diff options
author | Juan Castillo <juan.castillo@arm.com> | 2015-12-03 10:19:21 +0000 |
---|---|---|
committer | Juan Castillo <juan.castillo@arm.com> | 2015-12-14 12:29:44 +0000 |
commit | 516beb585c23056820a854b12c77a6f62cbc5c8b (patch) | |
tree | 3837ef73006b588001e0f87e4fccd9ea8a8e127e /tools/cert_create/src | |
parent | a84deb9c3fe5396d580b695acc09a75d67332559 (diff) |
TBB: apply TBBR naming convention to certificates and extensions
This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:
* Certificate UUID names
* Certificate identifier names
* OID names
Changes apply to:
* Generic code (variables and defines)
* The default certificate identifiers provided in the generic
code
* Build system
* ARM platforms port
* cert_create tool internal definitions
* fip_create and cert_create tools command line options
* Documentation
IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:
Certificate UUIDs:
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
Certificate identifiers:
BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
OIDs:
TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
BL30_HASH_OID --> SCP_FW_HASH_OID
BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
BL31_HASH_OID --> SOC_AP_FW_HASH_OID
BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
NS_BL2U_HASH_OID --> FWU_HASH_OID
Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
Diffstat (limited to 'tools/cert_create/src')
-rw-r--r-- | tools/cert_create/src/main.c | 18 | ||||
-rw-r--r-- | tools/cert_create/src/tbbr/tbb_cert.c | 126 | ||||
-rw-r--r-- | tools/cert_create/src/tbbr/tbb_ext.c | 104 | ||||
-rw-r--r-- | tools/cert_create/src/tbbr/tbb_key.c | 32 |
4 files changed, 140 insertions, 140 deletions
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index de15ef6f..6d11a277 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -91,16 +91,16 @@ enum { BL32_ID, BL33_ID, /* Certificate file names (outputs) */ - BL2_CERT_ID, + TRUSTED_BOOT_FW_CERT_ID, TRUSTED_KEY_CERT_ID, - BL30_KEY_CERT_ID, - BL30_CERT_ID, - BL31_KEY_CERT_ID, - BL31_CERT_ID, - BL32_KEY_CERT_ID, - BL32_CERT_ID, - BL33_KEY_CERT_ID, - BL33_CERT_ID, + SCP_FW_KEY_CERT_ID, + SCP_FW_CONTENT_CERT_ID, + SOC_FW_KEY_CERT_ID, + SOC_FW_CONTENT_CERT_ID, + TRUSTED_OS_FW_KEY_CERT_ID, + TRUSTED_OS_FW_CONTENT_CERT_ID, + NON_TRUSTED_FW_KEY_CERT_ID, + NON_TRUSTED_FW_CONTENT_CERT_ID, /* Key file names (input/output) */ ROT_KEY_ID, TRUSTED_WORLD_KEY_ID, diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c index 59a1cd9c..20be59f7 100644 --- a/tools/cert_create/src/tbbr/tbb_cert.c +++ b/tools/cert_create/src/tbbr/tbb_cert.c @@ -40,15 +40,15 @@ * field points to itself. */ static cert_t tbb_certs[] = { - [BL2_CERT] = { - .id = BL2_CERT, - .opt = "bl2-cert", + [TRUSTED_BOOT_FW_CERT] = { + .id = TRUSTED_BOOT_FW_CERT, + .opt = "tb-fw-cert", .fn = NULL, - .cn = "BL2 Certificate", + .cn = "Trusted Boot FW Certificate", .key = ROT_KEY, - .issuer = BL2_CERT, + .issuer = TRUSTED_BOOT_FW_CERT, .ext = { - BL2_HASH_EXT + TRUSTED_BOOT_FW_HASH_EXT }, .num_ext = 1 }, @@ -60,104 +60,104 @@ static cert_t tbb_certs[] = { .key = ROT_KEY, .issuer = TRUSTED_KEY_CERT, .ext = { - TZ_WORLD_PK_EXT, - NTZ_WORLD_PK_EXT + TRUSTED_WORLD_PK_EXT, + NON_TRUSTED_WORLD_PK_EXT }, .num_ext = 2 }, - [BL30_KEY_CERT] = { - .id = BL30_KEY_CERT, - .opt = "bl30-key-cert", + [SCP_FW_KEY_CERT] = { + .id = SCP_FW_KEY_CERT, + .opt = "scp-fw-key-cert", .fn = NULL, - .cn = "BL3-0 Key Certificate", + .cn = "SCP Firmware Key Certificate", .key = TRUSTED_WORLD_KEY, - .issuer = BL30_KEY_CERT, + .issuer = SCP_FW_KEY_CERT, .ext = { - BL30_CONTENT_CERT_PK_EXT + SCP_FW_CONTENT_CERT_PK_EXT }, .num_ext = 1 }, - [BL30_CERT] = { - .id = BL30_CERT, - .opt = "bl30-cert", + [SCP_FW_CONTENT_CERT] = { + .id = SCP_FW_CONTENT_CERT, + .opt = "scp-fw-cert", .fn = NULL, - .cn = "BL3-0 Content Certificate", - .key = BL30_KEY, - .issuer = BL30_CERT, + .cn = "SCP Firmware Content Certificate", + .key = SCP_FW_CONTENT_CERT_KEY, + .issuer = SCP_FW_CONTENT_CERT, .ext = { - BL30_HASH_EXT + SCP_FW_HASH_EXT }, .num_ext = 1 }, - [BL31_KEY_CERT] = { - .id = BL31_KEY_CERT, - .opt = "bl31-key-cert", + [SOC_FW_KEY_CERT] = { + .id = SOC_FW_KEY_CERT, + .opt = "soc-fw-key-cert", .fn = NULL, - .cn = "BL3-1 Key Certificate", + .cn = "SoC Firmware Key Certificate", .key = TRUSTED_WORLD_KEY, - .issuer = BL31_KEY_CERT, + .issuer = SOC_FW_KEY_CERT, .ext = { - BL31_CONTENT_CERT_PK_EXT + SOC_FW_CONTENT_CERT_PK_EXT }, .num_ext = 1 }, - [BL31_CERT] = { - .id = BL31_CERT, - .opt = "bl31-cert", + [SOC_FW_CONTENT_CERT] = { + .id = SOC_FW_CONTENT_CERT, + .opt = "soc-fw-cert", .fn = NULL, - .cn = "BL3-1 Content Certificate", - .key = BL31_KEY, - .issuer = BL31_CERT, + .cn = "SoC Firmware Content Certificate", + .key = SOC_FW_CONTENT_CERT_KEY, + .issuer = SOC_FW_CONTENT_CERT, .ext = { - BL31_HASH_EXT + SOC_AP_FW_HASH_EXT }, .num_ext = 1 }, - [BL32_KEY_CERT] = { - .id = BL32_KEY_CERT, - .opt = "bl32-key-cert", + [TRUSTED_OS_FW_KEY_CERT] = { + .id = TRUSTED_OS_FW_KEY_CERT, + .opt = "tos-fw-key-cert", .fn = NULL, - .cn = "BL3-2 Key Certificate", + .cn = "Trusted OS Firmware Key Certificate", .key = TRUSTED_WORLD_KEY, - .issuer = BL32_KEY_CERT, + .issuer = TRUSTED_OS_FW_KEY_CERT, .ext = { - BL32_CONTENT_CERT_PK_EXT + TRUSTED_OS_FW_CONTENT_CERT_PK_EXT }, .num_ext = 1 }, - [BL32_CERT] = { - .id = BL32_CERT, - .opt = "bl32-cert", + [TRUSTED_OS_FW_CONTENT_CERT] = { + .id = TRUSTED_OS_FW_CONTENT_CERT, + .opt = "tos-fw-cert", .fn = NULL, - .cn = "BL3-2 Content Certificate", - .key = BL32_KEY, - .issuer = BL32_CERT, + .cn = "Trusted OS Firmware Content Certificate", + .key = TRUSTED_OS_FW_CONTENT_CERT_KEY, + .issuer = TRUSTED_OS_FW_CONTENT_CERT, .ext = { - BL32_HASH_EXT + TRUSTED_OS_FW_HASH_EXT }, .num_ext = 1 }, - [BL33_KEY_CERT] = { - .id = BL33_KEY_CERT, - .opt = "bl33-key-cert", + [NON_TRUSTED_FW_KEY_CERT] = { + .id = NON_TRUSTED_FW_KEY_CERT, + .opt = "nt-fw-key-cert", .fn = NULL, - .cn = "BL3-3 Key Certificate", + .cn = "Non-Trusted Firmware Key Certificate", .key = NON_TRUSTED_WORLD_KEY, - .issuer = BL33_KEY_CERT, + .issuer = NON_TRUSTED_FW_KEY_CERT, .ext = { - BL33_CONTENT_CERT_PK_EXT + NON_TRUSTED_FW_CONTENT_CERT_PK_EXT }, .num_ext = 1 }, - [BL33_CERT] = { - .id = BL33_CERT, - .opt = "bl33-cert", + [NON_TRUSTED_FW_CONTENT_CERT] = { + .id = NON_TRUSTED_FW_CONTENT_CERT, + .opt = "nt-fw-cert", .fn = NULL, - .cn = "BL3-3 Content Certificate", - .key = BL33_KEY, - .issuer = BL33_CERT, + .cn = "Non-Trusted Firmware Content Certificate", + .key = NON_TRUSTED_FW_CONTENT_CERT_KEY, + .issuer = NON_TRUSTED_FW_CONTENT_CERT, .ext = { - BL33_HASH_EXT + NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT }, .num_ext = 1 }, @@ -169,9 +169,9 @@ static cert_t tbb_certs[] = { .key = ROT_KEY, .issuer = FWU_CERT, .ext = { - SCP_BL2U_HASH_EXT, - BL2U_HASH_EXT, - NS_BL2U_HASH_EXT + SCP_FWU_CFG_HASH_EXT, + AP_FWU_CFG_HASH_EXT, + FWU_HASH_EXT }, .num_ext = 3 } diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index b0af6f1a..1400fbfd 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -42,133 +42,133 @@ #define NORMAL_WORLD_NVCTR_VALUE 0 static ext_t tbb_ext[] = { - [TZ_FW_NVCOUNTER_EXT] = { - .oid = TZ_FW_NVCOUNTER_OID, + [TRUSTED_FW_NVCOUNTER_EXT] = { + .oid = TRUSTED_FW_NVCOUNTER_OID, .sn = "TrustedWorldNVCounter", .ln = "Trusted World Non-Volatile counter", .asn1_type = V_ASN1_INTEGER, .type = EXT_TYPE_NVCOUNTER, .data.nvcounter = TRUSTED_WORLD_NVCTR_VALUE }, - [NTZ_FW_NVCOUNTER_EXT] = { - .oid = NTZ_FW_NVCOUNTER_OID, + [NON_TRUSTED_FW_NVCOUNTER_EXT] = { + .oid = NON_TRUSTED_FW_NVCOUNTER_OID, .sn = "NormalWorldNVCounter", .ln = "Normal World Non-Volatile counter", .asn1_type = V_ASN1_INTEGER, .type = EXT_TYPE_NVCOUNTER, .data.nvcounter = NORMAL_WORLD_NVCTR_VALUE }, - [BL2_HASH_EXT] = { - .oid = BL2_HASH_OID, - .opt = "bl2", + [TRUSTED_BOOT_FW_HASH_EXT] = { + .oid = TRUSTED_BOOT_FW_HASH_OID, + .opt = "tb-fw", .sn = "TrustedBootFirmwareHash", - .ln = "Trusted Boot Firmware (BL2) hash (SHA256)", + .ln = "Trusted Boot Firmware hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, - [TZ_WORLD_PK_EXT] = { - .oid = TZ_WORLD_PK_OID, + [TRUSTED_WORLD_PK_EXT] = { + .oid = TRUSTED_WORLD_PK_OID, .sn = "TrustedWorldPublicKey", .ln = "Trusted World Public Key", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_PKEY, .data.key = TRUSTED_WORLD_KEY }, - [NTZ_WORLD_PK_EXT] = { - .oid = NTZ_WORLD_PK_OID, + [NON_TRUSTED_WORLD_PK_EXT] = { + .oid = NON_TRUSTED_WORLD_PK_OID, .sn = "NonTrustedWorldPublicKey", .ln = "Non-Trusted World Public Key", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_PKEY, .data.key = NON_TRUSTED_WORLD_KEY }, - [BL30_CONTENT_CERT_PK_EXT] = { - .oid = BL30_CONTENT_CERT_PK_OID, + [SCP_FW_CONTENT_CERT_PK_EXT] = { + .oid = SCP_FW_CONTENT_CERT_PK_OID, .sn = "SCPFirmwareContentCertPK", .ln = "SCP Firmware content certificate public key", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_PKEY, - .data.key = BL30_KEY + .data.key = SCP_FW_CONTENT_CERT_KEY }, - [BL30_HASH_EXT] = { - .oid = BL30_HASH_OID, - .opt = "bl30", + [SCP_FW_HASH_EXT] = { + .oid = SCP_FW_HASH_OID, + .opt = "scp-fw", .sn = "SCPFirmwareHash", - .ln = "SCP Firmware (BL30) hash (SHA256)", + .ln = "SCP Firmware hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, - [BL31_CONTENT_CERT_PK_EXT] = { - .oid = BL31_CONTENT_CERT_PK_OID, + [SOC_FW_CONTENT_CERT_PK_EXT] = { + .oid = SOC_FW_CONTENT_CERT_PK_OID, .sn = "SoCFirmwareContentCertPK", .ln = "SoC Firmware content certificate public key", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_PKEY, - .data.key = BL31_KEY + .data.key = SOC_FW_CONTENT_CERT_KEY }, - [BL31_HASH_EXT] = { - .oid = BL31_HASH_OID, - .opt = "bl31", + [SOC_AP_FW_HASH_EXT] = { + .oid = SOC_AP_FW_HASH_OID, + .opt = "soc-fw", .sn = "SoCAPFirmwareHash", - .ln = "SoC AP Firmware (BL31) hash (SHA256)", + .ln = "SoC AP Firmware hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, - [BL32_CONTENT_CERT_PK_EXT] = { - .oid = BL32_CONTENT_CERT_PK_OID, + [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { + .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, .sn = "TrustedOSFirmwareContentCertPK", .ln = "Trusted OS Firmware content certificate public key", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_PKEY, - .data.key = BL32_KEY + .data.key = TRUSTED_OS_FW_CONTENT_CERT_KEY }, - [BL32_HASH_EXT] = { - .oid = BL32_HASH_OID, - .opt = "bl32", + [TRUSTED_OS_FW_HASH_EXT] = { + .oid = TRUSTED_OS_FW_HASH_OID, + .opt = "tos-fw", .sn = "TrustedOSHash", - .ln = "Trusted OS (BL32) hash (SHA256)", + .ln = "Trusted OS hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, - [BL33_CONTENT_CERT_PK_EXT] = { - .oid = BL33_CONTENT_CERT_PK_OID, + [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { + .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, .sn = "NonTrustedFirmwareContentCertPK", .ln = "Non-Trusted Firmware content certificate public key", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_PKEY, - .data.key = BL33_KEY + .data.key = NON_TRUSTED_FW_CONTENT_CERT_KEY }, - [BL33_HASH_EXT] = { - .oid = BL33_HASH_OID, - .opt = "bl33", + [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { + .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, + .opt = "nt-fw", .sn = "NonTrustedWorldBootloaderHash", - .ln = "Non-Trusted World (BL33) hash (SHA256)", + .ln = "Non-Trusted World hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, - [SCP_BL2U_HASH_EXT] = { - .oid = SCP_BL2U_HASH_OID, - .opt = "scp_bl2u", + [SCP_FWU_CFG_HASH_EXT] = { + .oid = SCP_FWU_CFG_HASH_OID, + .opt = "scp-fwu-cfg", .sn = "SCPFWUpdateConfig", - .ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)", + .ln = "SCP Firmware Update Config hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH, .optional = 1 }, - [BL2U_HASH_EXT] = { - .oid = BL2U_HASH_OID, - .opt = "bl2u", + [AP_FWU_CFG_HASH_EXT] = { + .oid = AP_FWU_CFG_HASH_OID, + .opt = "ap-fwu-cfg", .sn = "APFWUpdateConfig", - .ln = "AP Firmware Update Config (BL2U) hash (SHA256)", + .ln = "AP Firmware Update Config hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH, .optional = 1 }, - [NS_BL2U_HASH_EXT] = { - .oid = NS_BL2U_HASH_OID, - .opt = "ns_bl2u", + [FWU_HASH_EXT] = { + .oid = FWU_HASH_OID, + .opt = "fwu", .sn = "FWUpdaterHash", - .ln = "Firmware Updater (NS_BL2U) hash (SHA256)", + .ln = "Firmware Updater hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH, .optional = 1 diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c index eaaf1ff1..089425a9 100644 --- a/tools/cert_create/src/tbbr/tbb_key.c +++ b/tools/cert_create/src/tbbr/tbb_key.c @@ -51,25 +51,25 @@ static key_t tbb_keys[] = { .opt = "non-trusted-world-key", .desc = "Non Trusted World key" }, - [BL30_KEY] = { - .id = BL30_KEY, - .opt = "bl30-key", - .desc = "BL30 key" + [SCP_FW_CONTENT_CERT_KEY] = { + .id = SCP_FW_CONTENT_CERT_KEY, + .opt = "scp-fw-key", + .desc = "SCP Firmware Content Certificate key" }, - [BL31_KEY] = { - .id = BL31_KEY, - .opt = "bl31-key", - .desc = "BL31 key" + [SOC_FW_CONTENT_CERT_KEY] = { + .id = SOC_FW_CONTENT_CERT_KEY, + .opt = "soc-fw-key", + .desc = "SoC Firmware Content Certificate key" }, - [BL32_KEY] = { - .id = BL32_KEY, - .opt = "bl32-key", - .desc = "BL32 key" + [TRUSTED_OS_FW_CONTENT_CERT_KEY] = { + .id = TRUSTED_OS_FW_CONTENT_CERT_KEY, + .opt = "tos-fw-key", + .desc = "Trusted OS Firmware Content Certificate key" }, - [BL33_KEY] = { - .id = BL33_KEY, - .opt = "bl33-key", - .desc = "BL33 key" + [NON_TRUSTED_FW_CONTENT_CERT_KEY] = { + .id = NON_TRUSTED_FW_CONTENT_CERT_KEY, + .opt = "nt-fw-key", + .desc = "Non Trusted Firmware Content Certificate key" } }; |