Commit ad2c1a9a authored by Juan Castillo's avatar Juan Castillo
Browse files

cert_create: specify command line options in the CoT

This patch introduces a new API that allows to specify command
line options in the Chain of Trust description. These command line
options may be used to specify parameters related to the CoT (i.e.
keys or certificates), instead of keeping a hardcoded list of
options in main.c.

Change-Id: I282b0b01cb9add557b26bddc238a28253ce05e44
parent dfc90e26
...@@ -36,6 +36,7 @@ BINARY := ${PROJECT} ...@@ -36,6 +36,7 @@ BINARY := ${PROJECT}
OPENSSL_DIR := /usr OPENSSL_DIR := /usr
OBJECTS := src/cert.o \ OBJECTS := src/cert.o \
src/cmd_opt.o \
src/ext.o \ src/ext.o \
src/key.o \ src/key.o \
src/main.o \ src/main.o \
......
...@@ -54,6 +54,7 @@ typedef struct cert_s cert_t; ...@@ -54,6 +54,7 @@ typedef struct cert_s cert_t;
struct cert_s { struct cert_s {
int id; /* Unique identifier */ int id; /* Unique identifier */
const char *opt; /* Command line option to pass filename */
const char *fn; /* Filename to save the certificate */ const char *fn; /* Filename to save the certificate */
const char *cn; /* Subject CN (Company Name) */ const char *cn; /* Subject CN (Company Name) */
...@@ -67,6 +68,8 @@ struct cert_s { ...@@ -67,6 +68,8 @@ struct cert_s {
}; };
/* Exported API */ /* Exported API */
int cert_init(void);
cert_t *cert_get_by_opt(const char *opt);
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk); int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
......
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef CMD_OPT_H_
#define CMD_OPT_H_
#include <getopt.h>
#define CMD_OPT_MAX_NUM 64
/* Supported long command line option types */
enum {
CMD_OPT_CERT,
CMD_OPT_KEY,
CMD_OPT_EXT
};
/* Exported API*/
int cmd_opt_add(const char *name, int has_arg, int val);
const struct option *cmd_opt_get_array(void);
const char *cmd_opt_get_name(int idx);
#endif /* CMD_OPT_H_ */
...@@ -56,6 +56,7 @@ typedef struct ext_s { ...@@ -56,6 +56,7 @@ typedef struct ext_s {
* - V_ASN1_OCTET_STRING * - V_ASN1_OCTET_STRING
*/ */
int type; int type;
const char *opt; /* Command line option to specify data */
/* Extension data (depends on extension type) */ /* Extension data (depends on extension type) */
union { union {
const char *fn; /* File with extension data */ const char *fn; /* File with extension data */
...@@ -79,7 +80,8 @@ enum { ...@@ -79,7 +80,8 @@ enum {
}; };
/* Exported API */ /* Exported API */
int ext_register(ext_t *tbb_ext); int ext_init(void);
ext_t *ext_get_by_opt(const char *opt);
X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
unsigned char *buf, size_t len); unsigned char *buf, size_t len);
X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value); X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value);
......
...@@ -63,12 +63,15 @@ enum { ...@@ -63,12 +63,15 @@ enum {
*/ */
typedef struct key_s { typedef struct key_s {
int id; /* Key id */ int id; /* Key id */
const char *opt; /* Command line option to specify a key */
const char *desc; /* Key description (debug purposes) */ const char *desc; /* Key description (debug purposes) */
char *fn; /* Filename to load/store the key */ char *fn; /* Filename to load/store the key */
EVP_PKEY *key; /* Key container */ EVP_PKEY *key; /* Key container */
} key_t; } key_t;
/* Exported API */ /* Exported API */
int key_init(void);
key_t *key_get_by_opt(const char *opt);
int key_create(key_t *key, int type); int key_create(key_t *key, int type);
int key_load(key_t *key, unsigned int *err_code); int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key); int key_store(key_t *key);
......
