aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSandrine Bailleux <sandrine.bailleux@arm.com>2020-01-30 13:58:10 +0000
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2020-01-30 13:58:10 +0000
commitdcd03ce7bb9ba385970a3bdaf6ec10716969fde5 (patch)
treec07c1bab5f590b0c16c10e9478e1708634242d4b
parentb1d810bd212d1eee5c2f3ab927e2689c2e460dab (diff)
parent3bff910dc16ad5ed97d470064b25481d3674732b (diff)
downloadtrusted-firmware-a-dcd03ce7bb9ba385970a3bdaf6ec10716969fde5.tar.gz
Merge changes from topic "sb/select-cot" into integration
* changes: Introduce COT build option cert_create: Remove references to TBBR in common code cert_create: Introduce COT build option cert_create: Introduce TBBR CoT makefile
-rw-r--r--Makefile2
-rw-r--r--docs/getting_started/build-options.rst3
-rw-r--r--make_helpers/defaults.mk3
-rw-r--r--plat/arm/common/arm_common.mk10
-rw-r--r--tools/cert_create/Makefile42
-rw-r--r--tools/cert_create/src/ext.c6
-rw-r--r--tools/cert_create/src/main.c4
-rw-r--r--tools/cert_create/src/tbbr/tbbr.mk29
8 files changed, 64 insertions, 35 deletions
diff --git a/Makefile b/Makefile
index ab0ccb1593..183f20ddf4 100644
--- a/Makefile
+++ b/Makefile
@@ -1018,7 +1018,7 @@ certtool: ${CRTTOOL}
.PHONY: ${CRTTOOL}
${CRTTOOL}:
- ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH}
+ ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} --no-print-directory -C ${CRTTOOLPATH}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index b702c34def..2f44fe817e 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -128,6 +128,9 @@ Common build options
``plat_secondary_cold_boot_setup()`` platform porting interfaces do not need
to be implemented in this case.
+- ``COT``: When Trusted Boot is enabled, selects the desired chain of trust.
+ Defaults to ``tbbr``.
+
- ``CRASH_REPORTING``: A non-zero value enables a console dump of processor
register state when an unexpected exception occurs during execution of
BL31. This option defaults to the value of ``DEBUG`` - i.e. by default
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 4af1da6b2c..fff336cd21 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -204,6 +204,9 @@ USE_DEBUGFS := 0
# Build option to choose whether Trusted Firmware uses library at ROM
USE_ROMLIB := 0
+# Chain of trust.
+COT := tbbr
+
# Use tbbr_oid.h instead of platform_oid.h
USE_TBBR_DEFS := 1
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 9d4f05e9e3..c8b7ab448a 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -254,7 +254,13 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \
drivers/auth/img_parser_mod.c \
- drivers/auth/tbbr/tbbr_cot.c \
+
+ # Include the selected chain of trust sources.
+ ifeq (${COT},tbbr)
+ AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot.c
+ else
+ $(error Unknown chain of trust ${COT})
+ endif
BL1_SOURCES += ${AUTH_SOURCES} \
bl1/tbbr/tbbr_img_desc.c \
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index c03629a007..eff929ef02 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,53 +10,41 @@ V ?= 0
DEBUG := 0
BINARY := ${PROJECT}${BIN_EXT}
OPENSSL_DIR := /usr
-USE_TBBR_DEFS := 1
+COT := tbbr
+MAKE_HELPERS_DIRECTORY := ../../make_helpers/
+include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
+include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+
+# Common source files.
OBJECTS := src/cert.o \
src/cmd_opt.o \
src/ext.o \
src/key.o \
src/main.o \
- src/sha.o \
- src/tbbr/tbb_cert.o \
- src/tbbr/tbb_ext.o \
- src/tbbr/tbb_key.o
+ src/sha.o
-HOSTCCFLAGS := -Wall -std=c99
-
-MAKE_HELPERS_DIRECTORY := ../../make_helpers/
-include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
-include ${MAKE_HELPERS_DIRECTORY}build_env.mk
-
-ifeq (${USE_TBBR_DEFS},1)
-# In this case, cert_tool is platform-independent
-PLAT_MSG := TBBR Generic
-PLAT_INCLUDE := ../../include/tools_share
+# Chain of trust.
+ifeq (${COT},tbbr)
+ include src/tbbr/tbbr.mk
else
-PLAT_MSG := ${PLAT}
-
-TF_PLATFORM_ROOT := ../../plat/
-include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
-
-PLAT_INCLUDE := $(wildcard ${PLAT_DIR}include)
-
-ifeq ($(PLAT_INCLUDE),)
- $(error "Error: Invalid platform '${PLAT}' has no include directory.")
-endif
+ $(error Unknown chain of trust ${COT})
endif
+HOSTCCFLAGS := -Wall -std=c99
+
ifeq (${DEBUG},1)
HOSTCCFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40
else
HOSTCCFLAGS += -O2 -DLOG_LEVEL=20
endif
+
ifeq (${V},0)
Q := @
else
Q :=
endif
-$(eval $(call add_define,USE_TBBR_DEFS))
HOSTCCFLAGS += ${DEFINES}
# Make soft links and include from local directory otherwise wrong headers
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 57fb47d1d4..d9a92bb101 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -33,11 +33,11 @@ DECLARE_ASN1_FUNCTIONS(HASH)
IMPLEMENT_ASN1_FUNCTIONS(HASH)
/*
- * This function adds the TBB extensions to the internal extension list
+ * This function adds the CoT extensions to the internal extension list
* maintained by OpenSSL so they can be used later.
*
* It also initializes the methods to print the contents of the extension. If an
- * alias is specified in the TBB extension, we reuse the methods of the alias.
+ * alias is specified in the CoT extension, we reuse the methods of the alias.
* Otherwise, only methods for V_ASN1_INTEGER and V_ASN1_OCTET_STRING are
* provided. Any other type will be printed as a raw ascii string.
*
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 863db7b6e8..2ba110132a 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -47,7 +47,7 @@
do { \
v = OBJ_txt2nid(oid); \
if (v == NID_undef) { \
- ERROR("Cannot find TBB extension %s\n", oid); \
+ ERROR("Cannot find extension %s\n", oid); \
exit(1); \
} \
} while (0)
@@ -335,7 +335,7 @@ int main(int argc, char *argv[])
/* Initialize the new types and register OIDs for the extensions */
if (ext_init() != 0) {
- ERROR("Cannot initialize TBB extensions\n");
+ ERROR("Cannot initialize extensions\n");
exit(1);
}
diff --git a/tools/cert_create/src/tbbr/tbbr.mk b/tools/cert_create/src/tbbr/tbbr.mk
new file mode 100644
index 0000000000..ee82d31e3a
--- /dev/null
+++ b/tools/cert_create/src/tbbr/tbbr.mk
@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+USE_TBBR_DEFS := 1
+$(eval $(call add_define,USE_TBBR_DEFS))
+
+ifeq (${USE_TBBR_DEFS},1)
+# In this case, cert_tool is platform-independent
+PLAT_MSG := TBBR Generic
+PLAT_INCLUDE := ../../include/tools_share
+else
+PLAT_MSG := ${PLAT}
+
+TF_PLATFORM_ROOT := ../../plat/
+include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
+
+PLAT_INCLUDE := $(wildcard ${PLAT_DIR}include)
+
+ifeq ($(PLAT_INCLUDE),)
+ $(error "Error: Invalid platform '${PLAT}' has no include directory.")
+endif
+endif
+
+OBJECTS += src/tbbr/tbb_cert.o \
+ src/tbbr/tbb_ext.o \
+ src/tbbr/tbb_key.o