TBB: add platform API to read the ROTPK information

This patch extends the platform port by adding an API that returns
either the Root of Trust public key (ROTPK) or its hash. This is
usually stored in ROM or eFUSE memory. The ROTPK returned must be
encoded in DER format according to the following ASN.1 structure:

    SubjectPublicKeyInfo  ::=  SEQUENCE  {
        algorithm           AlgorithmIdentifier,
        subjectPublicKey    BIT STRING
    }

In case the platform returns a hash of the key:

    DigestInfo  ::= SEQUENCE {
        digestAlgorithm     AlgorithmIdentifier,
        keyDigest           OCTET STRING
    }

An implementation for ARM development platforms is provided in this
patch. When TBB is enabled, the ROTPK hash location must be specified
using the build option 'ARM_ROTPK_LOCATION'. Available options are:

    - 'regs' : return the ROTPK hash stored in the Trusted
      root-key storage registers.

    - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
      BL2 binaries. This hash has been obtained from the development
      RSA public key located in 'plat/arm/board/common/rotpk'.

On FVP, the number of MMU tables has been increased to map and
access the ROTPK registers.

A new file 'board_common.mk' has been added to improve code sharing
in the ARM develelopment platforms.

Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
diff --git a/docs/porting-guide.md b/docs/porting-guide.md
index 4f842c4..d009605 100644
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -483,6 +483,38 @@
 the platform. Any other return value means a mismatch.
 
 
+### Function: plat_get_rotpk_info()
+
+    Argument : void *, void **, unsigned int *, unsigned int *
+    Return   : int
+
+This function is mandatory when Trusted Board Boot is enabled. It returns a
+pointer to the ROTPK stored in the platform (or a hash of it) and its length.
+The ROTPK must be encoded in DER format according to the following ASN.1
+structure:
+
+    AlgorithmIdentifier  ::=  SEQUENCE  {
+        algorithm         OBJECT IDENTIFIER,
+        parameters        ANY DEFINED BY algorithm OPTIONAL
+    }
+
+    SubjectPublicKeyInfo  ::=  SEQUENCE  {
+        algorithm         AlgorithmIdentifier,
+        subjectPublicKey  BIT STRING
+    }
+
+In case the function returns a hash of the key:
+
+    DigestInfo ::= SEQUENCE {
+        digestAlgorithm   AlgorithmIdentifier,
+        digest            OCTET STRING
+    }
+
+The function returns 0 on success. Any other value means the ROTPK could not be
+retrieved from the platform. The function also reports extra information related
+to the ROTPK in the flags parameter.
+
+
 
 2.3 Common optional modifications
 ---------------------------------
diff --git a/docs/user-guide.md b/docs/user-guide.md
index 184e46a..742f616 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -346,6 +346,23 @@
 For a better understanding of these options, the ARM development platform memory
 map is explained in the [Firmware Design].
 
+*   `ARM_ROTPK_LOCATION`: used when `TRUSTED_BOARD_BOOT=1`. It specifies the
+    location of the ROTPK hash returned by the function `plat_get_rotpk_info()`
+    for ARM platforms. Depending on the selected option, the proper private key
+    must be specified using the `ROT_KEY` option when building the Trusted
+    Firmware. This private key will be used by the certificate generation tool
+    to sign the BL2 and Trusted Key certificates. Available options for
+    `ARM_ROTPK_LOCATION` are:
+
+    -   `regs` : return the ROTPK hash stored in the Trusted root-key storage
+        registers. The private key corresponding to this ROTPK hash is not
+        currently available.
+    -   `devel_rsa` : return a development public key hash embedded in the BL1
+        and BL2 binaries. This hash has been obtained from the RSA public key
+        `arm_rotpk_rsa.der`, located in `plat/arm/board/common/rotpk`. To use
+        this option, `arm_rotprivk_rsa.pem` must be specified as `ROT_KEY` when
+        creating the certificates.
+
 #### ARM CSS platform specific build options
 
 *   `CSS_DETECT_PRE_1_7_0_SCP`: Boolean flag to detect SCP version