feat(ethos-n): add support for NPU to cert_create

Add Juno specific Makefile to the certificate tool build. That Makefile is included by the certificate tool Makefile to add information about the authentication data for the Arm(R) Ethos(TM)-N NPU's firmware binary. Signed-off-by: Mohamed Elzahhar <Mohamed.Elzahhar@arm.com> Signed-off-by: Rob Hughes <robert.hughes@arm.com> Signed-off-by: Mikael Olsson <mikael.olsson@arm.com> Change-Id: Ie4b6a1c29d73b3ed5041b57f2cd88033be18a63a
2025-04-18 02:24:18 +00:00 · 2022-11-16 12:05:37 +00:00 · 2022-11-16 12:05:37 +00:00 · f309607229
commit f309607229
parent c91b08c8a4
10 changed files with 232 additions and 0 deletions
--- a/include/drivers/arm/ethosn_cert.h
+++ b/include/drivers/arm/ethosn_cert.h
@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef ETHOSN_CERT_H
+#define ETHOSN_CERT_H
+
+#include "ethosn_oid.h"
+#include <tbbr/tbb_ext.h>
+#include <tbbr/tbb_key.h>
+
+/* Arm(R) Ethos(TM)-N NPU Certificates */
+#define ETHOSN_NPU_FW_KEY_CERT_DEF {							\
+	.id = ETHOSN_NPU_FW_KEY_CERT,							\
+	.opt = "npu-fw-key-cert",							\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware Key Certificate (output file)",	\
+	.fn = NULL,									\
+	.cn = "NPU Firmware Key Certificate",						\
+	.key = NON_TRUSTED_WORLD_KEY,							\
+	.issuer = ETHOSN_NPU_FW_KEY_CERT,						\
+	.ext = {									\
+		NON_TRUSTED_FW_NVCOUNTER_EXT,						\
+		ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT,					\
+	},										\
+	.num_ext = 2 \
+}
+
+#define ETHOSN_NPU_FW_CONTENT_CERT_DEF {							\
+	.id = ETHOSN_NPU_FW_CONTENT_CERT,						\
+	.opt = "npu-fw-cert",								\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware Content Certificate (output file)",\
+	.fn = NULL,									\
+	.cn = "NPU Firmware Content Certificate",					\
+	.key = ETHOSN_NPU_FW_CONTENT_CERT_KEY,						\
+	.issuer = ETHOSN_NPU_FW_CONTENT_CERT,						\
+	.ext = {									\
+		NON_TRUSTED_FW_NVCOUNTER_EXT,						\
+		ETHOSN_NPU_FW_HASH_EXT,							\
+	},										\
+	.num_ext = 2 \
+}
+
+/* NPU Extensions */
+#define ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT_DEF {						\
+	.oid = ETHOSN_NPU_FW_CONTENT_CERT_PK_OID,					\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware content certificate public key",	\
+	.sn = "NPUFirmwareContentCertPK",						\
+	.ln = "NPU Firmware content cerificate public key",				\
+	.asn1_type = V_ASN1_OCTET_STRING,						\
+	.type = EXT_TYPE_PKEY,								\
+	.attr.key = ETHOSN_NPU_FW_CONTENT_CERT_KEY \
+}
+
+#define ETHOSN_NPU_FW_HASH_EXT_DEF {						\
+	.oid = ETHOSN_NPU_FW_BINARY_OID,					\
+	.opt = "npu-fw",							\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware image file (input file)",	\
+	.sn = "NPUFirmwareHash",						\
+	.ln = "NPU Firmware Hash (SHA256)",					\
+	.asn1_type = V_ASN1_OCTET_STRING,					\
+	.type = EXT_TYPE_HASH \
+}
+
+/* NPU Keys */
+#define ETHOSN_NPU_FW_CONTENT_CERT_KEY_DEF {							  \
+	.id = ETHOSN_NPU_FW_CONTENT_CERT_KEY,							  \
+	.opt = "npu-fw-key",									  \
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware Content Certificate key (input/output file)",\
+	.desc = "NPU Firmware Content Certificate key"						  \
+}
+
+#endif  /* ETHOSN_CERT_H */
--- a/include/drivers/arm/ethosn_oid.h
+++ b/include/drivers/arm/ethosn_oid.h
@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef ETHOSN_OID_H
+#define ETHOSN_OID_H
+
+/* Arm(R) Ethos(TM)-N NPU Platform OID */
+#define ETHOSN_NPU_FW_CONTENT_CERT_PK_OID	"1.3.6.1.4.1.4128.2300.1"
+#define ETHOSN_NPU_FW_BINARY_OID		"1.3.6.1.4.1.4128.2300.2"
+
