aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorManish Pandey <manish.pandey2@arm.com>2020-07-23 16:54:30 +0100
committerManish Pandey <manish.pandey2@arm.com>2020-07-31 12:46:21 +0100
commit03a5225c6a9371d57c14b2909c48762d07842ef6 (patch)
treee89fa9484b5da0910a1a998554fcbb1de2e0ad64
parent499f192c1d31189d13fbd69fd71067555b621c53 (diff)
downloadtrusted-firmware-a-03a5225c6a9371d57c14b2909c48762d07842ef6.tar.gz
tbbr/dualroot: rename SP package certificate file
Currently only single signing domain is supported for SP packages but there is plan to support dual signing domains if CoT is dualroot. SP_CONTENT_CERT_ID is the certificate file which is currently generated and signed with trusted world key which in-turn is derived from Silicon provider RoT key. To allow dual signing domain for SP packages, other certificate file will be derived from Platform owned RoT key. This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and does other related changes. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
-rw-r--r--drivers/auth/dualroot/cot.c38
-rw-r--r--drivers/auth/tbbr/tbbr_cot_bl2.c38
-rw-r--r--fdts/cot_descriptors.dtsi36
-rw-r--r--include/common/tbbr/tbbr_img_def.h2
-rw-r--r--include/drivers/auth/auth_mod.h6
-rw-r--r--plat/arm/common/fconf/arm_fconf_io.c8
-rw-r--r--plat/arm/common/fconf/arm_fconf_sp.c2
7 files changed, 65 insertions, 65 deletions
diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c
index 31e5d65f4d..68f3d467fa 100644
--- a/drivers/auth/dualroot/cot.c
+++ b/drivers/auth/dualroot/cot.c
@@ -693,8 +693,8 @@ static const auth_img_desc_t nt_fw_config = {
* Secure Partitions
*/
#if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
- .img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+ .img_id = SIP_SP_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@@ -775,14 +775,14 @@ static const auth_img_desc_t sp_content_cert = {
}
};
-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
#endif /* SPD_spmd */
#else /* IMAGE_BL2 */
@@ -914,15 +914,15 @@ static const auth_img_desc_t * const cot_desc[] = {
[BL33_IMAGE_ID] = &bl33_image,
[NT_FW_CONFIG_ID] = &nt_fw_config,
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = &sp_content_cert,
- [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
- [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
- [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
- [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
- [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
- [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
- [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
- [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
+ [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
+ [SP_PKG1_ID] = &sp_pkg1,
+ [SP_PKG2_ID] = &sp_pkg2,
+ [SP_PKG3_ID] = &sp_pkg3,
+ [SP_PKG4_ID] = &sp_pkg4,
+ [SP_PKG5_ID] = &sp_pkg5,
+ [SP_PKG6_ID] = &sp_pkg6,
+ [SP_PKG7_ID] = &sp_pkg7,
+ [SP_PKG8_ID] = &sp_pkg8,
#endif
};
#endif
diff --git a/drivers/auth/tbbr/tbbr_cot_bl2.c b/drivers/auth/tbbr/tbbr_cot_bl2.c
index 63c18fae03..65a0478abf 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl2.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl2.c
@@ -558,8 +558,8 @@ static const auth_img_desc_t nt_fw_config = {
};
/* Secure Partitions */
#if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
- .img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+ .img_id = SIP_SP_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@@ -640,14 +640,14 @@ static const auth_img_desc_t sp_content_cert = {
}
};
-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
#endif /* SPD_spmd */
static const auth_img_desc_t * const cot_desc[] = {
@@ -672,15 +672,15 @@ static const auth_img_desc_t * const cot_desc[] = {
[BL33_IMAGE_ID] = &bl33_image,
[NT_FW_CONFIG_ID] = &nt_fw_config,
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = &sp_content_cert,
- [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
- [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
- [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
- [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
- [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
- [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
- [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
- [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
+ [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
+ [SP_PKG1_ID] = &sp_pkg1,
+ [SP_PKG2_ID] = &sp_pkg2,
+ [SP_PKG3_ID] = &sp_pkg3,
+ [SP_PKG4_ID] = &sp_pkg4,
+ [SP_PKG5_ID] = &sp_pkg5,
+ [SP_PKG6_ID] = &sp_pkg6,
+ [SP_PKG7_ID] = &sp_pkg7,