...@@ -39,6 +39,7 @@ ...@@ -39,6 +39,7 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "cert.h" #include "cert.h"
#include "cmd_opt.h"
#include "debug.h" #include "debug.h"
#include "key.h" #include "key.h"
#include "platform_oid.h" #include "platform_oid.h"
...@@ -179,3 +180,35 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk) ...@@ -179,3 +180,35 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
cert->x = x; cert->x = x;
return 1; return 1;
} }
int cert_init(void)
{
cert_t *cert;
int rc = 0;
unsigned int i;
for (i = 0; i < num_certs; i++) {
cert = &certs[i];
rc = cmd_opt_add(cert->opt, required_argument, CMD_OPT_CERT);
if (rc != 0) {
break;
}
}
return rc;
}
cert_t *cert_get_by_opt(const char *opt)
{
cert_t *cert = NULL;
unsigned int i;
for (i = 0; i < num_certs; i++) {
cert = &certs[i];
if (0 == strcmp(cert->opt, opt)) {
return cert;
}
}
return NULL;
}
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <getopt.h>
#include <stddef.h>
#include <cmd_opt.h>
/* Command line options */
static struct option long_opt[CMD_OPT_MAX_NUM+1];
static int num_reg_opt;
int cmd_opt_add(const char *name, int has_arg, int val)
{
if (num_reg_opt >= CMD_OPT_MAX_NUM) {
return -1;
}
long_opt[num_reg_opt].name = name;
long_opt[num_reg_opt].has_arg = has_arg;
long_opt[num_reg_opt].flag = 0;
long_opt[num_reg_opt].val = val;
num_reg_opt++;
return 0;
}
const struct option *cmd_opt_get_array(void)
{
return long_opt;
}
const char *cmd_opt_get_name(int idx)
{
if (idx >= num_reg_opt) {
return NULL;
}
return long_opt[idx].name;
}
...@@ -35,6 +35,8 @@ ...@@ -35,6 +35,8 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "cmd_opt.h"
#include "ext.h" #include "ext.h"
DECLARE_ASN1_ITEM(ASN1_INTEGER) DECLARE_ASN1_ITEM(ASN1_INTEGER)
...@@ -65,13 +67,26 @@ IMPLEMENT_ASN1_FUNCTIONS(HASH) ...@@ -65,13 +67,26 @@ IMPLEMENT_ASN1_FUNCTIONS(HASH)
* *
* Return: 0 = success, Otherwise: error * Return: 0 = success, Otherwise: error
*/ */
int ext_register(ext_t *exts) int ext_init(void)
{ {
ext_t *ext; ext_t *ext;
X509V3_EXT_METHOD *m; X509V3_EXT_METHOD *m;
int i = 0, nid, ret; int nid, ret;
unsigned int i;
while ((ext = &exts[i++]) && ext->oid) { for (i = 0; i < num_extensions; i++) {
ext = &extensions[i];
/* Register command line option */
if (ext->opt) {
if (cmd_opt_add(ext->opt, required_argument,
CMD_OPT_EXT)) {
return 1;
}
}
/* Register the extension OID in OpenSSL */
if (ext->oid == NULL) {
continue;
}
nid = OBJ_create(ext->oid, ext->sn, ext->ln); nid = OBJ_create(ext->oid, ext->sn, ext->ln);
if (ext->alias) { if (ext->alias) {
X509V3_EXT_add_alias(nid, ext->alias); X509V3_EXT_add_alias(nid, ext->alias);
...@@ -295,3 +310,20 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k) ...@@ -295,3 +310,20 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k)
return ex; return ex;
} }
ext_t *ext_get_by_opt(const char *opt)
{
ext_t *ext = NULL;
unsigned int i;