+#endif  /* ETHOSN_OID_H */
--- a/plat/arm/board/juno/cert_create_tbbr.mk
+++ b/plat/arm/board/juno/cert_create_tbbr.mk
@ -0,0 +1,25 @@
+#
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+PLAT_DEF_OID := 1
+
+ifeq (${PLAT_DEF_OID},1)
+  ifeq (${ARM_ETHOSN_NPU_DRIVER},1)
+    $(eval $(call add_define, PLAT_DEF_OID))
+    $(eval $(call add_define, PDEF_CERTS))
+    $(eval $(call add_define, PDEF_EXTS))
+    $(eval $(call add_define, PDEF_KEYS))
+
+    PLAT_INCLUDE			+=	-I ${PLAT_DIR}/certificate/include \
+						-I ../../include/drivers/arm
+
+    PLAT_OBJECTS			+=	${PLAT_DIR}certificate/src/juno_tbb_cert.o \
+						${PLAT_DIR}certificate/src/juno_tbb_ext.o \
+						${PLAT_DIR}certificate/src/juno_tbb_key.o
+
+    OBJECTS				+=	${PLAT_OBJECTS}
+  endif
+endif
--- a/plat/arm/board/juno/certificate/include/juno_tbb_cert.h
+++ b/plat/arm/board/juno/certificate/include/juno_tbb_cert.h
@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_TBB_CERT_H
+#define JUNO_TBB_CERT_H
+
+#include <tbbr/tbb_cert.h>
+
+/*
+ * Juno platform certificates that are used to establish the COT
+ */
+enum {
+	ETHOSN_NPU_FW_KEY_CERT = FWU_CERT + 1,
+	ETHOSN_NPU_FW_CONTENT_CERT,
+};
+
+#endif /* JUNO_TBB_CERT_H */
--- a/plat/arm/board/juno/certificate/include/juno_tbb_ext.h
+++ b/plat/arm/board/juno/certificate/include/juno_tbb_ext.h
@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_TBB_EXT_H
+#define JUNO_TBB_EXT_H
+
+#include <tbbr/tbb_ext.h>
+
+/* Juno platform defined TBBR extensions */
+enum {
+	ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT = FWU_HASH_EXT + 1,
+	ETHOSN_NPU_FW_HASH_EXT,
+};
+
+#endif /* JUNO_TBB_EXT_H */
--- a/plat/arm/board/juno/certificate/include/juno_tbb_key.h
+++ b/plat/arm/board/juno/certificate/include/juno_tbb_key.h
@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_TBB_KEY_H
+#define JUNO_TBB_KEY_H
+
+#include <tbbr/tbb_key.h>
+
+/*
+ * Juno platform keys that are used to establish the COT
+ */
+enum {
+	ETHOSN_NPU_FW_CONTENT_CERT_KEY =
+		NON_TRUSTED_FW_CONTENT_CERT_KEY + 1,
+};
+#endif /* JUNO_TBB_KEY_H */
--- a/plat/arm/board/juno/certificate/include/platform_oid.h
+++ b/plat/arm/board/juno/certificate/include/platform_oid.h
@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_PLATFORM_OID_H
+#define JUNO_PLATFORM_OID_H
+
+#include <ethosn_oid.h>
+
+#endif /* JUNO_PLATFORM_OID_H */
--- a/plat/arm/board/juno/certificate/src/juno_tbb_cert.c
+++ b/plat/arm/board/juno/certificate/src/juno_tbb_cert.c
@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <ethosn_cert.h>
+
+#include <juno_tbb_cert.h>
+#include <juno_tbb_ext.h>
+#include <juno_tbb_key.h>
+
+static cert_t juno_plat_tbb_certificates[] = {
+	ETHOSN_NPU_FW_KEY_CERT_DEF,
+	ETHOSN_NPU_FW_CONTENT_CERT_DEF,
+};
+
+PLAT_REGISTER_COT(juno_plat_tbb_certificates);
--- a/plat/arm/board/juno/certificate/src/juno_tbb_ext.c
+++ b/plat/arm/board/juno/certificate/src/juno_tbb_ext.c
@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <ethosn_cert.h>
+
+#include <juno_tbb_ext.h>
+#include <juno_tbb_key.h>
+
+static ext_t juno_plat_tbb_extensions[] = {
+	ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT_DEF,
+	ETHOSN_NPU_FW_HASH_EXT_DEF,
+};
+
+PLAT_REGISTER_EXTENSIONS(juno_plat_tbb_extensions);
--- a/plat/arm/board/juno/certificate/src/juno_tbb_key.c
+++ b/plat/arm/board/juno/certificate/src/juno_tbb_key.c
@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <ethosn_cert.h>
+
+#include <juno_tbb_key.h>
+
+static key_t juno_plat_tbb_keys[] = {
+	ETHOSN_NPU_FW_CONTENT_CERT_KEY_DEF
+};
+
+PLAT_REGISTER_KEYS(juno_plat_tbb_keys);