aboutsummaryrefslogtreecommitdiff
path: root/include/tools_share
diff options
context:
space:
mode:
authorManish Pandey <manish.pandey2@arm.com>2020-05-22 12:27:28 +0100
committerManish Pandey <manish.pandey2@arm.com>2020-06-08 22:42:06 +0100
commit0792dd7d64d1056fae05eab8cebe91ffc993923e (patch)
tree6bf2a8de782d26744afdc701c0d06d78dbb43da0 /include/tools_share
parent967a6d162d9dc1c5ae154f289bcdecc03cb9eb7c (diff)
downloadtrusted-firmware-a-0792dd7d64d1056fae05eab8cebe91ffc993923e.tar.gz
cert_create: add SiP owned secure partitions support
Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
Diffstat (limited to 'include/tools_share')
-rw-r--r--include/tools_share/dualroot_oid.h12
-rw-r--r--include/tools_share/firmware_image_package.h2
2 files changed, 14 insertions, 0 deletions
diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h
index 3e88a6d229..da367da921 100644
--- a/include/tools_share/dualroot_oid.h
+++ b/include/tools_share/dualroot_oid.h
@@ -16,4 +16,16 @@
*/
#define PROT_PK_OID "1.3.6.1.4.1.4128.2100.1102"
+/*
+ * Secure Partitions Content Certificate
+ */
+#define SP_PKG1_HASH_OID "1.3.6.1.4.1.4128.2100.1301"
+#define SP_PKG2_HASH_OID "1.3.6.1.4.1.4128.2100.1302"
+#define SP_PKG3_HASH_OID "1.3.6.1.4.1.4128.2100.1303"
+#define SP_PKG4_HASH_OID "1.3.6.1.4.1.4128.2100.1304"
+#define SP_PKG5_HASH_OID "1.3.6.1.4.1.4128.2100.1305"
+#define SP_PKG6_HASH_OID "1.3.6.1.4.1.4128.2100.1306"
+#define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307"
+#define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308"
+
#endif /* DUALROOT_OID_H */
diff --git a/include/tools_share/firmware_image_package.h b/include/tools_share/firmware_image_package.h
index 598d5c2587..75f3cc6a62 100644
--- a/include/tools_share/firmware_image_package.h
+++ b/include/tools_share/firmware_image_package.h
@@ -64,6 +64,8 @@
{{0xa4, 0x9f, 0x44, 0x11}, {0x5e, 0x63}, {0xe4, 0x11}, 0x87, 0x28, {0x3f, 0x05, 0x72, 0x2a, 0xf3, 0x3d} }
#define UUID_NON_TRUSTED_FW_CONTENT_CERT \
{{0x8e, 0xc4, 0xc1, 0xf3}, {0x5d, 0x63}, {0xe4, 0x11}, 0xa7, 0xa9, {0x87, 0xee, 0x40, 0xb2, 0x3f, 0xa7} }
+#define UUID_SIP_SECURE_PARTITION_CONTENT_CERT \
+ {{0x77, 0x6d, 0xfd, 0x44}, {0x86, 0x97}, {0x4c, 0x3b}, 0x91, 0xeb, {0xc1, 0x3e, 0x02, 0x5a, 0x2a, 0x6f} }
/* Dynamic configs */
#define UUID_HW_CONFIG \
{{0x08, 0xb8, 0xf1, 0xd9}, {0xc9, 0xcf}, {0x93, 0x49}, 0xa9, 0x62, {0x6f, 0xbc, 0x6b, 0x72, 0x65, 0xcc} }