-extra1",
+		.help_msg = "Trusted OS Extra1 image file",
+		.sn = "TrustedOSExtra1Hash",
+		.ln = "Trusted OS Extra1 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
+		.opt = "tos-fw-extra2",
+		.help_msg = "Trusted OS Extra2 image file",
+		.sn = "TrustedOSExtra2Hash",
+		.ln = "Trusted OS Extra2 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
 		.sn = "NonTrustedFirmwareContentCertPK",
author	Summer Qin <summer.qin@arm.com>	2017-04-20 16:28:39 +0100
committer	Edison Ai <edison.ai@arm.com>	2017-08-09 18:06:05 +0800
commit	71fb396440f51b21401f24c925b9a97a224a4d24 (patch)
tree	3d42bb4619181f218107b84b48abf8ed6119bc20 /tools/cert_create
parent	ca9915c2bbce951a2955d4314d255270a8f5a0b3 (diff)