/* Sequential search. This is not a performance concern since the number
* of extensions is bounded and the code runs on a host machine */
for (i = 0; i < num_extensions; i++) {
ext = &extensions[i];
if (ext->opt && !strcmp(ext->opt, opt)) {
return ext;
}
}
return NULL;
}
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#include "cert.h" #include "cert.h"
#include "cmd_opt.h"
#include "debug.h" #include "debug.h"
#include "key.h" #include "key.h"
#include "platform_oid.h" #include "platform_oid.h"
...@@ -190,3 +191,40 @@ int key_store(key_t *key) ...@@ -190,3 +191,40 @@ int key_store(key_t *key)
return 0; return 0;
} }
int key_init(void)
{
key_t *key;
int rc = 0;
unsigned int i;
for (i = 0; i < num_keys; i++) {
key = &keys[i];
if (key->opt != NULL) {
rc = cmd_opt_add(key->opt, required_argument,
CMD_OPT_KEY);
if (rc != 0) {
break;
}
}
}
return rc;
}
key_t *key_get_by_opt(const char *opt)
{
key_t *key = NULL;
unsigned int i;
/* Sequential search. This is not a performance concern since the number
* of keys is bounded and the code runs on a host machine */
for (i = 0; i < num_keys; i++) {
key = &keys[i];
if (0 == strcmp(key->opt, opt)) {
return key;
}
}
return NULL;
}
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "cert.h" #include "cert.h"
#include "cmd_opt.h"
#include "debug.h" #include "debug.h"
#include "ext.h" #include "ext.h"
#include "key.h" #include "key.h"
...@@ -139,43 +140,7 @@ static const char *key_algs_str[] = { ...@@ -139,43 +140,7 @@ static const char *key_algs_str[] = {
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
}; };
/* Command line options */ static void print_help(const char *cmd, const struct option *long_opt)
static const struct option long_opt[] = {
/* Binary images */
{"bl2", required_argument, 0, BL2_ID},
{"bl30", required_argument, 0, BL30_ID},
{"bl31", required_argument, 0, BL31_ID},
{"bl32", required_argument, 0, BL32_ID},
{"bl33", required_argument, 0, BL33_ID},
/* Certificate files */
{"bl2-cert", required_argument, 0, BL2_CERT_ID},
{"trusted-key-cert", required_argument, 0, TRUSTED_KEY_CERT_ID},
{"bl30-key-cert", required_argument, 0, BL30_KEY_CERT_ID},
{"bl30-cert", required_argument, 0, BL30_CERT_ID},
{"bl31-key-cert", required_argument, 0, BL31_KEY_CERT_ID},
{"bl31-cert", required_argument, 0, BL31_CERT_ID},
{"bl32-key-cert", required_argument, 0, BL32_KEY_CERT_ID},
{"bl32-cert", required_argument, 0, BL32_CERT_ID},
{"bl33-key-cert", required_argument, 0, BL33_KEY_CERT_ID},
{"bl33-cert", required_argument, 0, BL33_CERT_ID},
/* Private key files */
{"rot-key", required_argument, 0, ROT_KEY_ID},
{"trusted-world-key", required_argument, 0, TRUSTED_WORLD_KEY_ID},
{"non-trusted-world-key", required_argument, 0, NON_TRUSTED_WORLD_KEY_ID},
{"bl30-key", required_argument, 0, BL30_KEY_ID},
{"bl31-key", required_argument, 0, BL31_KEY_ID},
{"bl32-key", required_argument, 0, BL32_KEY_ID},
{"bl33-key", required_argument, 0, BL33_KEY_ID},
