Commit ab5a53ef authored by danh-arm's avatar danh-arm
Browse files

Merge pull request #453 from yatharth-arm/yk/fwu-6

Firmware Update patch stack
parents 0e288c92 0191262d
...@@ -217,8 +217,11 @@ static void check_cmd_params(void) ...@@ -217,8 +217,11 @@ static void check_cmd_params(void)
} }
break; break;
case EXT_TYPE_HASH: case EXT_TYPE_HASH:
/* Binary image must be specified */ /*
if (ext->data.fn == NULL) { * Binary image must be specified
* unless it is explicitly made optional.
*/
if ((!ext->optional) && (ext->data.fn == NULL)) {
ERROR("Image for '%s' not specified\n", ERROR("Image for '%s' not specified\n",
ext->ln); ext->ln);
exit(1); exit(1);
...@@ -410,13 +413,21 @@ int main(int argc, char *argv[]) ...@@ -410,13 +413,21 @@ int main(int argc, char *argv[])
break; break;
case EXT_TYPE_HASH: case EXT_TYPE_HASH:
if (ext->data.fn == NULL) { if (ext->data.fn == NULL) {
if (ext->optional) {
/* Include a hash filled with zeros */
memset(md, 0x0, SHA256_DIGEST_LENGTH);
} else {
/* Do not include this hash in the certificate */
break; break;
} }
} else {
/* Calculate the hash of the file */
if (!sha_file(ext->data.fn, md)) { if (!sha_file(ext->data.fn, md)) {
ERROR("Cannot calculate hash of %s\n", ERROR("Cannot calculate hash of %s\n",
ext->data.fn); ext->data.fn);
exit(1); exit(1);
} }
}
CHECK_NULL(cert_ext, ext_new_hash(ext_nid, CHECK_NULL(cert_ext, ext_new_hash(ext_nid,
EXT_CRIT, md_info, md, EXT_CRIT, md_info, md,
SHA256_DIGEST_LENGTH)); SHA256_DIGEST_LENGTH));
......
...@@ -160,6 +160,20 @@ static cert_t tbb_certs[] = { ...@@ -160,6 +160,20 @@ static cert_t tbb_certs[] = {
BL33_HASH_EXT BL33_HASH_EXT
}, },
.num_ext = 1 .num_ext = 1
},
[FWU_CERT] = {
.id = FWU_CERT,
.opt = "fwu-cert",
.fn = NULL,
.cn = "FWU Certificate",
.key = ROT_KEY,
.issuer = FWU_CERT,
.ext = {
SCP_BL2U_HASH_EXT,
BL2U_HASH_EXT,
NS_BL2U_HASH_EXT
},
.num_ext = 3
} }
}; };
......
...@@ -145,6 +145,33 @@ static ext_t tbb_ext[] = { ...@@ -145,6 +145,33 @@ static ext_t tbb_ext[] = {
.ln = "Non-Trusted World (BL33) hash (SHA256)", .ln = "Non-Trusted World (BL33) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING, .asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH .type = EXT_TYPE_HASH
},
[SCP_BL2U_HASH_EXT] = {
.oid = SCP_BL2U_HASH_OID,
.opt = "scp_bl2u",
.sn = "SCPFWUpdateConfig",
.ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
},
[BL2U_HASH_EXT] = {
.oid = BL2U_HASH_OID,
.opt = "bl2u",
.sn = "APFWUpdateConfig",
.ln = "AP Firmware Update Config (BL2U) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
},
[NS_BL2U_HASH_EXT] = {
.oid = NS_BL2U_HASH_OID,
.opt = "ns_bl2u",
.sn = "FWUpdaterHash",
.ln = "Firmware Updater (NS_BL2U) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
} }
}; };
......
/* /*
* Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
...@@ -55,6 +55,14 @@ uuid_t uuid_null = {0}; ...@@ -55,6 +55,14 @@ uuid_t uuid_null = {0};
/* The images used depends on the platform. */ /* The images used depends on the platform. */
static entry_lookup_list_t toc_entry_lookup_list[] = { static entry_lookup_list_t toc_entry_lookup_list[] = {
{ "SCP Firmware Updater Configuration FWU SCP_BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U,
"scp_bl2u", NULL, FLAG_FILENAME },
{ "AP Firmware Updater Configuration BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_BL2U,
"bl2u", NULL, FLAG_FILENAME },
{ "Firmware Updater NS_BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U,
"ns_bl2u", NULL, FLAG_FILENAME },
{ "Non-Trusted Firmware Updater certificate", UUID_TRUSTED_FWU_CERT,
"fwu-cert", NULL, FLAG_FILENAME},
{ "Trusted Boot Firmware BL2", UUID_TRUSTED_BOOT_FIRMWARE_BL2, { "Trusted Boot Firmware BL2", UUID_TRUSTED_BOOT_FIRMWARE_BL2,
"bl2", NULL, FLAG_FILENAME }, "bl2", NULL, FLAG_FILENAME },
{ "SCP Firmware BL3-0", UUID_SCP_FIRMWARE_BL30, { "SCP Firmware BL3-0", UUID_SCP_FIRMWARE_BL30,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment