tbbr/dualroot: rename SP package certificate file

Currently only single signing domain is supported for SP packages but there is plan to support dual signing domains if CoT is dualroot. SP_CONTENT_CERT_ID is the certificate file which is currently generated and signed with trusted world key which in-turn is derived from Silicon provider RoT key. To allow dual signing domain for SP packages, other certificate file will be derived from Platform owned RoT key. This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and does other related changes. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
2025-04-16 09:34:18 +00:00 · 2020-07-23 16:54:30 +01:00 · 2020-07-23 16:54:30 +01:00 · 03a5225c6a
commit 03a5225c6a
parent 499f192c1d
7 changed files with 65 additions and 65 deletions
--- a/drivers/auth/dualroot/cot.c
+++ b/drivers/auth/dualroot/cot.c
@ -693,8 +693,8 @@ static const auth_img_desc_t nt_fw_config = {
 * Secure Partitions
 */
 #if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
-	.img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+	.img_id = SIP_SP_CONTENT_CERT_ID,
 	.img_type = IMG_CERT,
 	.parent = &trusted_key_cert,
 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@ -775,14 +775,14 @@ static const auth_img_desc_t sp_content_cert = {
 	}
 };

-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
 #endif /* SPD_spmd */

 #else  /* IMAGE_BL2 */
@ -914,15 +914,15 @@ static const auth_img_desc_t * const cot_desc[] = {
 	[BL33_IMAGE_ID]				=	&bl33_image,
 	[NT_FW_CONFIG_ID]			=	&nt_fw_config,
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID]			=	&sp_content_cert,
-	[SP_CONTENT_CERT_ID + 1]		=	&sp_pkg1,
-	[SP_CONTENT_CERT_ID + 2]		=	&sp_pkg2,
-	[SP_CONTENT_CERT_ID + 3]		=	&sp_pkg3,
-	[SP_CONTENT_CERT_ID + 4]		=	&sp_pkg4,
-	[SP_CONTENT_CERT_ID + 5]		=	&sp_pkg5,
-	[SP_CONTENT_CERT_ID + 6]		=	&sp_pkg6,
-	[SP_CONTENT_CERT_ID + 7]		=	&sp_pkg7,
-	[SP_CONTENT_CERT_ID + 8]		=       &sp_pkg8,
+	[SIP_SP_CONTENT_CERT_ID]		=	&sip_sp_content_cert,
+	[SP_PKG1_ID]				=	&sp_pkg1,
+	[SP_PKG2_ID]				=	&sp_pkg2,
+	[SP_PKG3_ID]				=	&sp_pkg3,
+	[SP_PKG4_ID]				=	&sp_pkg4,
+	[SP_PKG5_ID]				=	&sp_pkg5,
+	[SP_PKG6_ID]				=	&sp_pkg6,
+	[SP_PKG7_ID]				=	&sp_pkg7,
+	[SP_PKG8_ID]				=       &sp_pkg8,
 #endif
 };
 #endif
--- a/drivers/auth/tbbr/tbbr_cot_bl2.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl2.c
@ -558,8 +558,8 @@ static const auth_img_desc_t nt_fw_config = {
 };
 /* Secure Partitions */
 #if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
-	.img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+	.img_id = SIP_SP_CONTENT_CERT_ID,
 	.img_type = IMG_CERT,
 	.parent = &trusted_key_cert,
 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@ -640,14 +640,14 @@ static const auth_img_desc_t sp_content_cert = {
 	}
 };

-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
 #endif /* SPD_spmd */

 static const auth_img_desc_t * const cot_desc[] = {
@ -672,15 +672,15 @@ static const auth_img_desc_t * const cot_desc[] = {
 	[BL33_IMAGE_ID]				=	&bl33_image,
 	[NT_FW_CONFIG_ID]			=	&nt_fw_config,
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID]			=	&sp_content_cert,
-	[SP_CONTENT_CERT_ID + 1]		=	&sp_pkg1,
-	[SP_CONTENT_CERT_ID + 2]		=	&sp_pkg2,
-	[SP_CONTENT_CERT_ID + 3]		=	&sp_pkg3,
-	[SP_CONTENT_CERT_ID + 4]		=	&sp_pkg4,
-	[SP_CONTENT_CERT_ID + 5]		=	&sp_pkg5,
-	[SP_CONTENT_CERT_ID + 6]		=	&sp_pkg6,
-	[SP_CONTENT_CERT_ID + 7]		=	&sp_pkg7,
-	[SP_CONTENT_CERT_ID + 8]		=       &sp_pkg8,
+	[SIP_SP_CONTENT_CERT_ID]		=	&sip_sp_content_cert,
+	[SP_PKG1_ID]				=	&sp_pkg1,
+	[SP_PKG2_ID]				=	&sp_pkg2,
+	[SP_PKG3_ID]				=	&sp_pkg3,
+	[SP_PKG4_ID]				=	&sp_pkg4,
+	[SP_PKG5_ID]				=	&sp_pkg5,
+	[SP_PKG6_ID]				=	&sp_pkg6,
+	[SP_PKG7_ID]				=	&sp_pkg7,
+	[SP_PKG8_ID]				=       &sp_pkg8,
 #endif
 };

--- a/fdts/cot_descriptors.dtsi
+++ b/fdts/cot_descriptors.dtsi
@ -146,8 +146,8 @@ cot {
 		};

 #if defined(SPD_spmd)
-		sp_content_cert: sp_content_cert {
-			image-id = <SP_CONTENT_CERT_ID>;
+		sip_sp_content_cert: sip_sp_content_cert {
+			image-id = <SIP_SP_CONTENT_CERT_ID>;
 			parent = <&trusted_key_cert>;
 			signing-key = <&trusted_world_pk>;
 			antirollback-counter = <&trusted_nv_counter>;
@ -251,50 +251,50 @@ cot {

 #if defined(SPD_spmd)
 		sp_pkg1 {
-			image-id = <SP_CONTENT_CERT_ID + 1>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG1_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg1_hash>;
 		};

 		sp_pkg2 {
-			image-id = <SP_CONTENT_CERT_ID + 2>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG2_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg2_hash>;
 		};

 		sp_pkg3 {
-			image-id = <SP_CONTENT_CERT_ID + 3>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG3_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg3_hash>;
 		};

 		sp_pkg4 {
-			image-id = <SP_CONTENT_CERT_ID + 4>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG4_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg4_hash>;
 		};

 		sp_pkg5 {
-			image-id = <SP_CONTENT_CERT_ID + 5>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG5_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg5_hash>;
 		};

 		sp_pkg6 {
-			image-id = <SP_CONTENT_CERT_ID + 6>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG6_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg6_hash>;
 		};

 		sp_pkg7 {
-			image-id = <SP_CONTENT_CERT_ID + 7>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG7_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg7_hash>;
 		};

 		sp_pkg8 {
-			image-id = <SP_CONTENT_CERT_ID + 8>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG8_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg8_hash>;
 		};
 #endif
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@ -10,7 +10,7 @@
 #include <export/common/tbbr/tbbr_img_def_exp.h>

 #if defined(SPD_spmd)
-#define SP_CONTENT_CERT_ID		MAX_IMAGE_IDS
+#define SIP_SP_CONTENT_CERT_ID		MAX_IMAGE_IDS
 #define SP_PKG1_ID			(MAX_IMAGE_IDS + 1)
 #define SP_PKG2_ID			(MAX_IMAGE_IDS + 2)
 #define SP_PKG3_ID			(MAX_IMAGE_IDS + 3)
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@ -51,11 +51,11 @@ extern const size_t cot_desc_size;
 extern unsigned int auth_img_flags[MAX_NUMBER_IDS];

 #if defined(SPD_spmd)
-#define DEFINE_SP_PKG(n) \
+#define DEFINE_SIP_SP_PKG(n) \
 	static const auth_img_desc_t sp_pkg##n = { \
-		.img_id = SP_CONTENT_CERT_ID + (n), \
+		.img_id = SP_PKG##n##_ID, \
 		.img_type = IMG_RAW, \
-		.parent = &sp_content_cert, \
+		.parent = &sip_sp_content_cert, \
 		.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \
 			[0] = { \
 				.type = AUTH_METHOD_HASH, \
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@ -51,7 +51,7 @@ const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
 	[TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
 	[NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
+	[SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
 #endif
 #endif /* ARM_IO_IN_DTB */
 #endif /* TRUSTED_BOARD_BOOT */
@ -184,9 +184,9 @@ struct plat_io_policy policies[MAX_NUMBER_IDS] = {
 		open_fip
 	},
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID] = {
+	[SIP_SP_CONTENT_CERT_ID] = {
 		&fip_dev_handle,
-		(uintptr_t)&arm_uuid_spec[SP_CONTENT_CERT_ID],
+		(uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
 		open_fip
 	},
 #endif
@ -233,7 +233,7 @@ static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
 	{TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
 	{NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
 #if defined(SPD_spmd)
-	{SP_CONTENT_CERT_ID, "sp_content_cert_uuid"},
+	{SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
 #endif
 #endif /* TRUSTED_BOARD_BOOT */
 };
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@ -30,7 +30,7 @@ int fconf_populate_arm_sp(uintptr_t config)
 	union uuid_helper_t uuid_helper;
 	unsigned int index = 0;
 	uint32_t val32;
-	const unsigned int sp_start_index = SP_CONTENT_CERT_ID + 1;
+	const unsigned int sp_start_index = SP_PKG1_ID;

 	/* As libfdt use void *, we can't avoid this cast */
 	const void *dtb = (void *)config;