/* Common options */
{"key-alg", required_argument, 0, 'a'},
{"help", no_argument, 0, 'h'},
{"save-keys", no_argument, 0, 'k'},
{"new-chain", no_argument, 0, 'n'},
{"print-cert", no_argument, 0, 'p'},
{0, 0, 0, 0}
};
static void print_help(const char *cmd)
{ {
int i = 0; int i = 0;
printf("\n\n"); printf("\n\n");
...@@ -274,10 +239,13 @@ int main(int argc, char *argv[]) ...@@ -274,10 +239,13 @@ int main(int argc, char *argv[])
STACK_OF(X509_EXTENSION) * sk = NULL; STACK_OF(X509_EXTENSION) * sk = NULL;
X509_EXTENSION *cert_ext = NULL; X509_EXTENSION *cert_ext = NULL;
ext_t *ext = NULL; ext_t *ext = NULL;
cert_t *cert; key_t *key = NULL;
cert_t *cert = NULL;
FILE *file = NULL; FILE *file = NULL;
int i, j, ext_nid; int i, j, ext_nid;
int c, opt_idx = 0; int c, opt_idx = 0;
const struct option *cmd_opt;
const char *cur_opt;
unsigned int err_code; unsigned int err_code;
unsigned char md[SHA256_DIGEST_LENGTH]; unsigned char md[SHA256_DIGEST_LENGTH];
const EVP_MD *md_info; const EVP_MD *md_info;
...@@ -288,9 +256,37 @@ int main(int argc, char *argv[]) ...@@ -288,9 +256,37 @@ int main(int argc, char *argv[])
/* Set default options */ /* Set default options */
key_alg = KEY_ALG_RSA; key_alg = KEY_ALG_RSA;
/* Add common command line options */
cmd_opt_add("key-alg", required_argument, 'a');
cmd_opt_add("help", no_argument, 'h');
cmd_opt_add("save-keys", no_argument, 'k');
cmd_opt_add("new-chain", no_argument, 'n');
cmd_opt_add("print-cert", no_argument, 'p');
/* Initialize the certificates */
if (cert_init() != 0) {
ERROR("Cannot initialize certificates\n");
exit(1);
}
/* Initialize the keys */
if (key_init() != 0) {
ERROR("Cannot initialize keys\n");
exit(1);
}
/* Initialize the new types and register OIDs for the extensions */
if (ext_init() != 0) {
ERROR("Cannot initialize TBB extensions\n");
exit(1);
}
/* Get the command line options populated during the initialization */
cmd_opt = cmd_opt_get_array();
while (1) { while (1) {
/* getopt_long stores the option index here. */ /* getopt_long stores the option index here. */
c = getopt_long(argc, argv, "ahknp", long_opt, &opt_idx); c = getopt_long(argc, argv, "ahknp", cmd_opt, &opt_idx);
/* Detect the end of the options. */ /* Detect the end of the options. */
if (c == -1) { if (c == -1) {
...@@ -306,7 +302,7 @@ int main(int argc, char *argv[]) ...@@ -306,7 +302,7 @@ int main(int argc, char *argv[])
} }
break; break;
case 'h': case 'h':
print_help(argv[0]); print_help(argv[0], cmd_opt);
break; break;
case 'k': case 'k':
save_keys = 1; save_keys = 1;
...@@ -317,71 +313,20 @@ int main(int argc, char *argv[]) ...@@ -317,71 +313,20 @@ int main(int argc, char *argv[])
case 'p': case 'p':
print_cert = 1; print_cert = 1;
break; break;
case BL2_ID: case CMD_OPT_EXT:
extensions[BL2_HASH_EXT].data.fn = strdup(optarg); cur_opt = cmd_opt_get_name(opt_idx);
break; ext = ext_get_by_opt(cur_opt);
