diff --git a/.gitignore b/.gitignore index 2f9c89d..4ece189 100644 --- a/.gitignore +++ b/.gitignore @@ -19,10 +19,6 @@ tools/cert_create/cert_create tools/cert_create/cert_create.exe -# Ignore header files copied. -tools/fiptool/firmware_image_package.h -tools/fiptool/uuid.h - # GNU GLOBAL files GPATH GRTAGS diff --git a/Makefile b/Makefile index ddf8756..d9a29bd 100644 --- a/Makefile +++ b/Makefile @@ -179,7 +179,8 @@ -Iinclude/plat/common \ -Iinclude/services \ ${PLAT_INCLUDES} \ - ${SPD_INCLUDES} + ${SPD_INCLUDES} \ + -Iinclude/tools_share ################################################################################ @@ -442,6 +443,7 @@ $(eval $(call assert_boolean,SPIN_ON_BL1_EXIT)) $(eval $(call assert_boolean,TRUSTED_BOARD_BOOT)) $(eval $(call assert_boolean,USE_COHERENT_MEM)) +$(eval $(call assert_boolean,USE_TBBR_DEFS)) $(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY)) $(eval $(call assert_numeric,ARM_ARCH_MAJOR)) @@ -480,6 +482,7 @@ $(eval $(call add_define,SPIN_ON_BL1_EXIT)) $(eval $(call add_define,TRUSTED_BOARD_BOOT)) $(eval $(call add_define,USE_COHERENT_MEM)) +$(eval $(call add_define,USE_TBBR_DEFS)) $(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY)) # Define the EL3_PAYLOAD_BASE flag only if it is provided. @@ -603,7 +606,7 @@ .PHONY: ${CRTTOOL} ${CRTTOOL}: - ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} + ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH} @${ECHO_BLANK_LINE} @echo "Built $@ successfully" @${ECHO_BLANK_LINE} diff --git a/docs/user-guide.md b/docs/user-guide.md index 2379298..85ece93 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -914,7 +914,11 @@ make PLAT= [DEBUG=1] [V=1] certtool -Specifying the platform is mandatory since the tool is platform specific. +For platforms that do not require their own IDs in certificate files, +the generic 'cert_create' tool can be built with the following command: + + make USE_TBBR_DEFS=1 [DEBUG=1] [V=1] certtool + `DEBUG=1` builds the tool in debug mode. `V=1` makes the build process more verbose. The following command should be used to obtain help about the tool: diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 8b6ca23..e88c7c2 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -1,12 +1,16 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #include #include +#if USE_TBBR_DEFS +#include +#else #include +#endif #include /* diff --git a/include/common/firmware_image_package.h b/include/common/firmware_image_package.h deleted file mode 100644 index dcf16b4..0000000 --- a/include/common/firmware_image_package.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef __FIRMWARE_IMAGE_PACKAGE_H__ -#define __FIRMWARE_IMAGE_PACKAGE_H__ - -#include -#include - -/* This is used as a signature to validate the blob header */ -#define TOC_HEADER_NAME 0xAA640001 - - -/* ToC Entry UUIDs */ -#define UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U \ - {0x03279265, 0x742f, 0x44e6, 0x8d, 0xff, {0x57, 0x9a, 0xc1, 0xff, 0x06, 0x10} } -#define UUID_TRUSTED_UPDATE_FIRMWARE_BL2U \ - {0x37ebb360, 0xe5c1, 0x41ea, 0x9d, 0xf3, {0x19, 0xed, 0xa1, 0x1f, 0x68, 0x01} } -#define UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U \ - {0x111d514f, 0xe52b, 0x494e, 0xb4, 0xc5, {0x83, 0xc2, 0xf7, 0x15, 0x84, 0x0a} } -#define