diff options
author | Manish Pandey <manish.pandey2@arm.com> | 2020-05-22 12:27:28 +0100 |
---|---|---|
committer | Manish Pandey <manish.pandey2@arm.com> | 2020-06-08 22:42:06 +0100 |
commit | 0792dd7d64d1056fae05eab8cebe91ffc993923e (patch) | |
tree | 6bf2a8de782d26744afdc701c0d06d78dbb43da0 /include/tools_share | |
parent | 967a6d162d9dc1c5ae154f289bcdecc03cb9eb7c (diff) | |
download | trusted-firmware-a-0792dd7d64d1056fae05eab8cebe91ffc993923e.tar.gz |
cert_create: add SiP owned secure partitions support
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.
A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.
Following new options added to cert_tool:
--sip-sp-cert --> SiP owned Secure Partition Content Certificate
--sp-pkg1 --> Secure Partition Package1 file
--sp-pkg2
.....
--sp-pkg8
Trusted world key pair is used for signing.
Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
Diffstat (limited to 'include/tools_share')
-rw-r--r-- | include/tools_share/dualroot_oid.h | 12 | ||||
-rw-r--r-- | include/tools_share/firmware_image_package.h | 2 |
2 files changed, 14 insertions, 0 deletions
diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h index 3e88a6d229..da367da921 100644 --- a/include/tools_share/dualroot_oid.h +++ b/include/tools_share/dualroot_oid.h @@ -16,4 +16,16 @@ */ #define PROT_PK_OID "1.3.6.1.4.1.4128.2100.1102" +/* + * Secure Partitions Content Certificate + */ +#define SP_PKG1_HASH_OID "1.3.6.1.4.1.4128.2100.1301" +#define SP_PKG2_HASH_OID "1.3.6.1.4.1.4128.2100.1302" +#define SP_PKG3_HASH_OID "1.3.6.1.4.1.4128.2100.1303" +#define SP_PKG4_HASH_OID "1.3.6.1.4.1.4128.2100.1304" +#define SP_PKG5_HASH_OID "1.3.6.1.4.1.4128.2100.1305" +#define SP_PKG6_HASH_OID "1.3.6.1.4.1.4128.2100.1306" +#define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307" +#define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308" + #endif /* DUALROOT_OID_H */ diff --git a/include/tools_share/firmware_image_package.h b/include/tools_share/firmware_image_package.h index 598d5c2587..75f3cc6a62 100644 --- a/include/tools_share/firmware_image_package.h +++ b/include/tools_share/firmware_image_package.h @@ -64,6 +64,8 @@ {{0xa4, 0x9f, 0x44, 0x11}, {0x5e, 0x63}, {0xe4, 0x11}, 0x87, 0x28, {0x3f, 0x05, 0x72, 0x2a, 0xf3, 0x3d} } #define UUID_NON_TRUSTED_FW_CONTENT_CERT \ {{0x8e, 0xc4, 0xc1, 0xf3}, {0x5d, 0x63}, {0xe4, 0x11}, 0xa7, 0xa9, {0x87, 0xee, 0x40, 0xb2, 0x3f, 0xa7} } +#define UUID_SIP_SECURE_PARTITION_CONTENT_CERT \ + {{0x77, 0x6d, 0xfd, 0x44}, {0x86, 0x97}, {0x4c, 0x3b}, 0x91, 0xeb, {0xc1, 0x3e, 0x02, 0x5a, 0x2a, 0x6f} } /* Dynamic configs */ #define UUID_HW_CONFIG \ {{0x08, 0xb8, 0xf1, 0xd9}, {0xc9, 0xcf}, {0x93, 0x49}, 0xa9, 0x62, {0x6f, 0xbc, 0x6b, 0x72, 0x65, 0xcc} } |