case BL30_ID: ext->data.fn = strdup(optarg);
extensions[BL30_HASH_EXT].data.fn = strdup(optarg);
break;
case BL31_ID:
extensions[BL31_HASH_EXT].data.fn = strdup(optarg);
break;
case BL32_ID:
extensions[BL32_HASH_EXT].data.fn = strdup(optarg);
break;
case BL33_ID:
extensions[BL33_HASH_EXT].data.fn = strdup(optarg);
break; break;
case BL2_CERT_ID: case CMD_OPT_KEY:
certs[BL2_CERT].fn = strdup(optarg); cur_opt = cmd_opt_get_name(opt_idx);
key = key_get_by_opt(cur_opt);
key->fn = strdup(optarg);
break; break;
case TRUSTED_KEY_CERT_ID: case CMD_OPT_CERT:
certs[TRUSTED_KEY_CERT].fn = strdup(optarg); cur_opt = cmd_opt_get_name(opt_idx);
break; cert = cert_get_by_opt(cur_opt);
case BL30_KEY_CERT_ID: cert->fn = strdup(optarg);
certs[BL30_KEY_CERT].fn = strdup(optarg);
break;
case BL30_CERT_ID:
certs[BL30_CERT].fn = strdup(optarg);
break;
case BL31_KEY_CERT_ID:
certs[BL31_KEY_CERT].fn = strdup(optarg);
break;
case BL31_CERT_ID:
certs[BL31_CERT].fn = strdup(optarg);
break;
case BL32_KEY_CERT_ID:
certs[BL32_KEY_CERT].fn = strdup(optarg);
break;
case BL32_CERT_ID:
certs[BL32_CERT].fn = strdup(optarg);
break;
case BL33_KEY_CERT_ID:
certs[BL33_KEY_CERT].fn = strdup(optarg);
break;
case BL33_CERT_ID:
certs[BL33_CERT].fn = strdup(optarg);
break;
case ROT_KEY_ID:
keys[ROT_KEY].fn = strdup(optarg);
break;
case TRUSTED_WORLD_KEY_ID:
keys[TRUSTED_WORLD_KEY].fn = strdup(optarg);
break;
case NON_TRUSTED_WORLD_KEY_ID:
keys[NON_TRUSTED_WORLD_KEY].fn = strdup(optarg);
break;
case BL30_KEY_ID:
keys[BL30_KEY].fn = strdup(optarg);
break;
case BL31_KEY_ID:
keys[BL31_KEY].fn = strdup(optarg);
break;
case BL32_KEY_ID:
keys[BL32_KEY].fn = strdup(optarg);
break;
case BL33_KEY_ID:
keys[BL33_KEY].fn = strdup(optarg);
break; break;
case '?': case '?':
default: default:
...@@ -393,12 +338,6 @@ int main(int argc, char *argv[]) ...@@ -393,12 +338,6 @@ int main(int argc, char *argv[])
/* Check command line arguments */ /* Check command line arguments */
check_cmd_params(); check_cmd_params();
/* Register the new types and OIDs for the extensions */
if (ext_register(extensions) != 0) {
ERROR("Cannot register TBB extensions\n");
exit(1);
}
/* Indicate SHA256 as image hash algorithm in the certificate /* Indicate SHA256 as image hash algorithm in the certificate
* extension */ * extension */
md_info = EVP_sha256(); md_info = EVP_sha256();
......
...@@ -42,6 +42,7 @@ ...@@ -42,6 +42,7 @@
static cert_t tbb_certs[] = { static cert_t tbb_certs[] = {
[BL2_CERT] = { [BL2_CERT] = {
.id = BL2_CERT, .id = BL2_CERT,
.opt = "bl2-cert",
.fn = NULL, .fn = NULL,
.cn = "BL2 Certificate", .cn = "BL2 Certificate",
.key = ROT_KEY, .key = ROT_KEY,
...@@ -53,6 +54,7 @@ static cert_t tbb_certs[] = { ...@@ -53,6 +54,7 @@ static cert_t tbb_certs[] = {
}, },
[TRUSTED_KEY_CERT] = { [TRUSTED_KEY_CERT] = {
.id = TRUSTED_KEY_CERT, .id = TRUSTED_KEY_CERT,
.opt = "trusted-key-cert",
.fn = NULL, .fn = NULL,
