plat/arm: Add support for dualroot CoT

- Use the development PROTPK if using the dualroot CoT.

  Note that unlike the ROTPK, the PROTPK key hash file is not generated
  from the key file, instead it has to be provided. This might be
  enhanced in the future.

- Define a CoT build flag for the platform code to provide different
  implementations where needed.

Change-Id: Iaaf25183b94e77a99a5d8d875831d90c102a97ea
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

plat/arm/board/common/board_common.mk

@@ -68,4 +68,25 @@ BL1_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
 BL2_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
 				plat/arm/board/common/rotpk/arm_dev_rotpk.S
 
+# Allows platform code to provide implementation variants depending on the
+# selected chain of trust.
+$(eval $(call add_define,ARM_COT_${COT}))
+
+ifeq (${COT},dualroot)
+# Platform Root of Trust key files.
+ARM_PROT_KEY		:=	plat/arm/board/common/protpk/arm_protprivk_rsa.pem
+ARM_PROTPK_HASH		:=	plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
+
+# Provide the private key to cert_create tool. It needs it to sign the images.
+PROT_KEY		:=	${ARM_PROT_KEY}
+
+$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
+
+BL1_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
+BL2_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
+
+$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
+$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
+endif
+
 endif

plat/arm/common/arm_common.mk

@@ -294,6 +294,8 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
     # Include the selected chain of trust sources.
     ifeq (${COT},tbbr)
         AUTH_SOURCES	+=	drivers/auth/tbbr/tbbr_cot.c
+    else ifeq (${COT},dualroot)
+        AUTH_SOURCES	+=	drivers/auth/dualroot/cot.c
     else
         $(error Unknown chain of trust ${COT})
     endif