Attest: Rename claims according to latest spec version
Latest spec:
https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html
Rename the following claims and related code (functions and variables, etc):
- UEID -> Instance ID
- Origination -> Verification Service Indicator
- Hardware Version -> Certification Reference
- Challenge -> Nonce
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I4342d18893f81f4cd9163fca5e9ea9a08f1b8b6e
diff --git a/platform/ext/accelerator/cc312/otp_cc312.c b/platform/ext/accelerator/cc312/otp_cc312.c
index 282965c..e073ca2 100644
--- a/platform/ext/accelerator/cc312/otp_cc312.c
+++ b/platform/ext/accelerator/cc312/otp_cc312.c
@@ -128,9 +128,9 @@
* This field is implemented in the CC312 user-area. It is used in TF-M to
* store the implementation_id
*
- * @var plat_otp_layout_t::hw_version
+ * @var plat_otp_layout_t::cert_ref
* This field is implemented in the CC312 user-area. It is used in TF-M to
- * store the hw version
+ * store the certification reference.
*
* @var plat_otp_layout_t::verification_service_url
* This field is implemented in the CC312 user-area. It is used in TF-M to
@@ -197,7 +197,7 @@
__PACKED_STRUCT{
uint16_t boot_seed_zero_bits;
uint16_t implementation_id_zero_bits;
- uint16_t hw_version_zero_bits;
+ uint16_t cert_ref_zero_bits;
uint16_t verification_service_url_zero_bits;
uint16_t profile_definition_zero_bits;
uint16_t iak_len_zero_bits;
@@ -221,7 +221,7 @@
uint8_t boot_seed[32];
uint8_t implementation_id[32];
- uint8_t hw_version[32];
+ uint8_t cert_ref[32];
uint8_t verification_service_url[32];
uint8_t profile_definition[32];
@@ -470,9 +470,9 @@
return err;
}
- err = verify_zero_bits_count(otp->hw_version,
- sizeof(otp->hw_version),
- (uint8_t*)&otp->hw_version_zero_bits);
+ err = verify_zero_bits_count(otp->cert_ref,
+ sizeof(otp->cert_ref),
+ (uint8_t*)&otp->cert_ref_zero_bits);
if (err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
@@ -664,8 +664,8 @@
case PLAT_OTP_ID_IMPLEMENTATION_ID:
return otp_read(otp->implementation_id,
sizeof(otp->implementation_id), out_len, out);
- case PLAT_OTP_ID_HW_VERSION:
- return otp_read(otp->hw_version, sizeof(otp->hw_version), out_len,
+ case PLAT_OTP_ID_CERT_REF:
+ return otp_read(otp->cert_ref, sizeof(otp->cert_ref), out_len,
out);
case PLAT_OTP_ID_VERIFICATION_SERVICE_URL:
return otp_read(otp->verification_service_url,
@@ -894,9 +894,9 @@
return otp_write(otp->implementation_id,
sizeof(otp->implementation_id), in_len, in,
(uint8_t*)&otp->implementation_id_zero_bits);
- case PLAT_OTP_ID_HW_VERSION:
- return otp_write(otp->hw_version, sizeof(otp->hw_version), in_len,
- in, (uint8_t*)&otp->hw_version_zero_bits);
+ case PLAT_OTP_ID_CERT_REF:
+ return otp_write(otp->cert_ref, sizeof(otp->cert_ref), in_len,
+ in, (uint8_t*)&otp->cert_ref_zero_bits);
case PLAT_OTP_ID_VERIFICATION_SERVICE_URL:
return otp_write(otp->verification_service_url,
sizeof(otp->verification_service_url), in_len, in,
@@ -1026,8 +1026,8 @@
case PLAT_OTP_ID_IMPLEMENTATION_ID:
*size = sizeof(otp->implementation_id);
break;
- case PLAT_OTP_ID_HW_VERSION:
- *size = sizeof(otp->hw_version);
+ case PLAT_OTP_ID_CERT_REF:
+ *size = sizeof(otp->cert_ref);
break;
case PLAT_OTP_ID_VERIFICATION_SERVICE_URL:
*size = sizeof(otp->verification_service_url);
