Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-19 02:54:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(auth): add explicit entries for key OIDs

Browse source 
Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config
images have been explicitly entered.
Implementations of signer-ID consume these entries.

Change-Id: I24c9085ed5f266af06d40fb73302e35d857a9d5b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This commit is contained in:
Manish V Badarkhe 2023-07-19 10:39:08 +01:00
parent 60861a04e0
commit 0cffcdd617
3 changed files with 24 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
include/tools_share/cca_oid.h
View file

@ -9,7 +9,6 @@
/* Reuse the Object IDs defined by TBBR for certificate extensions. */ /* Reuse the Object IDs defined by TBBR for certificate extensions. */
#include "tbbr_oid.h" #include "tbbr_oid.h"
#include "zero_oid.h"
/* /*
* Assign arbitrary Object ID values that do not conflict with any of the * Assign arbitrary Object ID values that do not conflict with any of the
@ -29,4 +28,17 @@
/* CCAFirmwareNVCounter - Non-volatile counter extension */ /* CCAFirmwareNVCounter - Non-volatile counter extension */
#define CCA_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.3" #define CCA_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.3"
/*
* First undef previous definitions from tbbr_oid.h.
* CCA ROTPK authenticates BL31 and its configuration image in
* CCA CoT.
**/
#undef BL31_IMAGE_KEY_OID
#undef SOC_FW_CONFIG_KEY_OID
#undef HW_CONFIG_KEY_OID
#define BL31_IMAGE_KEY_OID ZERO_OID
#define SOC_FW_CONFIG_KEY_OID ZERO_OID
#define HW_CONFIG_KEY_OID ZERO_OID
#define RMM_IMAGE_KEY_OID ZERO_OID
#endif /* CCA_OID_H */ #endif /* CCA_OID_H */

1
include/tools_share/dualroot_oid.h
View file

@ -9,7 +9,6 @@
/* Reuse the Object IDs defined by TBBR for certificate extensions. */ /* Reuse the Object IDs defined by TBBR for certificate extensions. */
#include "tbbr_oid.h" #include "tbbr_oid.h"
#include "zero_oid.h"
/* /*
* Platform root-of-trust public key. * Platform root-of-trust public key.

12
include/tools_share/tbbr_oid.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -7,6 +7,8 @@
#ifndef TBBR_OID_H #ifndef TBBR_OID_H
#define TBBR_OID_H #define TBBR_OID_H
#include "zero_oid.h"
#define MAX_OID_NAME_LEN 30 #define MAX_OID_NAME_LEN 30
/* /*
@ -160,6 +162,14 @@
#define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307" #define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307"
#define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308" #define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308"
/*
* Public Keys present in SOC FW content certificates authenticate BL31 and
* its configuration.
*/
#define BL31_IMAGE_KEY_OID SOC_FW_CONTENT_CERT_PK_OID
#define SOC_FW_CONFIG_KEY_OID SOC_FW_CONTENT_CERT_PK_OID
#define HW_CONFIG_KEY_OID ZERO_OID
#ifdef PLAT_DEF_OID #ifdef PLAT_DEF_OID
#include <platform_oid.h> #include <platform_oid.h>
#endif #endif