+ [SP_PKG8_ID] = &sp_pkg8,
#endif
};
diff --git a/fdts/cot_descriptors.dtsi b/fdts/cot_descriptors.dtsi
index 753d56aceb..9308e1789b 100644
--- a/fdts/cot_descriptors.dtsi
+++ b/fdts/cot_descriptors.dtsi
@@ -146,8 +146,8 @@ cot {
};
#if defined(SPD_spmd)
- sp_content_cert: sp_content_cert {
- image-id = <SP_CONTENT_CERT_ID>;
+ sip_sp_content_cert: sip_sp_content_cert {
+ image-id = <SIP_SP_CONTENT_CERT_ID>;
parent = <&trusted_key_cert>;
signing-key = <&trusted_world_pk>;
antirollback-counter = <&trusted_nv_counter>;
@@ -251,50 +251,50 @@ cot {
#if defined(SPD_spmd)
sp_pkg1 {
- image-id = <SP_CONTENT_CERT_ID + 1>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG1_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg1_hash>;
};
sp_pkg2 {
- image-id = <SP_CONTENT_CERT_ID + 2>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG2_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg2_hash>;
};
sp_pkg3 {
- image-id = <SP_CONTENT_CERT_ID + 3>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG3_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg3_hash>;
};
sp_pkg4 {
- image-id = <SP_CONTENT_CERT_ID + 4>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG4_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg4_hash>;
};
sp_pkg5 {
- image-id = <SP_CONTENT_CERT_ID + 5>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG5_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg5_hash>;
};
sp_pkg6 {
- image-id = <SP_CONTENT_CERT_ID + 6>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG6_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg6_hash>;
};
sp_pkg7 {
- image-id = <SP_CONTENT_CERT_ID + 7>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG7_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg7_hash>;
};
sp_pkg8 {
- image-id = <SP_CONTENT_CERT_ID + 8>;
- parent = <&sp_content_cert>;
+ image-id = <SP_PKG8_ID>;
+ parent = <&sip_sp_content_cert>;
hash = <&sp_pkg8_hash>;
};
#endif
diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h
index e057891a24..b29b1354cd 100644
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@@ -10,7 +10,7 @@
#include <export/common/tbbr/tbbr_img_def_exp.h>
#if defined(SPD_spmd)
-#define SP_CONTENT_CERT_ID MAX_IMAGE_IDS
+#define SIP_SP_CONTENT_CERT_ID MAX_IMAGE_IDS
#define SP_PKG1_ID (MAX_IMAGE_IDS + 1)
#define SP_PKG2_ID (MAX_IMAGE_IDS + 2)
#define SP_PKG3_ID (MAX_IMAGE_IDS + 3)
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 01d144d2cb..504e539393 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -51,11 +51,11 @@ extern const size_t cot_desc_size;
extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
#if defined(SPD_spmd)
-#define DEFINE_SP_PKG(n) \
+#define DEFINE_SIP_SP_PKG(n) \
static const auth_img_desc_t sp_pkg##n = { \
- .img_id = SP_CONTENT_CERT_ID + (n), \
+ .img_id = SP_PKG##n##_ID, \
.img_type = IMG_RAW, \
- .parent = &sp_content_cert, \
+ .parent = &sip_sp_content_cert, \
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \
[0] = { \
.type = AUTH_METHOD_HASH, \
diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 48cc4fee3a..350ecd1b63 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@@ -51,7 +51,7 @@ const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
[TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
[NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
+ [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
#endif
#endif /* ARM_IO_IN_DTB */
#endif /* TRUSTED_BOARD_BOOT */
@@ -184,9 +184,9 @@ struct plat_io_policy policies[MAX_NUMBER_IDS] = {
open_fip
},
#if defined(SPD_spmd)
- [SP_CONTENT_CERT_ID] = {
+ [SIP_SP_CONTENT_CERT_ID] = {
&fip_dev_handle,
- (uintptr_t)&arm_uuid_spec[SP_CONTENT_CERT_ID],
+ (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
open_fip
},
#endif
@@ -233,7 +233,7 @@ static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
{TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
{NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
#if defined(SPD_spmd)
- {SP_CONTENT_CERT_ID, "sp_content_cert_uuid"},
+ {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
#endif
#endif /* TRUSTED_BOARD_BOOT */
};
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 3522dcf9d2..4459264c71 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -30,7 +30,7 @@ int fconf_populate_arm_sp(uintptr_t config)
union uuid_helper_t uuid_helper;
unsigned int index = 0;
uint32_t val32;
- const unsigned int sp_start_index = SP_CONTENT_CERT_ID + 1;
+ const unsigned int sp_start_index = SP_PKG1_ID;
/* As libfdt use void *, we can't avoid this cast */
const void *dtb = (void *)config;