Commit f09852c9 authored by Mark Dykes's avatar Mark Dykes Committed by TrustedFirmware Code Review
Browse files

Merge changes from topic "sb/dualroot" into integration

* changes:
  plat/arm: Pass cookie argument down to arm_get_rotpk_info()
  plat/arm: Add support for dualroot CoT
  plat/arm: Provide some PROTK files for development
parents 46b3003b 88005701
...@@ -268,7 +268,7 @@ __dead2 void plat_arm_error_handler(int err); ...@@ -268,7 +268,7 @@ __dead2 void plat_arm_error_handler(int err);
* Optional functions in ARM standard platforms * Optional functions in ARM standard platforms
*/ */
void plat_arm_override_gicr_frames(const uintptr_t *plat_gicr_frames); void plat_arm_override_gicr_frames(const uintptr_t *plat_gicr_frames);
int arm_get_rotpk_info(void **key_ptr, unsigned int *key_len, int arm_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags); unsigned int *flags);
int arm_get_rotpk_info_regs(void **key_ptr, unsigned int *key_len, int arm_get_rotpk_info_regs(void **key_ptr, unsigned int *key_len,
unsigned int *flags); unsigned int *flags);
......
...@@ -110,7 +110,7 @@ int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len, ...@@ -110,7 +110,7 @@ int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len,
/* /*
* Wraper function for most Arm platforms to get ROTPK hash. * Wraper function for most Arm platforms to get ROTPK hash.
*/ */
int arm_get_rotpk_info(void **key_ptr, unsigned int *key_len, int arm_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
#if ARM_CRYPTOCELL_INTEG #if ARM_CRYPTOCELL_INTEG
......
...@@ -68,4 +68,25 @@ BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ ...@@ -68,4 +68,25 @@ BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
plat/arm/board/common/rotpk/arm_dev_rotpk.S plat/arm/board/common/rotpk/arm_dev_rotpk.S
# Allows platform code to provide implementation variants depending on the
# selected chain of trust.
$(eval $(call add_define,ARM_COT_${COT}))
ifeq (${COT},dualroot)
# Platform Root of Trust key files.
ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem
ARM_PROTPK_HASH := plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
# Provide the private key to cert_create tool. It needs it to sign the images.
PROT_KEY := ${ARM_PROT_KEY}
$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S
BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S
$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
endif
endif endif
This directory contains some development keys to be used as the platform
root-of-trust key.
* arm_protprivk_rsa.pem is a 2K RSA private key in PEM format. It has been
generated using the openssl command line tool:
openssl genrsa 2048 > arm_protprivk_rsa.pem
* arm_protpk_rsa_sha256.bin is the SHA-256 hash of the DER-encoded public key
associated with the above private key. It has been generated using the openssl
command line tool:
openssl rsa -in arm_protprivk_rsa.pem -pubout -outform DER | \
openssl dgst -sha256 -binary > arm_protpk_rsa_sha256.bin
/*
* Copyright (c) 2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
.global arm_protpk_hash
.global arm_protpk_hash_end
.section .rodata.arm_protpk_hash, "a"
arm_protpk_hash:
/* DER header. */
.byte 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48
.byte 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
/* Key hash. */
.incbin ARM_PROTPK_HASH
arm_protpk_hash_end:
6{W*`tve׷ PK{9
\ No newline at end of file
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzR0h/Z4Up17wfuRlYrUWseGDmlGKpl1PflGiYbyVmI7PwTTp
y/T77EiljGp52suLWntHsc0lee50pW16DU2c5bVfmyofau3GjJ1Yqw5XFAahr6eM
/0mkN8utrevvcRT9CP07D+zdhb/WlRUAnedqr/AUHU8BXS+Bxe8P0Z0Z7+DKjYZp
thzXxsjKM02BFFzNwyVrlyBFDkW/53A4M+dpmuWDjAGCJH88W/u0LdmLcii11IzD
/Ofz8Jxc/ZhqL+9FFK4qU+AJp8yXAnACSB46DlNltJrode0y5tmPhtS37ZF7EFb8
UZWwZVgtuQyuyz9RYUS6jtiGuq6s8GlRwjTe7wIDAQABAoIBAFoWIYeyln+sQxR4
W88umfkmgxaUGcFX2kIwuJEUst9+WeERzF24C62LeqphWYOvQlVLMAH3iC41fSXr
H2AYZoC9WHBd386nAD1iHj+C3Nv+zaTIgjTdszKOUonAxjl0bm40SmyELAdCaoyv
3MV9jm4Xk74LpR24b9bvWJNH3MxttH9hiYS+n0IzeTXDfO8GrNvHh92zx+jo8yMm
Khhu+TDC9jA2pHpJcF/0EXxYMhwYiQT16nnHb+xMgS4JpalQhvVK01s4VYGHRoFk
K6xh4TIS336LDLyalrGsPlfNfEdx+DimShDIfBUx9Jp3Pp11TUQUz4rhIHB9WdfG
b6bV4wECgYEA+cgPS2TQ7XQ1RJq1S7OGePtBXvnoH226KwGS6Fey8838tLxbblim
MU+EOYs3O66V6U2YpzmIakXo8030k8thY+jKbZl3l0m/hMuPOG66hfE5i7dYsiP4
atok5wFiNeNYYjHMEayzk53MhG8EOh36msAO7ohKmenONUBA7pk6yTkCgYEA0jhk
HPshwi+wKkx+JLTnuoEgx40tkRgSF2xBqKssMTasaQmX8qG+w9CEs0R8nZCI70Vc
tXSFcidjdkHUVE2WsygIFuS1tbsAnpaxtn3E6rjie30X/Z280+TV0HjR0EMETmwl
ShC5lZ0oP3LpEZfjbR5qs2kFW4MOxA7tjQVaMWcCgYEA5ZbVMBifzdMl70RA5i9C
qEtSQAl3KgRCvar5rKSHsX+iC0Kiy9+iCusq/3WONEZ6NvMDIJpKYFyYDaOW7o5f
m2TrRChu+1lnN5mfsGBfBCTBH0JMvZlAin6ussLb0eqBX+ijyY8zlLjTttsQSJcr
tThZwTj3UVfOGbZQuL+RgEkCgYBXO3U3nXI9vUIx2zoBC1yZRNoQVGITMlTXiWGZ
lyYoadKTZ5q44Sti4BUguounaoGYIEU/OtHhM70PJnPwY53kS/lHXrKUbbvtEwU9
f+UFraC1s4wP/rOLjgq3jlsqO5T+4dt7Z4NLNUKtSYazeT6zWgrW1f6WIcUv0C38
9bqegwKBgFCK3Oa5ibL5sPaPQ/1UfdeW4JVuu6A4JhHS7r+cVLsmcrvE1Qv7Wcvw
B5aqXeqLu2dtIN8/f++3tzccs9LXKY/fh72D4TVjfrqOSSZoGTH9l4U5NXbqWM3I
skkAYb2bMST/d1qSyYesgXVNAlaQHRh3vEz8x853nJ3v9OFj8/rW
-----END RSA PRIVATE KEY-----
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
return arm_get_rotpk_info(key_ptr, key_len, flags); return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
} }
/* /*
......
...@@ -22,5 +22,5 @@ ...@@ -22,5 +22,5 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
return arm_get_rotpk_info(key_ptr, key_len, flags); return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
} }
...@@ -22,5 +22,5 @@ ...@@ -22,5 +22,5 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
return arm_get_rotpk_info(key_ptr, key_len, flags); return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
} }
...@@ -22,5 +22,5 @@ ...@@ -22,5 +22,5 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
return arm_get_rotpk_info(key_ptr, key_len, flags); return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
} }
...@@ -22,5 +22,5 @@ ...@@ -22,5 +22,5 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
return arm_get_rotpk_info(key_ptr, key_len, flags); return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
} }
...@@ -297,6 +297,8 @@ ifneq (${TRUSTED_BOARD_BOOT},0) ...@@ -297,6 +297,8 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
# Include the selected chain of trust sources. # Include the selected chain of trust sources.
ifeq (${COT},tbbr) ifeq (${COT},tbbr)
AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot.c AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot.c
else ifeq (${COT},dualroot)
AUTH_SOURCES += drivers/auth/dualroot/cot.c
else else
$(error Unknown chain of trust ${COT}) $(error Unknown chain of trust ${COT})
endif endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment