aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorPankaj Gupta <pankaj.gupta@nxp.com>2020-12-09 14:02:38 +0530
committerPankaj Gupta <pankaj.gupta@nxp.com>2021-03-24 09:49:31 +0530
commitb94bf967e62b23a376a5026de69d06a0e8d6bf78 (patch)
tree52bd7cf18cf158e76b7ba8625d97af2534284707 /tools
parent6c74c9977d12f57b524ab1d8cd78ece9933840be (diff)
downloadtrusted-firmware-a-b94bf967e62b23a376a5026de69d06a0e8d6bf78.tar.gz
cert_create: updated tool for platform defined certs, keys & extensions
Changes to 'tools/cert_create' folder, to include platform defined certificates, keys, and extensions. NXP SoC lx2160a : based platforms requires additional FIP DDR to be loaded before initializing the DDR. To enable chain of trust on these platforms, FIP DDR image needs to be authenticated, additionally. Platform specific folder 'tools/nxp/cert_create_helper' is added to support platform specific macros and definitions. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
Diffstat (limited to 'tools')
-rw-r--r--tools/cert_create/Makefile14
-rw-r--r--tools/cert_create/include/cert.h19
-rw-r--r--tools/cert_create/include/ext.h19
-rw-r--r--tools/cert_create/include/key.h19
-rw-r--r--tools/cert_create/src/cert.c27
-rw-r--r--tools/cert_create/src/ext.c26
-rw-r--r--tools/cert_create/src/key.c27
-rw-r--r--tools/nxp/cert_create_helper/cert_create_tbbr.mk31
-rw-r--r--tools/nxp/cert_create_helper/include/pdef_tbb_cert.h21
-rw-r--r--tools/nxp/cert_create_helper/include/pdef_tbb_ext.h25
-rw-r--r--tools/nxp/cert_create_helper/include/pdef_tbb_key.h18
-rw-r--r--tools/nxp/cert_create_helper/src/pdef_tbb_cert.c62
-rw-r--r--tools/nxp/cert_create_helper/src/pdef_tbb_ext.c108
-rw-r--r--tools/nxp/cert_create_helper/src/pdef_tbb_key.c18
14 files changed, 414 insertions, 20 deletions
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index c3c8bcf5e9..77d2007d51 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -16,6 +16,12 @@ MAKE_HELPERS_DIRECTORY := ../../make_helpers/
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+ifneq (${PLAT},none)
+TF_PLATFORM_ROOT := ../../plat/
+include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
+PLAT_CERT_CREATE_HELPER_MK := ${PLAT_DIR}/cert_create_tbbr.mk
+endif
+
# Common source files.
OBJECTS := src/cert.o \
src/cmd_opt.o \
@@ -33,6 +39,10 @@ else
$(error Unknown chain of trust ${COT})
endif
+ifneq (,$(wildcard ${PLAT_CERT_CREATE_HELPER_MK}))
+include ${PLAT_CERT_CREATE_HELPER_MK}
+endif
+
HOSTCCFLAGS := -Wall -std=c99
ifeq (${DEBUG},1)
@@ -51,7 +61,7 @@ HOSTCCFLAGS += ${DEFINES}
# Make soft links and include from local directory otherwise wrong headers
# could get pulled in from firmware tree.
-INC_DIR := -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
+INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
LIB_DIR := -L ${OPENSSL_DIR}/lib
LIB := -lssl -lcrypto
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index daf27a78a7..e63b4740ae 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -57,11 +57,20 @@ int cert_new(
/* Macro to register the certificates used in the CoT */
#define REGISTER_COT(_certs) \
- cert_t *certs = &_certs[0]; \
- const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0])
+ cert_t *def_certs = &_certs[0]; \
+ const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0])
+
+/* Macro to register the platform defined certificates used in the CoT */
+#define PLAT_REGISTER_COT(_pdef_certs) \
+ cert_t *pdef_certs = &_pdef_certs[0]; \
+ const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0])
/* Exported variables */
-extern cert_t *certs;
-extern const unsigned int num_certs;
+extern cert_t *def_certs;
+extern const unsigned int num_def_certs;
+extern cert_t *pdef_certs;
+extern const unsigned int num_pdef_certs;
+extern cert_t *certs;
+extern unsigned int num_certs;
#endif /* CERT_H */
diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 9c0b5c38a5..e900a6dc4a 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -75,11 +75,20 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k);
/* Macro to register the extensions used in the CoT */
#define REGISTER_EXTENSIONS(_ext) \
- ext_t *extensions = &_ext[0]; \
- const unsigned int num_extensions = sizeof(_ext)/sizeof(_ext[0])
+ ext_t *def_extensions = &_ext[0]; \
+ const unsigned int num_def_extensions = sizeof(_ext)/sizeof(_ext[0])
+
+/* Macro to register the platform defined extensions used in the CoT */
+#define PLAT_REGISTER_EXTENSIONS(_pdef_ext) \
+ ext_t *pdef_extensions = &_pdef_ext[0]; \
+ const unsigned int num_pdef_extensions = sizeof(_pdef_ext)/sizeof(_pdef_ext[0])
/* Exported variables */
-extern ext_t *extensions;
-extern const unsigned int num_extensions;
+extern ext_t *def_extensions;
+extern const unsigned int num_def_extensions;
+extern ext_t *pdef_extensions;
+extern const unsigned int num_pdef_extensions;
+extern ext_t *extensions;
+extern unsigned int num_extensions;
#endif /* EXT_H */
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index d96d9839a2..128e7f7b42 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -73,11 +73,20 @@ int key_store(key_t *key);
/* Macro to register the keys used in the CoT */
#define REGISTER_KEYS(_keys) \
- key_t *keys = &_keys[0]; \
- const unsigned int num_keys = sizeof(_keys)/sizeof(_keys[0])
+ key_t *def_keys = &_keys[0]; \
+ const unsigned int num_def_keys = sizeof(_keys)/sizeof(_keys[0])
+
+/* Macro to register the platform defined keys used in the CoT */
+#define PLAT_REGISTER_KEYS(_pdef_keys) \
+ key_t *pdef_keys = &_pdef_keys[0]; \
+ const unsigned int num_pdef_keys = sizeof(_pdef_keys)/sizeof(_pdef_keys[0])
/* Exported variables */
-extern key_t *keys;
-extern const unsigned int num_keys;
+extern key_t *def_keys;
+extern const unsigned int num_def_keys;
+extern key_t *pdef_keys;
+extern const unsigned int num_pdef_keys;
+extern key_t *keys;
+extern unsigned int num_keys;
#endif /* KEY_H */
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 153f5557df..4b35d735aa 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,6 +24,9 @@
#define SERIAL_RAND_BITS 64
#define RSA_SALT_LEN 32
+cert_t *certs;
+unsigned int num_certs;
+
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
{
BIGNUM *btmp;
@@ -220,6 +223,28 @@ int cert_init(void)
cert_t *cert;
unsigned int i;
+ certs = malloc((num_def_certs * sizeof(def_certs[0]))
+#ifdef PDEF_CERTS
+ + (num_pdef_certs * sizeof(pdef_certs[0]))
+#endif
+ );
+ if (certs == NULL) {
+ ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+ return 1;
+ }
+
+ memcpy(&certs[0], &def_certs[0],
+ (num_def_certs * sizeof(def_certs[0])));
+
+#ifdef PDEF_CERTS
+ memcpy(&certs[num_def_certs], &pdef_certs[0],
+ (num_pdef_certs * sizeof(pdef_certs[0])));
+
+ num_certs = num_def_certs + num_pdef_certs;
+#else
+ num_certs = num_def_certs;
+#endif
+
for (i = 0; i < num_certs; i++) {
cert = &certs[i];
cmd_opt.long_opt.name = cert->opt;
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 65dd3e583d..28821238fc 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,8 +13,12 @@
#include <openssl/x509v3.h>
#include "cmd_opt.h"
+#include "debug.h"
#include "ext.h"
+ext_t *extensions;
+unsigned int num_extensions;
+
DECLARE_ASN1_ITEM(ASN1_INTEGER)
DECLARE_ASN1_ITEM(X509_ALGOR)
DECLARE_ASN1_ITEM(ASN1_OCTET_STRING)
@@ -51,6 +55,26 @@ int ext_init(void)
int nid, ret;
unsigned int i;
+ extensions = malloc((num_def_extensions * sizeof(def_extensions[0]))
+#ifdef PDEF_EXTS
+ + (num_pdef_extensions * sizeof(pdef_extensions[0]))
+#endif
+ );
+ if (extensions == NULL) {
+ ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+ return 1;
+ }
+
+ memcpy(&extensions[0], &def_extensions[0],
+ (num_def_extensions * sizeof(def_extensions[0])));
+#ifdef PDEF_EXTS
+ memcpy(&extensions[num_def_extensions], &pdef_extensions[0],
+ (num_pdef_extensions * sizeof(pdef_extensions[0])));
+ num_extensions = num_def_extensions + num_pdef_extensions;
+#else
+ num_extensions = num_def_extensions;
+#endif
+
for (i = 0; i < num_extensions; i++) {
ext = &extensions[i];
/* Register command line option */
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index fcc9d53162..64359756ff 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,9 @@
#define MAX_FILENAME_LEN 1024
+key_t *keys;
+unsigned int num_keys;
+
/*
* Create a new key container
*/
@@ -182,6 +185,28 @@ int key_init(void)
key_t *key;
unsigned int i;
+ keys = malloc((num_def_keys * sizeof(def_keys[0]))
+#ifdef PDEF_KEYS
+ + (num_pdef_keys * sizeof(pdef_keys[0]))
+#endif
+ );
+
+ if (keys == NULL) {
+ ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+ return 1;
+ }
+
+ memcpy(&keys[0], &def_keys[0], (num_def_keys * sizeof(def_keys[0])));
+#ifdef PDEF_KEYS
+ memcpy(&keys[num_def_keys], &pdef_keys[0],
+ (num_pdef_keys * sizeof(pdef_keys[0])));
+
+ num_keys = num_def_keys + num_pdef_keys;
+#else
+ num_keys = num_def_keys;
+#endif
+ ;
+
for (i = 0; i < num_keys; i++) {
key = &keys[i];
if (key->opt != NULL) {
diff --git a/tools/nxp/cert_create_helper/cert_create_tbbr.mk b/tools/nxp/cert_create_helper/cert_create_tbbr.mk
new file mode 100644
index 0000000000..e3b2e9178f
--- /dev/null
+++ b/tools/nxp/cert_create_helper/cert_create_tbbr.mk
@@ -0,0 +1,31 @@
+#
+# Copyright 2021 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Compile time defines used by NXP platforms
+
+PLAT_DEF_OID := yes
+
+ifeq (${PLAT_DEF_OID},yes)
+
+$(eval $(call add_define, PLAT_DEF_OID))
+$(eval $(call add_define, PDEF_KEYS))
+$(eval $(call add_define, PDEF_CERTS))
+$(eval $(call add_define, PDEF_EXTS))
+
+
+INC_DIR += -I../../plat/nxp/common/fip_handler/common/
+
+PDEF_CERT_TOOL_PATH := ../nxp/cert_create_helper
+PLAT_INCLUDE += -I${PDEF_CERT_TOOL_PATH}/include
+
+PLAT_OBJECTS += ${PDEF_CERT_TOOL_PATH}/src/pdef_tbb_cert.o \
+ ${PDEF_CERT_TOOL_PATH}/src/pdef_tbb_ext.o \
+ ${PDEF_CERT_TOOL_PATH}/src/pdef_tbb_key.o
+
+$(shell rm ${PLAT_OBJECTS})
+
+OBJECTS += ${PLAT_OBJECTS}
+endif
diff --git a/tools/nxp/cert_create_helper/include/pdef_tbb_cert.h b/tools/nxp/cert_create_helper/include/pdef_tbb_cert.h
new file mode 100644
index 0000000000..f18561979b
--- /dev/null
+++ b/tools/nxp/cert_create_helper/include/pdef_tbb_cert.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PDEF_TBB_CERT_H
+#define PDEF_TBB_CERT_H
+
+#include <tbbr/tbb_cert.h>
+
+/*
+ * Enumerate the certificates that are used to establish the chain of trust
+ */
+enum {
+ DDR_FW_KEY_CERT = FWU_CERT + 1,
+ DDR_UDIMM_FW_CONTENT_CERT,
+ DDR_RDIMM_FW_CONTENT_CERT
+};
+
+#endif /* PDEF_TBB_CERT_H */
diff --git a/tools/nxp/cert_create_helper/include/pdef_tbb_ext.h b/tools/nxp/cert_create_helper/include/pdef_tbb_ext.h
new file mode 100644
index 0000000000..5fb349cf70
--- /dev/null
+++ b/tools/nxp/cert_create_helper/include/pdef_tbb_ext.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PDEF_TBB_EXT_H
+#define PDEF_TBB_EXT_H
+
+#include <tbbr/tbb_ext.h>
+
+/* Plat Defined TBBR extensions */
+enum {
+ DDR_FW_CONTENT_CERT_PK_EXT = FWU_HASH_EXT + 1,
+ DDR_IMEM_UDIMM_1D_HASH_EXT,
+ DDR_IMEM_UDIMM_2D_HASH_EXT,
+ DDR_DMEM_UDIMM_1D_HASH_EXT,
+ DDR_DMEM_UDIMM_2D_HASH_EXT,
+ DDR_IMEM_RDIMM_1D_HASH_EXT,
+ DDR_IMEM_RDIMM_2D_HASH_EXT,
+ DDR_DMEM_RDIMM_1D_HASH_EXT,
+ DDR_DMEM_RDIMM_2D_HASH_EXT
+};
+
+#endif /* PDEF_TBB_EXT_H */
diff --git a/tools/nxp/cert_create_helper/include/pdef_tbb_key.h b/tools/nxp/cert_create_helper/include/pdef_tbb_key.h
new file mode 100644
index 0000000000..b26b651535
--- /dev/null
+++ b/tools/nxp/cert_create_helper/include/pdef_tbb_key.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PDEF_TBB_KEY_H
+#define PDEF_TBB_KEY_H
+
+#include <tbbr/tbb_key.h>
+
+/*
+ * Enumerate the pltform defined keys that are used to establish the chain of trust
+ */
+enum {
+ DDR_FW_CONTENT_KEY = NON_TRUSTED_FW_CONTENT_CERT_KEY + 1,
+};
+#endif /* PDEF_TBB_KEY_H */
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_cert.c b/tools/nxp/cert_create_helper/src/pdef_tbb_cert.c
new file mode 100644
index 0000000000..40bd9282b7
--- /dev/null
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_cert.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <pdef_tbb_cert.h>
+#include <pdef_tbb_ext.h>
+#include <pdef_tbb_key.h>
+
+static cert_t pdef_tbb_certs[] = {
+ [DDR_FW_KEY_CERT - DDR_FW_KEY_CERT] = {
+ .id = DDR_FW_KEY_CERT,
+ .opt = "ddr-fw-key-cert",
+ .help_msg = "DDR Firmware Key Certificate (output file)",
+ .fn = NULL,
+ .cn = "DDR Firmware Key Certificate",
+ .key = TRUSTED_WORLD_KEY,
+ .issuer = DDR_FW_KEY_CERT,
+ .ext = {
+ TRUSTED_FW_NVCOUNTER_EXT,
+ DDR_FW_CONTENT_CERT_PK_EXT,
+ },
+ .num_ext = 2
+ },
+ [DDR_UDIMM_FW_CONTENT_CERT - DDR_FW_KEY_CERT] = {
+ .id = DDR_UDIMM_FW_CONTENT_CERT,
+ .opt = "ddr-udimm-fw-cert",
+ .help_msg = "DDR UDIMM Firmware Content Certificate (output file)",
+ .fn = NULL,
+ .cn = "DDR UDIMM Firmware Content Certificate",
+ .key = DDR_FW_CONTENT_KEY,
+ .issuer = DDR_UDIMM_FW_CONTENT_CERT,
+ .ext = {
+ TRUSTED_FW_NVCOUNTER_EXT,
+ DDR_IMEM_UDIMM_1D_HASH_EXT,
+ DDR_IMEM_UDIMM_2D_HASH_EXT,
+ DDR_DMEM_UDIMM_1D_HASH_EXT,
+ DDR_DMEM_UDIMM_2D_HASH_EXT,
+ },
+ .num_ext = 5
+ },
+ [DDR_RDIMM_FW_CONTENT_CERT - DDR_FW_KEY_CERT] = {
+ .id = DDR_RDIMM_FW_CONTENT_CERT,
+ .opt = "ddr-rdimm-fw-cert",
+ .help_msg = "DDR RDIMM Firmware Content Certificate (output file)",
+ .fn = NULL,
+ .cn = "DDR RDIMM Firmware Content Certificate",
+ .key = DDR_FW_CONTENT_KEY,
+ .issuer = DDR_RDIMM_FW_CONTENT_CERT,
+ .ext = {
+ TRUSTED_FW_NVCOUNTER_EXT,
+ DDR_IMEM_RDIMM_1D_HASH_EXT,
+ DDR_IMEM_RDIMM_2D_HASH_EXT,
+ DDR_DMEM_RDIMM_1D_HASH_EXT,
+ DDR_DMEM_RDIMM_2D_HASH_EXT,
+ },
+ .num_ext = 5
+ }
+};
+
+PLAT_REGISTER_COT(pdef_tbb_certs);
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_ext.c b/tools/nxp/cert_create_helper/src/pdef_tbb_ext.c
new file mode 100644
index 0000000000..f6da6ddde5
--- /dev/null
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_ext.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
+#include "ext.h"
+#include "tbbr/tbb_ext.h"
+#include "tbbr/tbb_key.h"
+
+#include <pdef_tbb_ext.h>
+#include <pdef_tbb_key.h>
+
+static ext_t pdef_tbb_ext[] = {
+ [DDR_FW_CONTENT_CERT_PK_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_FW_CONTENT_CERT_PK_OID,
+ .sn = "DDR FirmwareContentCertPK",
+ .ln = "DDR Firmware content certificate public key",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_PKEY,
+ .attr.key = DDR_FW_CONTENT_KEY
+ },
+ [DDR_IMEM_UDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_IMEM_UDIMM_1D_HASH_OID,
+ .opt = "ddr-immem-udimm-1d",
+ .help_msg = "DDR Firmware IMEM UDIMM 1D image file",
+ .sn = "DDR UDIMM IMEM 1D FirmwareHash",
+ .ln = "DDR UDIMM IMEM 1D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_IMEM_UDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_IMEM_UDIMM_2D_HASH_OID,
+ .opt = "ddr-immem-udimm-2d",
+ .help_msg = "DDR Firmware IMEM UDIMM 2D image file",
+ .sn = "DDR UDIMM IMEM 2D FirmwareHash",
+ .ln = "DDR UDIMM IMEM 2D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_DMEM_UDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_DMEM_UDIMM_1D_HASH_OID,
+ .opt = "ddr-dmmem-udimm-1d",
+ .help_msg = "DDR Firmware DMEM UDIMM 1D image file",
+ .sn = "DDR UDIMM DMEM 1D FirmwareHash",
+ .ln = "DDR UDIMM DMEM 1D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_DMEM_UDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_DMEM_UDIMM_2D_HASH_OID,
+ .opt = "ddr-dmmem-udimm-2d",
+ .help_msg = "DDR Firmware DMEM UDIMM 2D image file",
+ .sn = "DDR UDIMM DMEM 2D FirmwareHash",
+ .ln = "DDR UDIMM DMEM 2D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_IMEM_RDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_IMEM_RDIMM_1D_HASH_OID,
+ .opt = "ddr-immem-rdimm-1d",
+ .help_msg = "DDR Firmware IMEM RDIMM 1D image file",
+ .sn = "DDR RDIMM IMEM 1D FirmwareHash",
+ .ln = "DDR RDIMM IMEM 1D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_IMEM_RDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_IMEM_RDIMM_2D_HASH_OID,
+ .opt = "ddr-immem-rdimm-2d",
+ .help_msg = "DDR Firmware IMEM RDIMM 2D image file",
+ .sn = "DDR RDIMM IMEM 2D FirmwareHash",
+ .ln = "DDR RDIMM IMEM 2D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_DMEM_RDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_DMEM_RDIMM_1D_HASH_OID,
+ .opt = "ddr-dmmem-rdimm-1d",
+ .help_msg = "DDR Firmware DMEM RDIMM 1D image file",
+ .sn = "DDR RDIMM DMEM 1D FirmwareHash",
+ .ln = "DDR RDIMM DMEM 1D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ },
+ [DDR_DMEM_RDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = DDR_DMEM_RDIMM_2D_HASH_OID,
+ .opt = "ddr-dmmem-rdimm-2d",
+ .help_msg = "DDR Firmware DMEM RDIMM 2D image file",
+ .sn = "DDR RDIMM DMEM 2D FirmwareHash",
+ .ln = "DDR RDIMM DMEM 2D Firmware hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH
+ }
+};
+
+PLAT_REGISTER_EXTENSIONS(pdef_tbb_ext);
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_key.c b/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
new file mode 100644
index 0000000000..cf2ebda3e3
--- /dev/null
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <pdef_tbb_key.h>
+
+static key_t pdef_tbb_keys[] = {
+ [DDR_FW_CONTENT_KEY - DDR_FW_CONTENT_KEY] = {
+ .id = DDR_FW_CONTENT_KEY,
+ .opt = "ddr-fw-key",
+ .help_msg = "DDR Firmware Content Certificate key (input/output file)",
+ .desc = "DDR Firmware Content Certificate key"
+ }
+};
+
+PLAT_REGISTER_KEYS(pdef_tbb_keys);