mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 09:34:18 +00:00
0792dd7d64
Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
79 lines
1.7 KiB
C
79 lines
1.7 KiB
C
/*
|
|
* Copyright (c) 2020, Arm Limited. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef DUALROOT_COT_H
|
|
#define DUALROOT_COT_H
|
|
|
|
/* Certificates. */
|
|
enum {
|
|
/* Certificates owned by the silicon provider. */
|
|
TRUSTED_BOOT_FW_CERT,
|
|
TRUSTED_KEY_CERT,
|
|
SCP_FW_KEY_CERT,
|
|
SCP_FW_CONTENT_CERT,
|
|
SOC_FW_KEY_CERT,
|
|
SOC_FW_CONTENT_CERT,
|
|
TRUSTED_OS_FW_KEY_CERT,
|
|
TRUSTED_OS_FW_CONTENT_CERT,
|
|
SIP_SECURE_PARTITION_CONTENT_CERT,
|
|
FWU_CERT,
|
|
|
|
/* Certificates owned by the platform owner. */
|
|
NON_TRUSTED_FW_CONTENT_CERT,
|
|
};
|
|
|
|
/* Certificate extensions. */
|
|
enum {
|
|
/* Extensions used in certificates owned by the silicon provider. */
|
|
TRUSTED_FW_NVCOUNTER_EXT,
|
|
TRUSTED_BOOT_FW_HASH_EXT,
|
|
TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
|
|
HW_CONFIG_HASH_EXT,
|
|
TRUSTED_WORLD_PK_EXT,
|
|
SCP_FW_CONTENT_CERT_PK_EXT,
|
|
SCP_FW_HASH_EXT,
|
|
SOC_FW_CONTENT_CERT_PK_EXT,
|
|
SOC_AP_FW_HASH_EXT,
|
|
SOC_FW_CONFIG_HASH_EXT,
|
|
TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
|
|
TRUSTED_OS_FW_HASH_EXT,
|
|
TRUSTED_OS_FW_EXTRA1_HASH_EXT,
|
|
TRUSTED_OS_FW_EXTRA2_HASH_EXT,
|
|
TRUSTED_OS_FW_CONFIG_HASH_EXT,
|
|
SP_PKG1_HASH_EXT,
|
|
SP_PKG2_HASH_EXT,
|
|
SP_PKG3_HASH_EXT,
|
|
SP_PKG4_HASH_EXT,
|
|
SP_PKG5_HASH_EXT,
|
|
SP_PKG6_HASH_EXT,
|
|
SP_PKG7_HASH_EXT,
|
|
SP_PKG8_HASH_EXT,
|
|
SCP_FWU_CFG_HASH_EXT,
|
|
AP_FWU_CFG_HASH_EXT,
|
|
FWU_HASH_EXT,
|
|
|
|
/* Extensions used in certificates owned by the platform owner. */
|
|
PROT_PK_EXT,
|
|
NON_TRUSTED_FW_NVCOUNTER_EXT,
|
|
NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
|
|
NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
|
|
NON_TRUSTED_FW_CONFIG_HASH_EXT,
|
|
};
|
|
|
|
/* Keys. */
|
|
enum {
|
|
/* Keys owned by the silicon provider. */
|
|
ROT_KEY,
|
|
TRUSTED_WORLD_KEY,
|
|
SCP_FW_CONTENT_CERT_KEY,
|
|
SOC_FW_CONTENT_CERT_KEY,
|
|
TRUSTED_OS_FW_CONTENT_CERT_KEY,
|
|
|
|
/* Keys owned by the platform owner. */
|
|
PROT_KEY,
|
|
};
|
|
|
|
#endif /* DUALROOT_COT_H */
|