Merge pull request #453 from yatharth-arm/yk/fwu-6

Firmware Update patch stack

tools/cert_create/src/main.c

@@ -217,8 +217,11 @@ static void check_cmd_params(void)
 				}
 				break;
 			case EXT_TYPE_HASH:
-				/* Binary image must be specified */
-				if (ext->data.fn == NULL) {
+				/*
+				 * Binary image must be specified
+				 * unless it is explicitly made optional.
+				 */
+				if ((!ext->optional) && (ext->data.fn == NULL)) {
 					ERROR("Image for '%s' not specified\n",
 					      ext->ln);
 					exit(1);
@@ -410,12 +413,20 @@ int main(int argc, char *argv[])
 				break;
 			case EXT_TYPE_HASH:
 				if (ext->data.fn == NULL) {
-					break;
-				}
-				if (!sha_file(ext->data.fn, md)) {
-					ERROR("Cannot calculate hash of %s\n",
-						ext->data.fn);
-					exit(1);
+					if (ext->optional) {
+						/* Include a hash filled with zeros */
+						memset(md, 0x0, SHA256_DIGEST_LENGTH);
+					} else {
+						/* Do not include this hash in the certificate */
+						break;
+					}
+				} else {
+					/* Calculate the hash of the file */
+					if (!sha_file(ext->data.fn, md)) {
+						ERROR("Cannot calculate hash of %s\n",
+							ext->data.fn);
+						exit(1);
+					}
 				}
 				CHECK_NULL(cert_ext, ext_new_hash(ext_nid,
 						EXT_CRIT, md_info, md,

tools/cert_create/src/tbbr/tbb_cert.c

@@ -160,6 +160,20 @@ static cert_t tbb_certs[] = {
 			BL33_HASH_EXT
 		},
 		.num_ext = 1
+	},
+	[FWU_CERT] = {
+		.id = FWU_CERT,
+		.opt = "fwu-cert",
+		.fn = NULL,
+		.cn = "FWU Certificate",
+		.key = ROT_KEY,
+		.issuer = FWU_CERT,
+		.ext = {
+			SCP_BL2U_HASH_EXT,
+			BL2U_HASH_EXT,
+			NS_BL2U_HASH_EXT
+		},
+		.num_ext = 3
 	}
 };
 

tools/cert_create/src/tbbr/tbb_ext.c

@@ -145,6 +145,33 @@ static ext_t tbb_ext[] = {
 		.ln = "Non-Trusted World (BL33) hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
+	},
+	[SCP_BL2U_HASH_EXT] = {
+		.oid = SCP_BL2U_HASH_OID,
+		.opt = "scp_bl2u",
+		.sn = "SCPFWUpdateConfig",
+		.ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[BL2U_HASH_EXT] = {
+		.oid = BL2U_HASH_OID,
+		.opt = "bl2u",
+		.sn = "APFWUpdateConfig",
+		.ln = "AP Firmware Update Config (BL2U) hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[NS_BL2U_HASH_EXT] = {
+		.oid = NS_BL2U_HASH_OID,
+		.opt = "ns_bl2u",
+		.sn = "FWUpdaterHash",
+		.ln = "Firmware Updater (NS_BL2U) hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
 	}
 };
 

tools/fip_create/fip_create.c

 /*
- * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -55,6 +55,14 @@ uuid_t uuid_null = {0};
 
 /* The images used depends on the platform. */
 static entry_lookup_list_t toc_entry_lookup_list[] = {
+	{ "SCP Firmware Updater Configuration FWU SCP_BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U,
+	  "scp_bl2u", NULL, FLAG_FILENAME },
+	{ "AP Firmware Updater Configuration BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_BL2U,
+	  "bl2u", NULL, FLAG_FILENAME },
+	{ "Firmware Updater NS_BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U,
+	  "ns_bl2u", NULL, FLAG_FILENAME },
+	{ "Non-Trusted Firmware Updater certificate", UUID_TRUSTED_FWU_CERT,
+	  "fwu-cert", NULL, FLAG_FILENAME},
 	{ "Trusted Boot Firmware BL2", UUID_TRUSTED_BOOT_FIRMWARE_BL2,
 	  "bl2", NULL, FLAG_FILENAME },
 	{ "SCP Firmware BL3-0", UUID_SCP_FIRMWARE_BL30,