diff options
author | Soby Mathew <soby.mathew@arm.com> | 2018-03-29 14:29:55 +0100 |
---|---|---|
committer | Soby Mathew <soby.mathew@arm.com> | 2018-05-18 12:26:38 +0100 |
commit | 17bc617e80e2b31ddaa65215526c556c23ca1374 (patch) | |
tree | ee54f9ade643a8826921b3f054b182382d4c8f44 /tools | |
parent | 6e79f9fd4b65f473374391595e31c155e9e0ad85 (diff) |
Dynamic cfg: Enable support on CoT for other configs
This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.
Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/cert_create/include/cert.h | 2 | ||||
-rw-r--r-- | tools/cert_create/include/tbbr/tbb_ext.h | 3 | ||||
-rw-r--r-- | tools/cert_create/src/tbbr/tbb_cert.c | 15 | ||||
-rw-r--r-- | tools/cert_create/src/tbbr/tbb_ext.c | 30 | ||||
-rw-r--r-- | tools/fiptool/tbbr_config.c | 15 |
5 files changed, 58 insertions, 7 deletions
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h index 9b4ef5af..07bb3379 100644 --- a/tools/cert_create/include/cert.h +++ b/tools/cert_create/include/cert.h @@ -12,7 +12,7 @@ #include "ext.h" #include "key.h" -#define CERT_MAX_EXT 4 +#define CERT_MAX_EXT 5 /* * This structure contains information related to the generation of the diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h index 5b427d35..075d5f3b 100644 --- a/tools/cert_create/include/tbbr/tbb_ext.h +++ b/tools/cert_create/include/tbbr/tbb_ext.h @@ -21,12 +21,15 @@ enum { SCP_FW_HASH_EXT, SOC_FW_CONTENT_CERT_PK_EXT, SOC_AP_FW_HASH_EXT, + SOC_FW_CONFIG_HASH_EXT, TRUSTED_OS_FW_CONTENT_CERT_PK_EXT, TRUSTED_OS_FW_HASH_EXT, TRUSTED_OS_FW_EXTRA1_HASH_EXT, TRUSTED_OS_FW_EXTRA2_HASH_EXT, + TRUSTED_OS_FW_CONFIG_HASH_EXT, NON_TRUSTED_FW_CONTENT_CERT_PK_EXT, NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, + NON_TRUSTED_FW_CONFIG_HASH_EXT, SCP_FWU_CFG_HASH_EXT, AP_FWU_CFG_HASH_EXT, FWU_HASH_EXT diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c index 325b4622..7fb32d82 100644 --- a/tools/cert_create/src/tbbr/tbb_cert.c +++ b/tools/cert_create/src/tbbr/tbb_cert.c @@ -99,9 +99,10 @@ static cert_t tbb_certs[] = { .issuer = SOC_FW_CONTENT_CERT, .ext = { TRUSTED_FW_NVCOUNTER_EXT, - SOC_AP_FW_HASH_EXT + SOC_AP_FW_HASH_EXT, + SOC_FW_CONFIG_HASH_EXT, }, - .num_ext = 2 + .num_ext = 3 }, [TRUSTED_OS_FW_KEY_CERT] = { .id = TRUSTED_OS_FW_KEY_CERT, @@ -129,9 +130,10 @@ static cert_t tbb_certs[] = { TRUSTED_FW_NVCOUNTER_EXT, TRUSTED_OS_FW_HASH_EXT, TRUSTED_OS_FW_EXTRA1_HASH_EXT, - TRUSTED_OS_FW_EXTRA2_HASH_EXT + TRUSTED_OS_FW_EXTRA2_HASH_EXT, + TRUSTED_OS_FW_CONFIG_HASH_EXT, }, - .num_ext = 4 + .num_ext = 5 }, [NON_TRUSTED_FW_KEY_CERT] = { .id = NON_TRUSTED_FW_KEY_CERT, @@ -157,9 +159,10 @@ static cert_t tbb_certs[] = { .issuer = NON_TRUSTED_FW_CONTENT_CERT, .ext = { NON_TRUSTED_FW_NVCOUNTER_EXT, - NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT + NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, + NON_TRUSTED_FW_CONFIG_HASH_EXT, }, - .num_ext = 2 + .num_ext = 3 }, [FWU_CERT] = { .id = FWU_CERT, diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index 5f2cec19..d0038a2b 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -123,6 +123,16 @@ static ext_t tbb_ext[] = { .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, + [SOC_FW_CONFIG_HASH_EXT] = { + .oid = SOC_FW_CONFIG_HASH_OID, + .opt = "soc-fw-config", + .help_msg = "SoC Firmware Config file", + .sn = "SocFirmwareConfigHash", + .ln = "SoC Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, .sn = "TrustedOSFirmwareContentCertPK", @@ -160,6 +170,16 @@ static ext_t tbb_ext[] = { .type = EXT_TYPE_HASH, .optional = 1 }, + [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { + .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, + .opt = "tos-fw-config", + .help_msg = "Trusted OS Firmware Config file", + .sn = "TrustedOSFirmwareConfigHash", + .ln = "Trusted OS Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, .sn = "NonTrustedFirmwareContentCertPK", @@ -177,6 +197,16 @@ static ext_t tbb_ext[] = { .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, + [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { + .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, + .opt = "nt-fw-config", + .help_msg = "Non Trusted OS Firmware Config file", + .sn = "NonTrustedOSFirmwareConfigHash", + .ln = "Non-Trusted OS Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [SCP_FWU_CFG_HASH_EXT] = { .oid = SCP_FWU_CFG_HASH_OID, .opt = "scp-fwu-cfg", diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c index 2c0adcd2..c7df243a 100644 --- a/tools/fiptool/tbbr_config.c +++ b/tools/fiptool/tbbr_config.c @@ -78,6 +78,21 @@ toc_entry_t toc_entries[] = { .uuid = UUID_TB_FW_CONFIG, .cmdline_name = "tb-fw-config" }, + { + .name = "SOC_FW_CONFIG", + .uuid = UUID_SOC_FW_CONFIG, + .cmdline_name = "soc-fw-config" + }, + { + .name = "TOS_FW_CONFIG", + .uuid = UUID_TOS_FW_CONFIG, + .cmdline_name = "tos-fw-config" + }, + { + .name = "NT_FW_CONFIG", + .uuid = UUID_NT_FW_CONFIG, + .cmdline_name = "nt-fw-config" + }, /* Key Certificates */ { .name = "Root Of Trust key certificate", |