.cn = "Trusted Key Certificate", .cn = "Trusted Key Certificate",
.key = ROT_KEY, .key = ROT_KEY,
...@@ -65,6 +67,7 @@ static cert_t tbb_certs[] = { ...@@ -65,6 +67,7 @@ static cert_t tbb_certs[] = {
}, },
[BL30_KEY_CERT] = { [BL30_KEY_CERT] = {
.id = BL30_KEY_CERT, .id = BL30_KEY_CERT,
.opt = "bl30-key-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-0 Key Certificate", .cn = "BL3-0 Key Certificate",
.key = TRUSTED_WORLD_KEY, .key = TRUSTED_WORLD_KEY,
...@@ -76,6 +79,7 @@ static cert_t tbb_certs[] = { ...@@ -76,6 +79,7 @@ static cert_t tbb_certs[] = {
}, },
[BL30_CERT] = { [BL30_CERT] = {
.id = BL30_CERT, .id = BL30_CERT,
.opt = "bl30-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-0 Content Certificate", .cn = "BL3-0 Content Certificate",
.key = BL30_KEY, .key = BL30_KEY,
...@@ -87,6 +91,7 @@ static cert_t tbb_certs[] = { ...@@ -87,6 +91,7 @@ static cert_t tbb_certs[] = {
}, },
[BL31_KEY_CERT] = { [BL31_KEY_CERT] = {
.id = BL31_KEY_CERT, .id = BL31_KEY_CERT,
.opt = "bl31-key-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-1 Key Certificate", .cn = "BL3-1 Key Certificate",
.key = TRUSTED_WORLD_KEY, .key = TRUSTED_WORLD_KEY,
...@@ -98,6 +103,7 @@ static cert_t tbb_certs[] = { ...@@ -98,6 +103,7 @@ static cert_t tbb_certs[] = {
}, },
[BL31_CERT] = { [BL31_CERT] = {
.id = BL31_CERT, .id = BL31_CERT,
.opt = "bl31-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-1 Content Certificate", .cn = "BL3-1 Content Certificate",
.key = BL31_KEY, .key = BL31_KEY,
...@@ -109,6 +115,7 @@ static cert_t tbb_certs[] = { ...@@ -109,6 +115,7 @@ static cert_t tbb_certs[] = {
}, },
[BL32_KEY_CERT] = { [BL32_KEY_CERT] = {
.id = BL32_KEY_CERT, .id = BL32_KEY_CERT,
.opt = "bl32-key-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-2 Key Certificate", .cn = "BL3-2 Key Certificate",
.key = TRUSTED_WORLD_KEY, .key = TRUSTED_WORLD_KEY,
...@@ -120,6 +127,7 @@ static cert_t tbb_certs[] = { ...@@ -120,6 +127,7 @@ static cert_t tbb_certs[] = {
}, },
[BL32_CERT] = { [BL32_CERT] = {
.id = BL32_CERT, .id = BL32_CERT,
.opt = "bl32-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-2 Content Certificate", .cn = "BL3-2 Content Certificate",
.key = BL32_KEY, .key = BL32_KEY,
...@@ -131,6 +139,7 @@ static cert_t tbb_certs[] = { ...@@ -131,6 +139,7 @@ static cert_t tbb_certs[] = {
}, },
[BL33_KEY_CERT] = { [BL33_KEY_CERT] = {
.id = BL33_KEY_CERT, .id = BL33_KEY_CERT,
.opt = "bl33-key-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-3 Key Certificate", .cn = "BL3-3 Key Certificate",
.key = NON_TRUSTED_WORLD_KEY, .key = NON_TRUSTED_WORLD_KEY,
...@@ -142,6 +151,7 @@ static cert_t tbb_certs[] = { ...@@ -142,6 +151,7 @@ static cert_t tbb_certs[] = {
}, },
[BL33_CERT] = { [BL33_CERT] = {
.id = BL33_CERT, .id = BL33_CERT,
.opt = "bl33-cert",
.fn = NULL, .fn = NULL,
.cn = "BL3-3 Content Certificate", .cn = "BL3-3 Content Certificate",
.key = BL33_KEY, .key = BL33_KEY,
......
