Merge pull request #1040 from sliai/support-opteed-header

Support opteed header

Merge pull request #1040 from sliai/support-opteed-header
Support opteed header
1a52aca5 · danh-arm · GitHub · ebab9831 · d59a6acc · 1a52aca5
Commit 1a52aca5 authored Aug 14, 2017 by danh-arm Committed by GitHub Aug 14, 2017
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@@ -125,9 +125,11 @@ static cert_t tbb_certs[] = {
 		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
 		.ext = {
 			TRUSTED_FW_NVCOUNTER_EXT,
-			TRUSTED_OS_FW_HASH_EXT
+			TRUSTED_OS_FW_HASH_EXT,
+			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+			TRUSTED_OS_FW_EXTRA2_HASH_EXT
 		},
-		.num_ext = 2
+		.num_ext = 4
 	},
 	[NON_TRUSTED_FW_KEY_CERT] = {
 		.id = NON_TRUSTED_FW_KEY_CERT,

--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -120,6 +120,26 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
+		.opt = "tos-fw-extra1",
+		.help_msg = "Trusted OS Extra1 image file",
+		.sn = "TrustedOSExtra1Hash",
+		.ln = "Trusted OS Extra1 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
+		.opt = "tos-fw-extra2",
+		.help_msg = "Trusted OS Extra2 image file",
+		.sn = "TrustedOSExtra2Hash",
+		.ln = "Trusted OS Extra2 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
 		.sn = "NonTrustedFirmwareContentCertPK",

--- a/tools/fiptool/fip_create.sh
+++ b/tools/fiptool/fip_create.sh
@@ -28,6 +28,8 @@ Components that can be added/updated:
 	--scp-fw FILENAME		SCP Firmware SCP_BL2
 	--soc-fw FILENAME		EL3 Runtime Firmware BL31
 	--tos-fw FILENAME		Secure Payload BL32 (Trusted OS)
+	--tos-fw-extra1 FILENAME	Secure Payload BL32 Extra1 (Trusted OS Extra1)
+	--tos-fw-extra2 FILENAME	Secure Payload BL32 Extra2 (Trusted OS Extra2)
 	--nt-fw FILENAME		Non-Trusted Firmware BL33
 	--rot-cert FILENAME		Root Of Trust key certificate
 	--trusted-key-cert FILENAME	Trusted key certificate
@@ -69,6 +71,8 @@ while :; do
 	    --scp-fw | \
 	    --soc-fw | \
 	    --tos-fw | \
+	    --tos-fw-extra1 | \
+	    --tos-fw-extra2 | \
 	    --nt-fw | \
 	    --rot-cert | \
 	    --trusted-key-cert | \

--- a/tools/fiptool/tbbr_config.c
+++ b/tools/fiptool/tbbr_config.c
@@ -52,6 +52,16 @@ toc_entry_t toc_entries[] = {
 		.uuid = UUID_SECURE_PAYLOAD_BL32,
 		.cmdline_name = "tos-fw"
 	},
+	{
+		.name = "Secure Payload BL32 Extra1 (Trusted OS Extra1)",
+		.uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
+		.cmdline_name = "tos-fw-extra1"
+	},
+	{
+		.name = "Secure Payload BL32 Extra2 (Trusted OS Extra2)",
+		.uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+		.cmdline_name = "tos-fw-extra2"
+	},
 	{
 		.name = "Non-Trusted Firmware BL33",
 		.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,