Support Trusted OS firmware extra images in TF tools

Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com>
author: Summer Qin <summer.qin@arm.com> 2017-04-20 16:28:39 +0100
committer: Edison Ai <edison.ai@arm.com> 2017-08-09 18:06:05 +0800
commit: 71fb396440f51b21401f24c925b9a97a224a4d24 (patch)
tree: 3d42bb4619181f218107b84b48abf8ed6119bc20 /tools
parent: ca9915c2bbce951a2955d4314d255270a8f5a0b3 (diff)
5 files changed, 42 insertions, 4 deletions
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 72d33854..85ad3595 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -21,6 +21,8 @@ enum {
 	SOC_AP_FW_HASH_EXT,
 	TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
 	TRUSTED_OS_FW_HASH_EXT,
+	TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+	TRUSTED_OS_FW_EXTRA2_HASH_EXT,
 	NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
 	NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
 	SCP_FWU_CFG_HASH_EXT,
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 376096b6..c815178c 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -125,9 +125,11 @@ static cert_t tbb_certs[] = {
 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
 		.ext = {
 			TRUSTED_FW_NVCOUNTER_EXT,
-			TRUSTED_OS_FW_HASH_EXT
+			TRUSTED_OS_FW_HASH_EXT,
+			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+			TRUSTED_OS_FW_EXTRA2_HASH_EXT
 		},
-		.num_ext = 2
+		.num_ext = 4
 	},
 	[NON_TRUSTED_FW_KEY_CERT] = {
 		.id = NON_TRUSTED_FW_KEY_CERT,
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index d9a8ea26..504b0fc0 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -120,6 +120,26 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
+		.opt = "tos-fw-extra1",
+		.help_msg = "Trusted OS Extra1 image file",
+		.sn = "TrustedOSExtra1Hash",
+		.ln = "Trusted OS Extra1 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
+		.opt = "tos-fw-extra2",
+		.help_msg = "Trusted OS Extra2 image file",
+		.sn = "TrustedOSExtra2Hash",
+		.ln = "Trusted OS Extra2 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
 		.sn = "NonTrustedFirmwareContentCertPK",
diff --git a/tools/fiptool/fip_create.sh b/tools/fiptool/fip_create.sh
index f1e1f451..0e80199f 100644
--- a/tools/fiptool/fip_create.sh
+++ b/tools/fiptool/fip_create.sh
@@ -28,6 +28,8 @@ Components that can be added/updated:
 	--scp-fw FILENAME		SCP Firmware SCP_BL2
 	--soc-fw FILENAME		EL3 Runtime Firmware BL31
 	--tos-fw FILENAME		Secure Payload BL32 (Trusted OS)
+	--tos-fw-extra1 FILENAME	Secure Payload BL32 Extra1 (Trusted OS Extra1)
+	--tos-fw-extra2 FILENAME	Secure Payload BL32 Extra2 (Trusted OS Extra2)
 	--nt-fw FILENAME		Non-Trusted Firmware BL33
 	--rot-cert FILENAME		Root Of Trust key certificate
 	--trusted-key-cert FILENAME	Trusted key certificate
@@ -69,6 +71,8 @@ while :; do
 	    --scp-fw | \
 	    --soc-fw | \
 	    --tos-fw | \
+	    --tos-fw-extra1 | \
+	    --tos-fw-extra2 | \
 	    --nt-fw | \
 	    --rot-cert | \
 	    --trusted-key-cert | \
diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c
index 7c6c24be..827cab28 100644
--- a/tools/fiptool/tbbr_config.c
+++ b/tools/fiptool/tbbr_config.c
@@ -53,6 +53,16 @@ toc_entry_t toc_entries[] = {
 		.cmdline_name = "tos-fw"
 	},
 	{
+		.name = "Secure Payload BL32 Extra1 (Trusted OS Extra1)",
+		.uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
+		.cmdline_name = "tos-fw-extra1"
+	},
+	{
+		.name = "Secure Payload BL32 Extra2 (Trusted OS Extra2)",
+		.uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+		.cmdline_name = "tos-fw-extra2"
+	},
+	{
 		.name = "Non-Trusted Firmware BL33",
 		.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
 		.cmdline_name = "nt-fw"
author	Summer Qin <summer.qin@arm.com>	2017-04-20 16:28:39 +0100
committer	Edison Ai <edison.ai@arm.com>	2017-08-09 18:06:05 +0800
commit	71fb396440f51b21401f24c925b9a97a224a4d24 (patch)
tree	3d42bb4619181f218107b84b48abf8ed6119bc20 /tools
parent	ca9915c2bbce951a2955d4314d255270a8f5a0b3 (diff)