cert_tool: Update cert_tool for fw_config image support

Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0

diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 24a8f39ca2e7ec20d07a0aaefb718ecc97cc83a2..37d87d307209f0b58052fa9f1f0e1eec60f1405c 100644 (file)
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -43,6 +43,7 @@
 #define TRUSTED_BOOT_FW_HASH_OID               "1.3.6.1.4.1.4128.2100.201"
 #define TRUSTED_BOOT_FW_CONFIG_HASH_OID                "1.3.6.1.4.1.4128.2100.202"
 #define HW_CONFIG_HASH_OID                     "1.3.6.1.4.1.4128.2100.203"
+#define FW_CONFIG_HASH_OID                     "1.3.6.1.4.1.4128.2100.204"
 
 /*
  * Trusted Key Certificate

diff --git a/tools/cert_create/include/dualroot/cot.h b/tools/cert_create/include/dualroot/cot.h
index 47e371fe122d7216d23e477eaf788df1242d0275..1d959d4657aa36d09e25053de15301c8986676e8 100644 (file)
--- a/tools/cert_create/include/dualroot/cot.h
+++ b/tools/cert_create/include/dualroot/cot.h
@@ -32,6 +32,7 @@ enum {
        TRUSTED_BOOT_FW_HASH_EXT,
        TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
        HW_CONFIG_HASH_EXT,
+       FW_CONFIG_HASH_EXT,
        TRUSTED_WORLD_PK_EXT,
        SCP_FW_CONTENT_CERT_PK_EXT,
        SCP_FW_HASH_EXT,

diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 7ac97a5130579dcd6b2fd98508129def8603791b..692b2d4d317d3179dd997d0976b9b3e0bc007600 100644 (file)
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -15,6 +15,7 @@ enum {
        TRUSTED_BOOT_FW_HASH_EXT,
        TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
        HW_CONFIG_HASH_EXT,
+       FW_CONFIG_HASH_EXT,
        TRUSTED_WORLD_PK_EXT,
        NON_TRUSTED_WORLD_PK_EXT,
        SCP_FW_CONTENT_CERT_PK_EXT,

diff --git a/tools/cert_create/src/dualroot/cot.c b/tools/cert_create/src/dualroot/cot.c
index 29658281c90068a0f22fe39f56e1666f05af1a3c..a12ea21ff3bd8d9e5bd58f08a23f9bf1cae9b879 100644 (file)
--- a/tools/cert_create/src/dualroot/cot.c
+++ b/tools/cert_create/src/dualroot/cot.c
@@ -30,9 +30,10 @@ static cert_t cot_certs[] = {
                        TRUSTED_FW_NVCOUNTER_EXT,
                        TRUSTED_BOOT_FW_HASH_EXT,
                        TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
-                       HW_CONFIG_HASH_EXT
+                       HW_CONFIG_HASH_EXT,
+                       FW_CONFIG_HASH_EXT
                },
-               .num_ext = 4
+               .num_ext = 5
        },
 
        [TRUSTED_KEY_CERT] = {
@@ -239,6 +240,17 @@ static ext_t cot_ext[] = {
                .optional = 1
        },
 
+       [FW_CONFIG_HASH_EXT] = {
+               .oid = FW_CONFIG_HASH_OID,
+               .opt = "fw-config",
+               .help_msg = "Firmware Config file",
+               .sn = "FirmwareConfigHash",
+               .ln = "Firmware Config hash",
+               .asn1_type = V_ASN1_OCTET_STRING,
+               .type = EXT_TYPE_HASH,
+               .optional = 1
+       },
+
        [TRUSTED_WORLD_PK_EXT] = {
                .oid = TRUSTED_WORLD_PK_OID,
                .sn = "TrustedWorldPublicKey",

diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index b614e2e49a65c2c1e24ac98e95f3d3f68b518b27..f4fe63dc35cf45ad045eea5795a108efadb4f96a 100644 (file)
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -28,9 +28,10 @@ static cert_t tbb_certs[] = {
                        TRUSTED_FW_NVCOUNTER_EXT,
                        TRUSTED_BOOT_FW_HASH_EXT,
                        TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
-                       HW_CONFIG_HASH_EXT
+                       HW_CONFIG_HASH_EXT,
+                       FW_CONFIG_HASH_EXT
                },
-               .num_ext = 4
+               .num_ext = 5
        },
        [TRUSTED_KEY_CERT] = {
                .id = TRUSTED_KEY_CERT,

diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index 0068d3b4a9b04b20220436a433c585a342f8d7a0..60bafb4be8e1a3f6f08efc66d2d9083ae99c94f5 100644 (file)
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -69,6 +69,16 @@ static ext_t tbb_ext[] = {
                .type = EXT_TYPE_HASH,
                .optional = 1
        },
+       [FW_CONFIG_HASH_EXT] = {
+               .oid = FW_CONFIG_HASH_OID,
+               .opt = "fw-config",
+               .help_msg = "Firmware Config file",
+               .sn = "FirmwareConfigHash",
+               .ln = "Firmware Config hash",
+               .asn1_type = V_ASN1_OCTET_STRING,
+               .type = EXT_TYPE_HASH,
+               .optional = 1
+       },
        [TRUSTED_WORLD_PK_EXT] = {
                .oid = TRUSTED_WORLD_PK_OID,
                .sn = "TrustedWorldPublicKey",