diff --git a/platform/ext/common/provisioning.c b/platform/ext/common/provisioning.c
index 0232e88..11ff800 100644
--- a/platform/ext/common/provisioning.c
+++ b/platform/ext/common/provisioning.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -32,7 +32,7 @@
uint8_t boot_seed[32];
uint8_t implementation_id[32];
- uint8_t hw_version[32];
+ uint8_t cert_ref[32];
uint8_t verification_service_url[32];
uint8_t profile_definition[32];
@@ -85,8 +85,8 @@
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
},
- /* hw version */
- "0604565272829100",
+ /* certification reference */
+ "0604565272829",
/* verification_service_url */
"www.trustedfirmware.org",
/* attestation_profile_definition */
@@ -204,9 +204,9 @@
if (err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
- err = tfm_plat_otp_write(PLAT_OTP_ID_HW_VERSION,
- sizeof(psa_rot_prov_data.hw_version),
- psa_rot_prov_data.hw_version);
+ err = tfm_plat_otp_write(PLAT_OTP_ID_CERT_REF,
+ sizeof(psa_rot_prov_data.cert_ref),
+ psa_rot_prov_data.cert_ref);
if (err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
diff --git a/platform/ext/common/template/attest_hal.c b/platform/ext/common/template/attest_hal.c
index d66de03..4f6ad02 100644
--- a/platform/ext/common/template/attest_hal.c
+++ b/platform/ext/common/template/attest_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -117,17 +117,17 @@
return TFM_PLAT_ERR_SUCCESS;
}
-enum tfm_plat_err_t tfm_plat_get_hw_version(uint32_t *size, uint8_t *buf)
+enum tfm_plat_err_t tfm_plat_get_cert_ref(uint32_t *size, uint8_t *buf)
{
enum tfm_plat_err_t err;
size_t otp_size;
- err = tfm_plat_otp_read(PLAT_OTP_ID_HW_VERSION, *size, buf);
+ err = tfm_plat_otp_read(PLAT_OTP_ID_CERT_REF, *size, buf);
if(err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
- err = tfm_plat_otp_get_size(PLAT_OTP_ID_HW_VERSION, &otp_size);
+ err = tfm_plat_otp_get_size(PLAT_OTP_ID_CERT_REF, &otp_size);
if(err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
diff --git a/platform/ext/common/template/flash_otp_nv_counters_backend.h b/platform/ext/common/template/flash_otp_nv_counters_backend.h
index 14d156f..5a74233 100644
--- a/platform/ext/common/template/flash_otp_nv_counters_backend.h
+++ b/platform/ext/common/template/flash_otp_nv_counters_backend.h
@@ -33,7 +33,7 @@
uint8_t boot_seed[32];
uint8_t lcs[4];
uint8_t implementation_id[32];
- uint8_t hw_version[32];
+ uint8_t cert_ref[32];
uint8_t verification_service_url[32];
uint8_t profile_definition[32];
diff --git a/platform/ext/common/template/otp_flash.c b/platform/ext/common/template/otp_flash.c
index 4b834d6..341c711 100644
--- a/platform/ext/common/template/otp_flash.c
+++ b/platform/ext/common/template/otp_flash.c
@@ -67,8 +67,8 @@
return write_to_output(id, offsetof(struct flash_otp_nv_counters_region_t, lcs), out_len, out);
case PLAT_OTP_ID_IMPLEMENTATION_ID:
return write_to_output(id, offsetof(struct flash_otp_nv_counters_region_t, implementation_id), out_len, out);
- case PLAT_OTP_ID_HW_VERSION:
- return write_to_output(id, offsetof(struct flash_otp_nv_counters_region_t, hw_version), out_len, out);
+ case PLAT_OTP_ID_CERT_REF:
+ return write_to_output(id, offsetof(struct flash_otp_nv_counters_region_t, cert_ref), out_len, out);
case PLAT_OTP_ID_VERIFICATION_SERVICE_URL:
return write_to_output(id, offsetof(struct flash_otp_nv_counters_region_t, verification_service_url), out_len, out);
case PLAT_OTP_ID_PROFILE_DEFINITION:
@@ -188,8 +188,8 @@
return read_from_input(id, offsetof(struct flash_otp_nv_counters_region_t, lcs), in_len, in);
case PLAT_OTP_ID_IMPLEMENTATION_ID:
return read_from_input(id, offsetof(struct flash_otp_nv_counters_region_t, implementation_id), in_len, in);
- case PLAT_OTP_ID_HW_VERSION:
- return read_from_input(id, offsetof(struct flash_otp_nv_counters_region_t, hw_version), in_len, in);
+ case PLAT_OTP_ID_CERT_REF:
+ return read_from_input(id, offsetof(struct flash_otp_nv_counters_region_t, cert_ref), in_len, in);
case PLAT_OTP_ID_VERIFICATION_SERVICE_URL:
return read_from_input(id, offsetof(struct flash_otp_nv_counters_region_t, verification_service_url), in_len, in);
case PLAT_OTP_ID_PROFILE_DEFINITION:
@@ -286,8 +286,8 @@
case PLAT_OTP_ID_IMPLEMENTATION_ID:
*size = sizeof(((struct flash_otp_nv_counters_region_t*)0)->implementation_id);
break;
- case PLAT_OTP_ID_HW_VERSION:
- *size = sizeof(((struct flash_otp_nv_counters_region_t*)0)->hw_version);
+ case PLAT_OTP_ID_CERT_REF:
+ *size = sizeof(((struct flash_otp_nv_counters_region_t*)0)->cert_ref);
break;
case PLAT_OTP_ID_VERIFICATION_SERVICE_URL:
*size = sizeof(((struct flash_otp_nv_counters_region_t*)0)->verification_service_url);
diff --git a/platform/ext/target/nxp/common/plat_attest_hal.c b/platform/ext/target/nxp/common/plat_attest_hal.c
index c289845..1e66697 100644
--- a/platform/ext/target/nxp/common/plat_attest_hal.c
+++ b/platform/ext/target/nxp/common/plat_attest_hal.c
@@ -151,17 +151,17 @@
return TFM_PLAT_ERR_SUCCESS;
}
-enum tfm_plat_err_t tfm_plat_get_hw_version(uint32_t *size, uint8_t *buf)
+enum tfm_plat_err_t tfm_plat_get_cert_ref(uint32_t *size, uint8_t *buf)
{
enum tfm_plat_err_t err;
size_t otp_size;
- err = tfm_plat_otp_read(PLAT_OTP_ID_HW_VERSION, *size, buf);
+ err = tfm_plat_otp_read(PLAT_OTP_ID_CERT_REF, *size, buf);
if(err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
- err = tfm_plat_otp_get_size(PLAT_OTP_ID_HW_VERSION, &otp_size);
+ err = tfm_plat_otp_get_size(PLAT_OTP_ID_CERT_REF, &otp_size);
if(err != TFM_PLAT_ERR_SUCCESS) {
return err;
}
diff --git a/platform/ext/target/stm/common/hal/provision/otp_provision.c b/platform/ext/target/stm/common/hal/provision/otp_provision.c
index fe1490c..e38ed8e 100644
--- a/platform/ext/target/stm/common/hal/provision/otp_provision.c
+++ b/platform/ext/target/stm/common/hal/provision/otp_provision.c
@@ -36,7 +36,7 @@
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0
#if defined(__ICCARM__)
-__root
+__root
#endif
#if defined(__ICCARM__)
#pragma default_function_attributes = @ ".BL2_OTP_Const"
@@ -65,7 +65,7 @@
0xEA, 0x31, 0x19, 0x35, 0x64, 0xCB, 0xA9, 0x1F,
0xEC, 0x6F, 0x9A, 0x00, 0x2A, 0x7D, 0xC0, 0x50,
0x4B, 0x92, 0xA1, 0x93, 0x71, 0x34, 0x58, 0x5F
- },
+ },
#endif
/* IAK len */
.iak_len = { INT2LE(32) },
@@ -95,9 +95,9 @@
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
},
- /* hw version */
- .hw_version = { '0','6','0','4','5','6','5','2',
- '7','2','8','2','9','1','0','0'},
+ /* certification reference */
+ .cert_ref = { '0','6','0','4','5','6','5','2','7',
+ '2','8','2','9','1','0','0','1','0'},
/* verification_service_url */
.verification_service_url = "www.trustedfirmware.org",
/* attestation_profile_definition */