...@@ -60,6 +60,7 @@ static ext_t tbb_ext[] = { ...@@ -60,6 +60,7 @@ static ext_t tbb_ext[] = {
}, },
[BL2_HASH_EXT] = { [BL2_HASH_EXT] = {
.oid = BL2_HASH_OID, .oid = BL2_HASH_OID,
.opt = "bl2",
.sn = "TrustedBootFirmwareHash", .sn = "TrustedBootFirmwareHash",
.ln = "Trusted Boot Firmware (BL2) hash (SHA256)", .ln = "Trusted Boot Firmware (BL2) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING, .asn1_type = V_ASN1_OCTET_STRING,
...@@ -91,6 +92,7 @@ static ext_t tbb_ext[] = { ...@@ -91,6 +92,7 @@ static ext_t tbb_ext[] = {
}, },
[BL30_HASH_EXT] = { [BL30_HASH_EXT] = {
.oid = BL30_HASH_OID, .oid = BL30_HASH_OID,
.opt = "bl30",
.sn = "SCPFirmwareHash", .sn = "SCPFirmwareHash",
.ln = "SCP Firmware (BL30) hash (SHA256)", .ln = "SCP Firmware (BL30) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING, .asn1_type = V_ASN1_OCTET_STRING,
...@@ -106,6 +108,7 @@ static ext_t tbb_ext[] = { ...@@ -106,6 +108,7 @@ static ext_t tbb_ext[] = {
}, },
[BL31_HASH_EXT] = { [BL31_HASH_EXT] = {
.oid = BL31_HASH_OID, .oid = BL31_HASH_OID,
.opt = "bl31",
.sn = "SoCAPFirmwareHash", .sn = "SoCAPFirmwareHash",
.ln = "SoC AP Firmware (BL31) hash (SHA256)", .ln = "SoC AP Firmware (BL31) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING, .asn1_type = V_ASN1_OCTET_STRING,
...@@ -121,6 +124,7 @@ static ext_t tbb_ext[] = { ...@@ -121,6 +124,7 @@ static ext_t tbb_ext[] = {
}, },
[BL32_HASH_EXT] = { [BL32_HASH_EXT] = {
.oid = BL32_HASH_OID, .oid = BL32_HASH_OID,
.opt = "bl32",
.sn = "TrustedOSHash", .sn = "TrustedOSHash",
.ln = "Trusted OS (BL32) hash (SHA256)", .ln = "Trusted OS (BL32) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING, .asn1_type = V_ASN1_OCTET_STRING,
...@@ -136,6 +140,7 @@ static ext_t tbb_ext[] = { ...@@ -136,6 +140,7 @@ static ext_t tbb_ext[] = {
}, },
[BL33_HASH_EXT] = { [BL33_HASH_EXT] = {
.oid = BL33_HASH_OID, .oid = BL33_HASH_OID,
.opt = "bl33",
.sn = "NonTrustedWorldBootloaderHash", .sn = "NonTrustedWorldBootloaderHash",
.ln = "Non-Trusted World (BL33) hash (SHA256)", .ln = "Non-Trusted World (BL33) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING, .asn1_type = V_ASN1_OCTET_STRING,
......
...@@ -38,30 +38,37 @@ ...@@ -38,30 +38,37 @@
static key_t tbb_keys[] = { static key_t tbb_keys[] = {
[ROT_KEY] = { [ROT_KEY] = {
.id = ROT_KEY, .id = ROT_KEY,
.opt = "rot-key",
.desc = "Root Of Trust key" .desc = "Root Of Trust key"
}, },
[TRUSTED_WORLD_KEY] = { [TRUSTED_WORLD_KEY] = {
.id = TRUSTED_WORLD_KEY, .id = TRUSTED_WORLD_KEY,
.opt = "trusted-world-key",
.desc = "Trusted World key" .desc = "Trusted World key"
}, },
[NON_TRUSTED_WORLD_KEY] = { [NON_TRUSTED_WORLD_KEY] = {
.id = NON_TRUSTED_WORLD_KEY, .id = NON_TRUSTED_WORLD_KEY,
.opt = "non-trusted-world-key",
.desc = "Non Trusted World key" .desc = "Non Trusted World key"
}, },
[BL30_KEY] = { [BL30_KEY] = {
.id = BL30_KEY, .id = BL30_KEY,
.opt = "bl30-key",
.desc = "BL30 key" .desc = "BL30 key"
}, },
[BL31_KEY] = { [BL31_KEY] = {
.id = BL31_KEY, .id = BL31_KEY,
.opt = "bl31-key",
.desc = "BL31 key" .desc = "BL31 key"
}, },
[BL32_KEY] = { [BL32_KEY] = {
.id = BL32_KEY, .id = BL32_KEY,
.opt = "bl32-key",
.desc = "BL32 key" .desc = "BL32 key"
}, },
[BL33_KEY] = { [BL33_KEY] = {
.id = BL33_KEY, .id = BL33_KEY,
.opt = "bl33-key",
.desc = "BL33 key" .desc = "BL33 key"
} }
}; };
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment