cert_create: add non-volatile counter support

This patch adds non-volatile counter support to the Certificate Generation tool. The TBBR Chain of Trust definition in the tool has been extended to include the counters as certificate extensions. The counter values can be specified in the command line. The following default counter values are specified in the build system: * Trusted FW Non-Volatile counter = 0 * Non-Trusted FW Non-Volatile counter = 0 These values can be overridden by the platform at build time. Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c
2025-05-08 10:08:47 +00:00 · 2016-01-22 11:05:24 +00:00 · 2016-01-22 11:05:24 +00:00 · 96103d5af6
commit 96103d5af6
parent 55a85659c0
5 changed files with 78 additions and 40 deletions
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@ -35,12 +35,18 @@
 #include <openssl/x509v3.h>

 /* Extension types supported */
-enum {
+enum ext_type_e {
 	EXT_TYPE_NVCOUNTER,
 	EXT_TYPE_PKEY,
 	EXT_TYPE_HASH
 };

+/* NV-Counter types */
+enum nvctr_type_e {
+	NVCTR_TYPE_TFW,
+	NVCTR_TYPE_NTFW
+};
+
 /*
 * This structure contains the relevant information to create the extensions
 * to be included in the certificates. This extensions will be used to
@ -50,20 +56,21 @@ typedef struct ext_s {
 	const char *oid;	/* OID of the extension */
 	const char *sn;		/* Short name */
 	const char *ln;		/* Long description */
+	const char *opt;	/* Command line option to specify data */
 	const char *help_msg;	/* Help message */
+	const char *arg;	/* Argument passed from command line */
 	int asn1_type;		/* OpenSSL ASN1 type of the extension data.
 				 * Supported types are:
 				 *   - V_ASN1_INTEGER
 				 *   - V_ASN1_OCTET_STRING
 				 */
-	int type;
-	const char *opt;	/* Command line option to specify data */
-	/* Extension data (depends on extension type) */
+	int type;		/* See ext_type_e */
+
+	/* Extension attributes (depends on extension type) */
 	union {
-		const char *fn;	/* File with extension data */
-		int nvcounter;	/* Non volatile counter */
-		int key;	/* Public key */
-	} data;
+		int nvctr_type;	/* See nvctr_type_e */
+		int key;	/* Index into array of registered public keys */
+	} attr;

 	int alias;		/* In case OpenSSL provides an standard
 				 * extension of the same type, add the new