diff --git a/Makefile b/Makefile index 83d6b7e..1f59af0 100644 --- a/Makefile +++ b/Makefile @@ -445,6 +445,7 @@ $(eval $(call assert_boolean,SPIN_ON_BL1_EXIT)) $(eval $(call assert_boolean,TRUSTED_BOARD_BOOT)) $(eval $(call assert_boolean,USE_COHERENT_MEM)) +$(eval $(call assert_boolean,USE_TBBR_DEFS)) $(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY)) $(eval $(call assert_numeric,ARM_ARCH_MAJOR)) @@ -483,6 +484,7 @@ $(eval $(call add_define,SPIN_ON_BL1_EXIT)) $(eval $(call add_define,TRUSTED_BOARD_BOOT)) $(eval $(call add_define,USE_COHERENT_MEM)) +$(eval $(call add_define,USE_TBBR_DEFS)) $(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY)) # Define the EL3_PAYLOAD_BASE flag only if it is provided. @@ -606,7 +608,7 @@ .PHONY: ${CRTTOOL} ${CRTTOOL}: - ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} + ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH} @${ECHO_BLANK_LINE} @echo "Built $@ successfully" @${ECHO_BLANK_LINE} diff --git a/docs/user-guide.md b/docs/user-guide.md index 9135d89..97d0f66 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -914,7 +914,11 @@ make PLAT= [DEBUG=1] [V=1] certtool -Specifying the platform is mandatory since the tool is platform specific. +For platforms that do not require their own IDs in certificate files, +the generic 'cert_create' tool can be built with the following command: + + make USE_TBBR_DEFS=1 [DEBUG=1] [V=1] certtool + `DEBUG=1` builds the tool in debug mode. `V=1` makes the build process more verbose. The following command should be used to obtain help about the tool: diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 8b6ca23..e88c7c2 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -1,12 +1,16 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #include #include +#if USE_TBBR_DEFS +#include +#else #include +#endif #include /* diff --git a/include/plat/arm/board/common/board_arm_oid.h b/include/plat/arm/board/common/board_arm_oid.h deleted file mode 100644 index fc6cd79..0000000 --- a/include/plat/arm/board/common/board_arm_oid.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef __BOARD_ARM_OID_H__ -#define __BOARD_ARM_OID_H__ - -/* - * The following is a list of OID values defined and reserved by ARM, which - * are used to define the extension fields of the certificate structure, as - * defined in the Trusted Board Boot Requirements (TBBR) specification, - * ARM DEN0006C-1. - * - * Non-ARM platform owners that wish to align with the TBBR should define - * constants with the same name in their own platform port(s), using their - * own OIDs obtained from the ITU-T. - */ - - -/* TrustedFirmwareNVCounter - Non-volatile counter extension */ -#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" -/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ -#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" - - -/* - * Non-Trusted Firmware Updater Certificate - */ - -/* APFirmwareUpdaterConfigHash - BL2U */ -#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" -/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ -#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" -/* FirmwareUpdaterHash - NS_BL2U */ -#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" -/* TrustedWatchdogRefreshTime */ -#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" - - -/* - * Trusted Boot Firmware Certificate - */ - -/* TrustedBootFirmwareHash - BL2 */ -#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" - - -/* - * Trusted Key Certificate - */ - -/* PrimaryDebugCertificatePK */ -#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" -/* TrustedWorldPK */ -#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" -/* NonTrustedWorldPK */ -#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" - - -/* - * Trusted Debug Certificate - */ - -/* DebugScenario */ -#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" -/* SoC Specific */ -#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" -/* SecondaryDebugCertPK */ -#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" - - -/* - * SoC Firmware Key Certificate - */ - -/* SoCFirmwareContentCertPK */ -#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" - - -/* - * SoC Firmware Content Certificate - */ - -/* APRomPatchHash - BL1_PATCH */ -#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" -/* SoCConfigHash */ -#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" -/* SoCAPFirmwareHash - BL31 */ -#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" - - -/* - * SCP Firmware Key Certificate - */ - -/* SCPFirmwareContentCertPK */ -#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" - - -/* - * SCP Firmware Content Certificate - */ - -/* SCPFirmwareHash - SCP_BL2 */ -#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" -/* SCPRomPatchHash - SCP_BL1_PATCH */ -#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" - - -/* - * Trusted OS Firmware Key Certificate - */ - -/* TrustedOSFirmwareContentCertPK */ -#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" - - -/* - * Trusted OS Firmware Content Certificate - */ - -/* TrustedOSFirmwareHash - BL32 */ -#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" - - -/* - * Non-Trusted Firmware Key Certificate - */ - -/* NonTrustedFirmwareContentCertPK */ -#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" - - -/* - * Non-Trusted Firmware Content Certificate - */ - -/* NonTrustedWorldBootloaderHash - BL33 */ -#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" - -#endif /* __BOARD_ARM_OID_H__ */ diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h new file mode 100644 index 0000000..7a34087 --- /dev/null +++ b/include/tools_share/tbbr_oid.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef __TBBR_OID_H__ +#define __TBBR_OID_H__ + +/* + * The following is a list of OID values defined and reserved by ARM, which + * are used to define the extension fields of the certificate structure, as + * defined in the Trusted Board Boot Requirements (TBBR) specification, + * ARM DEN0006C-1. + */ + + +/* TrustedFirmwareNVCounter - Non-volatile counter extension */ +#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" +/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ +#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" + + +/* + * Non-Trusted Firmware Updater Certificate + */ + +/* APFirmwareUpdaterConfigHash - BL2U */ +#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" +/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ +#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" +/* FirmwareUpdaterHash - NS_BL2U */ +#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" +/* TrustedWatchdogRefreshTime */ +#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" + + +/* + * Trusted Boot Firmware Certificate + */ + +/* TrustedBootFirmwareHash - BL2 */ +#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" + + +/* + * Trusted Key Certificate + */ + +/* PrimaryDebugCertificatePK */ +#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" +/* TrustedWorldPK */ +#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" +/* NonTrustedWorldPK */ +#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" + + +/* + * Trusted Debug Certificate + */ + +/* DebugScenario */ +#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" +/* SoC Specific */ +#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" +/* SecondaryDebugCertPK */ +#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" + + +/* + * SoC Firmware Key Certificate + */ + +/* SoCFirmwareContentCertPK */ +#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" + + +/* + * SoC Firmware Content Certificate + */ + +/* APRomPatchHash - BL1_PATCH */ +#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" +/* SoCConfigHash */ +#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" +/* SoCAPFirmwareHash - BL31 */ +#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" + + +/* + * SCP Firmware Key Certificate + */ + +/* SCPFirmwareContentCertPK */ +#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" + + +/* + * SCP Firmware Content Certificate + */ + +/* SCPFirmwareHash - SCP_BL2 */ +#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" +/* SCPRomPatchHash - SCP_BL1_PATCH */ +#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" + + +/* + * Trusted OS Firmware Key Certificate + */ + +/* TrustedOSFirmwareContentCertPK */ +#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" + + +/* + * Trusted OS Firmware Content Certificate + */ + +/* TrustedOSFirmwareHash - BL32 */ +#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" + + +/* + * Non-Trusted Firmware Key Certificate + */ + +/* NonTrustedFirmwareContentCertPK */ +#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" + + +/* + * Non-Trusted Firmware