feat(cert-create): add new option for CCA NV ctr

Extends cert_create tool with a new option for CCA NV counter: ccafw_nvctr. And changes the non-volatile counter used to protect the CCA Content Certificate from the Trusted FW NV counter to the CCA FW NV counter in the CCA CoT description. Change-Id: I27f3ab2e25809f0dcc56fa05e5c3a25a2e861ef6 Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
2025-04-19 02:54:24 +00:00 · 2023-05-02 14:28:38 -05:00 · 2023-05-02 14:28:38 -05:00 · 60753a6329
commit 60753a6329
parent 60df3d75ed
4 changed files with 22 additions and 6 deletions
--- a/include/tools_share/cca_oid.h
+++ b/include/tools_share/cca_oid.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -25,4 +25,7 @@
 /* Realm Monitor Manager (RMM) Hash */
 #define RMM_HASH_OID				"1.3.6.1.4.1.4128.2100.1106"

+/* CCAFirmwareNVCounter - Non-volatile counter extension */
+#define CCA_FW_NVCOUNTER_OID			"1.3.6.1.4.1.4128.2100.3"
+
 #endif /* CCA_OID_H */
--- a/tools/cert_create/include/cca/cca_cot.h
+++ b/tools/cert_create/include/cca/cca_cot.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -24,6 +24,7 @@ enum {
 /* Certificate extensions. */
 enum {
 	/* Extensions used in certificates owned by the silicon provider. */
+	CCA_FW_NVCOUNTER_EXT,
 	TRUSTED_FW_NVCOUNTER_EXT,
 	TRUSTED_BOOT_FW_HASH_EXT,
 	TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -20,7 +20,8 @@ enum ext_type_e {
 /* NV-Counter types */
 enum nvctr_type_e {
 	NVCTR_TYPE_TFW,
-	NVCTR_TYPE_NTFW
+	NVCTR_TYPE_NTFW,
+	NVCTR_TYPE_CCAFW
 };

 /*
--- a/tools/cert_create/src/cca/cot.c
+++ b/tools/cert_create/src/cca/cot.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -27,7 +27,7 @@ static cert_t cot_certs[] = {
 		.key = ROT_KEY,
 		.issuer = CCA_CONTENT_CERT,
 		.ext = {
-			TRUSTED_FW_NVCOUNTER_EXT,
+			CCA_FW_NVCOUNTER_EXT,
 			SOC_AP_FW_HASH_EXT,
 			SOC_FW_CONFIG_HASH_EXT,
 			RMM_HASH_EXT,
@ -139,6 +139,17 @@ REGISTER_COT(cot_certs);

 /* Certificate extensions. */
 static ext_t cot_ext[] = {
+	[CCA_FW_NVCOUNTER_EXT] = {
+		.oid = CCA_FW_NVCOUNTER_OID,
+		.opt = "ccafw-nvctr",
+		.help_msg = "CCA Firmware Non-Volatile counter value",
+		.sn = "CCANVCounter",
+		.ln = "CCA Non-Volatile counter",
+		.asn1_type = V_ASN1_INTEGER,
+		.type = EXT_TYPE_NVCOUNTER,
+		.attr.nvctr_type = NVCTR_TYPE_CCAFW
+	},
+
 	[TRUSTED_FW_NVCOUNTER_EXT] = {
 		.oid = TRUSTED_FW_NVCOUNTER_OID,
 		.opt = "tfw-nvctr",