From bb41eb7a9dc3e3b31df2e20237a2bcf1a3cae72a Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 22 May 2017 12:11:24 +0900 Subject: cert: move platform_oid.h to include/tools_share for all platforms Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include instead of by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada --- include/plat/arm/board/common/board_arm_oid.h | 143 -------------------------- include/tools_share/tbbr_oid.h | 139 +++++++++++++++++++++++++ 2 files changed, 139 insertions(+), 143 deletions(-) delete mode 100644 include/plat/arm/board/common/board_arm_oid.h create mode 100644 include/tools_share/tbbr_oid.h (limited to 'include') diff --git a/include/plat/arm/board/common/board_arm_oid.h b/include/plat/arm/board/common/board_arm_oid.h deleted file mode 100644 index fc6cd792..00000000 --- a/include/plat/arm/board/common/board_arm_oid.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef __BOARD_ARM_OID_H__ -#define __BOARD_ARM_OID_H__ - -/* - * The following is a list of OID values defined and reserved by ARM, which - * are used to define the extension fields of the certificate structure, as - * defined in the Trusted Board Boot Requirements (TBBR) specification, - * ARM DEN0006C-1. - * - * Non-ARM platform owners that wish to align with the TBBR should define - * constants with the same name in their own platform port(s), using their - * own OIDs obtained from the ITU-T. - */ - - -/* TrustedFirmwareNVCounter - Non-volatile counter extension */ -#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" -/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ -#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" - - -/* - * Non-Trusted Firmware Updater Certificate - */ - -/* APFirmwareUpdaterConfigHash - BL2U */ -#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" -/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ -#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" -/* FirmwareUpdaterHash - NS_BL2U */ -#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" -/* TrustedWatchdogRefreshTime */ -#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" - - -/* - * Trusted Boot Firmware Certificate - */ - -/* TrustedBootFirmwareHash - BL2 */ -#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" - - -/* - * Trusted Key Certificate - */ - -/* PrimaryDebugCertificatePK */ -#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" -/* TrustedWorldPK */ -#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" -/* NonTrustedWorldPK */ -#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" - - -/* - * Trusted Debug Certificate - */ - -/* DebugScenario */ -#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" -/* SoC Specific */ -#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" -/* SecondaryDebugCertPK */ -#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" - - -/* - * SoC Firmware Key Certificate - */ - -/* SoCFirmwareContentCertPK */ -#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" - - -/* - * SoC Firmware Content Certificate - */ - -/* APRomPatchHash - BL1_PATCH */ -#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" -/* SoCConfigHash */ -#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" -/* SoCAPFirmwareHash - BL31 */ -#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" - - -/* - * SCP Firmware Key Certificate - */ - -/* SCPFirmwareContentCertPK */ -#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" - - -/* - * SCP Firmware Content Certificate - */ - -/* SCPFirmwareHash - SCP_BL2 */ -#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" -/* SCPRomPatchHash - SCP_BL1_PATCH */ -#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" - - -/* - * Trusted OS Firmware Key Certificate - */ - -/* TrustedOSFirmwareContentCertPK */ -#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" - - -/* - * Trusted OS Firmware Content Certificate - */ - -/* TrustedOSFirmwareHash - BL32 */ -#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" - - -/* - * Non-Trusted Firmware Key Certificate - */ - -/* NonTrustedFirmwareContentCertPK */ -#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" - - -/* - * Non-Trusted Firmware Content Certificate - */ - -/* NonTrustedWorldBootloaderHash - BL33 */ -#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" - -#endif /* __BOARD_ARM_OID_H__ */ diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h new file mode 100644 index 00000000..7a340878 --- /dev/null +++ b/include/tools_share/tbbr_oid.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef __TBBR_OID_H__ +#define __TBBR_OID_H__ + +/* + * The following is a list of OID values defined and reserved by ARM, which + * are used to define the extension fields of the certificate structure, as + * defined in the Trusted Board Boot Requirements (TBBR) specification, + * ARM DEN0006C-1. + */ + + +/* TrustedFirmwareNVCounter - Non-volatile counter extension */ +#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" +/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ +#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" + + +/* + * Non-Trusted Firmware Updater Certificate + */ + +/* APFirmwareUpdaterConfigHash - BL2U */ +#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" +/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ +#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" +/* FirmwareUpdaterHash - NS_BL2U */ +#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" +/* TrustedWatchdogRefreshTime */ +#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" + + +/* + * Trusted Boot Firmware Certificate + */ + +/* TrustedBootFirmwareHash - BL2 */ +#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" + + +/* + * Trusted Key Certificate + */ + +/* PrimaryDebugCertificatePK */ +#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" +/* TrustedWorldPK */ +#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" +/* NonTrustedWorldPK */ +#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" + + +/* + * Trusted Debug Certificate + */ + +/* DebugScenario */ +#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" +/* SoC Specific */ +#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" +/* SecondaryDebugCertPK */ +#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" + + +/* + * SoC Firmware Key Certificate + */ + +/* SoCFirmwareContentCertPK */ +#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" + + +/* + * SoC Firmware Content Certificate + */ + +/* APRomPatchHash - BL1_PATCH */ +#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" +/* SoCConfigHash */ +#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" +/* SoCAPFirmwareHash - BL31 */ +#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" + + +/* + * SCP Firmware Key Certificate + */ + +/* SCPFirmwareContentCertPK */ +#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" + + +/* + * SCP Firmware Content Certificate + */ + +/* SCPFirmwareHash - SCP_BL2 */ +#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" +/* SCPRomPatchHash - SCP_BL1_PATCH */ +#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" + + +/* + * Trusted OS Firmware Key Certificate + */ + +/* TrustedOSFirmwareContentCertPK */ +#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" + + +/* + * Trusted OS Firmware Content Certificate + */ + +/* TrustedOSFirmwareHash - BL32 */ +#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" + + +/* + * Non-Trusted Firmware Key Certificate + */ + +/* NonTrustedFirmwareContentCertPK */ +#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" + + +/* + * Non-Trusted Firmware Content Certificate + */ + +/* NonTrustedWorldBootloaderHash - BL33 */ +#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" + +#endif /* __TBBR_OID_H__ */ -- cgit v1.2.3