Content Certificate + */ + +/* NonTrustedWorldBootloaderHash - BL33 */ +#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" + +#endif /* __TBBR_OID_H__ */ diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 18c41e0..a31e59c 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -128,6 +128,9 @@ # Build option to choose whether Trusted firmware uses Coherent memory or not. USE_COHERENT_MEM := 1 +# Use tbbr_oid.h instead of platform_oid.h +USE_TBBR_DEFS = $(ERROR_DEPRECATED) + # Build verbosity V := 0 diff --git a/plat/arm/board/fvp/include/platform_oid.h b/plat/arm/board/fvp/include/platform_oid.h index 5ef1580..c64155f 100644 --- a/plat/arm/board/fvp/include/platform_oid.h +++ b/plat/arm/board/fvp/include/platform_oid.h @@ -1,9 +1,9 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ -#include "../../../../../include/plat/arm/board/common/board_arm_oid.h" +#include /* * Required platform OIDs diff --git a/plat/arm/board/juno/include/platform_oid.h b/plat/arm/board/juno/include/platform_oid.h index 5ef1580..c64155f 100644 --- a/plat/arm/board/juno/include/platform_oid.h +++ b/plat/arm/board/juno/include/platform_oid.h @@ -1,9 +1,9 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ -#include "../../../../../include/plat/arm/board/common/board_arm_oid.h" +#include /* * Required platform OIDs diff --git a/plat/common/tbbr/plat_tbbr.c b/plat/common/tbbr/plat_tbbr.c index 4aa9457..f5a4f31 100644 --- a/plat/common/tbbr/plat_tbbr.c +++ b/plat/common/tbbr/plat_tbbr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,7 +7,11 @@ #include #include #include +#if USE_TBBR_DEFS +#include +#else #include +#endif #include /* diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile index 989a8e4..8a21649 100644 --- a/tools/cert_create/Makefile +++ b/tools/cert_create/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -27,6 +27,13 @@ include ${MAKE_HELPERS_DIRECTORY}build_macros.mk include ${MAKE_HELPERS_DIRECTORY}build_env.mk +ifeq (${USE_TBBR_DEFS},1) +# In this case, cert_tool is platform-independent +PLAT_MSG := TBBR Generic +PLAT_INCLUDE := ../../include/tools_share +else +PLAT_MSG := ${PLAT} + PLATFORM_ROOT := ../../plat/ include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk @@ -35,6 +42,7 @@ ifeq ($(PLAT_INCLUDE),) $(error "Error: Invalid platform '${PLAT}' has no include directory.") endif +endif ifeq (${DEBUG},1) CFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40 @@ -47,6 +55,9 @@ Q := endif +$(eval $(call add_define,USE_TBBR_DEFS)) +CFLAGS += ${DEFINES} + # Make soft links and include from local directory otherwise wrong headers # could get pulled in from firmware tree. INC_DIR := -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include @@ -62,7 +73,7 @@ ${BINARY}: ${OBJECTS} Makefile @echo " LD $@" @echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \ - const char platform_msg[] = "${PLAT}";' | \ + const char platform_msg[] = "${PLAT_MSG}";' | \ ${CC} -c ${CFLAGS} -xc - -o src/build_msg.o ${Q}${CC} src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@ diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c index 62ff255..80ccfe9 100644 --- a/tools/cert_create/src/cert.c +++ b/tools/cert_create/src/cert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,11 +14,16 @@ #include #include +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "key.h" -#include "platform_oid.h" #include "sha.h" #define SERIAL_RAND_BITS 64 diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index a118fbb..c1bde5d 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,11 +13,16 @@ #include #include +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "key.h" -#include "platform_oid.h" #include "sha.h" #define MAX_FILENAME_LEN 1024 diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index e0f331c..9923637 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -18,12 +18,17 @@ #include #include +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "ext.h" #include "key.h" -#include "platform_oid.h" #include "sha.h" #include "tbbr/tbb_ext.h" #include "tbbr/tbb_cert.h" diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index 11d779b..d9a8ea2 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -8,8 +8,14 @@ #include #include #include + +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "ext.h" -#include "platform_oid.h" #include "tbbr/tbb_ext.h" #include "tbbr/tbb_key.h"