Dynamic cfg: Enable support on CoT for other configs

This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
author: Soby Mathew <soby.mathew@arm.com> 2018-03-29 14:29:55 +0100
committer: Soby Mathew <soby.mathew@arm.com> 2018-05-18 12:26:38 +0100
commit: 17bc617e80e2b31ddaa65215526c556c23ca1374 (patch)
tree: ee54f9ade643a8826921b3f054b182382d4c8f44 /tools
parent: 6e79f9fd4b65f473374391595e31c155e9e0ad85 (diff)
5 files changed, 58 insertions, 7 deletions
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 9b4ef5af..07bb3379 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -12,7 +12,7 @@
 #include "ext.h"
 #include "key.h"
 
-#define CERT_MAX_EXT			4
+#define CERT_MAX_EXT			5
 
 /*
  * This structure contains information related to the generation of the
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 5b427d35..075d5f3b 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -21,12 +21,15 @@ enum {
 	SCP_FW_HASH_EXT,
 	SOC_FW_CONTENT_CERT_PK_EXT,
 	SOC_AP_FW_HASH_EXT,
+	SOC_FW_CONFIG_HASH_EXT,
 	TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
 	TRUSTED_OS_FW_HASH_EXT,
 	TRUSTED_OS_FW_EXTRA1_HASH_EXT,
 	TRUSTED_OS_FW_EXTRA2_HASH_EXT,
+	TRUSTED_OS_FW_CONFIG_HASH_EXT,
 	NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
 	NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+	NON_TRUSTED_FW_CONFIG_HASH_EXT,
 	SCP_FWU_CFG_HASH_EXT,
 	AP_FWU_CFG_HASH_EXT,
 	FWU_HASH_EXT
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 325b4622..7fb32d82 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -99,9 +99,10 @@ static cert_t tbb_certs[] = {
 		.issuer = SOC_FW_CONTENT_CERT,
 		.ext = {
 			TRUSTED_FW_NVCOUNTER_EXT,
-			SOC_AP_FW_HASH_EXT
+			SOC_AP_FW_HASH_EXT,
+			SOC_FW_CONFIG_HASH_EXT,
 		},
-		.num_ext = 2
+		.num_ext = 3
 	},
 	[TRUSTED_OS_FW_KEY_CERT] = {
 		.id = TRUSTED_OS_FW_KEY_CERT,
@@ -129,9 +130,10 @@ static cert_t tbb_certs[] = {
 			TRUSTED_FW_NVCOUNTER_EXT,
 			TRUSTED_OS_FW_HASH_EXT,
 			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
-			TRUSTED_OS_FW_EXTRA2_HASH_EXT
+			TRUSTED_OS_FW_EXTRA2_HASH_EXT,
+			TRUSTED_OS_FW_CONFIG_HASH_EXT,
 		},
-		.num_ext = 4
+		.num_ext = 5
 	},
 	[NON_TRUSTED_FW_KEY_CERT] = {
 		.id = NON_TRUSTED_FW_KEY_CERT,
@@ -157,9 +159,10 @@ static cert_t tbb_certs[] = {
 		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
 		.ext = {
 			NON_TRUSTED_FW_NVCOUNTER_EXT,
-			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
+			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+			NON_TRUSTED_FW_CONFIG_HASH_EXT,
 		},
-		.num_ext = 2
+		.num_ext = 3
 	},
 	[FWU_CERT] = {
 		.id = FWU_CERT,
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index 5f2cec19..d0038a2b 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -123,6 +123,16 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[SOC_FW_CONFIG_HASH_EXT] = {
+		.oid = SOC_FW_CONFIG_HASH_OID,
+		.opt = "soc-fw-config",
+		.help_msg = "SoC Firmware Config file",
+		.sn = "SocFirmwareConfigHash",
+		.ln = "SoC Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
 		.sn = "TrustedOSFirmwareContentCertPK",
@@ -160,6 +170,16 @@ static ext_t tbb_ext[] = {
 		.type = EXT_TYPE_HASH,
 		.optional = 1
 	},
+	[TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
+		.opt = "tos-fw-config",
+		.help_msg = "Trusted OS Firmware Config file",
+		.sn = "TrustedOSFirmwareConfigHash",
+		.ln = "Trusted OS Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
 		.sn = "NonTrustedFirmwareContentCertPK",
@@ -177,6 +197,16 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
+		.oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
+		.opt = "nt-fw-config",
+		.help_msg = "Non Trusted OS Firmware Config file",
+		.sn = "NonTrustedOSFirmwareConfigHash",
+		.ln = "Non-Trusted OS Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[SCP_FWU_CFG_HASH_EXT] = {
 		.oid = SCP_FWU_CFG_HASH_OID,
 		.opt = "scp-fwu-cfg",
diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c
index 2c0adcd2..c7df243a 100644
--- a/tools/fiptool/tbbr_config.c
+++ b/tools/fiptool/tbbr_config.c
@@ -78,6 +78,21 @@ toc_entry_t toc_entries[] = {
 		.uuid = UUID_TB_FW_CONFIG,
 		.cmdline_name = "tb-fw-config"
 	},
+	{
+		.name = "SOC_FW_CONFIG",
+		.uuid = UUID_SOC_FW_CONFIG,
+		.cmdline_name = "soc-fw-config"
+	},
+	{
+		.name = "TOS_FW_CONFIG",
+		.uuid = UUID_TOS_FW_CONFIG,
+		.cmdline_name = "tos-fw-config"
+	},
+	{
+		.name = "NT_FW_CONFIG",
+		.uuid = UUID_NT_FW_CONFIG,
+		.cmdline_name = "nt-fw-config"
+	},
 	/* Key Certificates */
 	{
 		.name = "Root Of Trust key certificate",
author	Soby Mathew <soby.mathew@arm.com>	2018-03-29 14:29:55 +0100
committer	Soby Mathew <soby.mathew@arm.com>	2018-05-18 12:26:38 +0100
commit	17bc617e80e2b31ddaa65215526c556c23ca1374 (patch)
tree	ee54f9ade643a8826921b3f054b182382d4c8f44 /tools
parent	6e79f9fd4b65f473374391595e31c155e9e0ad85 (diff)