UUID_TRUSTED_FWU_CERT \ - {0xb28a4071, 0xd618, 0x4c87, 0x8b, 0x2e, {0xc6, 0xdc, 0xcd, 0x50, 0xf0, 0x96} } -#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \ - {0x0becf95f, 0x224d, 0x4d3e, 0xa5, 0x44, {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} } -#define UUID_SCP_FIRMWARE_SCP_BL2 \ - {0x3dfd6697, 0xbe89, 0x49e8, 0xae, 0x5d, {0x78, 0xa1, 0x40, 0x60, 0x82, 0x13} } -#define UUID_EL3_RUNTIME_FIRMWARE_BL31 \ - {0x6d08d447, 0xfe4c, 0x4698, 0x9b, 0x95, {0x29, 0x50, 0xcb, 0xbd, 0x5a, 0x00} } -#define UUID_SECURE_PAYLOAD_BL32 \ - {0x89e1d005, 0xdc53, 0x4713, 0x8d, 0x2b, {0x50, 0x0a, 0x4b, 0x7a, 0x3e, 0x38} } -#define UUID_NON_TRUSTED_FIRMWARE_BL33 \ - {0xa7eed0d6, 0xeafc, 0x4bd5, 0x97, 0x82, {0x99, 0x34, 0xf2, 0x34, 0xb6, 0xe4} } -/* Key certificates */ -#define UUID_ROT_KEY_CERT \ - {0x721d2d86, 0x60f8, 0x11e4, 0x92, 0x0b, {0x8b, 0xe7, 0x62, 0x16, 0x0f, 0x24} } -#define UUID_TRUSTED_KEY_CERT \ - {0x90e87e82, 0x60f8, 0x11e4, 0xa1, 0xb4, {0x77, 0x7a, 0x21, 0xb4, 0xf9, 0x4c} } -#define UUID_NON_TRUSTED_WORLD_KEY_CERT \ - {0x3d87671c, 0x635f, 0x11e4, 0x97, 0x8d, {0x27, 0xc0, 0xc7, 0x14, 0x8a, 0xbd} } -#define UUID_SCP_FW_KEY_CERT \ - {0xa1214202, 0x60f8, 0x11e4, 0x8d, 0x9b, {0xf3, 0x3c, 0x0e, 0x15, 0xa0, 0x14} } -#define UUID_SOC_FW_KEY_CERT \ - {0xccbeb88a, 0x60f9, 0x11e4, 0x9a, 0xd0, {0xeb, 0x48, 0x22, 0xd8, 0xdc, 0xf8} } -#define UUID_TRUSTED_OS_FW_KEY_CERT \ - {0x03d67794, 0x60fb, 0x11e4, 0x85, 0xdd, {0xb7, 0x10, 0x5b, 0x8c, 0xee, 0x04} } -#define UUID_NON_TRUSTED_FW_KEY_CERT \ - {0x2a83d58a, 0x60fb, 0x11e4, 0x8a, 0xaf, {0xdf, 0x30, 0xbb, 0xc4, 0x98, 0x59} } -/* Content certificates */ -#define UUID_TRUSTED_BOOT_FW_CERT \ - {0xea69e2d6, 0x635d, 0x11e4, 0x8d, 0x8c, {0x9f, 0xba, 0xbe, 0x99, 0x56, 0xa5} } -#define UUID_SCP_FW_CONTENT_CERT \ - {0x046fbe44, 0x635e, 0x11e4, 0xb2, 0x8b, {0x73, 0xd8, 0xea, 0xae, 0x96, 0x56} } -#define UUID_SOC_FW_CONTENT_CERT \ - {0x200cb2e2, 0x635e, 0x11e4, 0x9c, 0xe8, {0xab, 0xcc, 0xf9, 0x2b, 0xb6, 0x66} } -#define UUID_TRUSTED_OS_FW_CONTENT_CERT \ - {0x11449fa4, 0x635e, 0x11e4, 0x87, 0x28, {0x3f, 0x05, 0x72, 0x2a, 0xf3, 0x3d} } -#define UUID_NON_TRUSTED_FW_CONTENT_CERT \ - {0xf3c1c48e, 0x635d, 0x11e4, 0xa7, 0xa9, {0x87, 0xee, 0x40, 0xb2, 0x3f, 0xa7} } - -typedef struct fip_toc_header { - uint32_t name; - uint32_t serial_number; - uint64_t flags; -} fip_toc_header_t; - -typedef struct fip_toc_entry { - uuid_t uuid; - uint64_t offset_address; - uint64_t size; - uint64_t flags; -} fip_toc_entry_t; - -#endif /* __FIRMWARE_IMAGE_PACKAGE_H__ */ diff --git a/include/lib/stdlib/sys/uuid.h b/include/lib/stdlib/sys/uuid.h deleted file mode 100644 index 6d935bd..0000000 --- a/include/lib/stdlib/sys/uuid.h +++ /dev/null @@ -1,62 +0,0 @@ -/*- - * Copyright (c) 2002 Marcel Moolenaar - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $FreeBSD$ - */ - -/* - * Portions copyright (c) 2014, ARM Limited and Contributors. - * All rights reserved. - */ - -#ifndef _SYS_UUID_H_ -#define _SYS_UUID_H_ - -/* Length of a node address (an IEEE 802 address). */ -#define _UUID_NODE_LEN 6 - -/* Length of UUID string including dashes. */ -#define _UUID_STR_LEN 36 - -/* - * See also: - * http://www.opengroup.org/dce/info/draft-leach-uuids-guids-01.txt - * http://www.opengroup.org/onlinepubs/009629399/apdxa.htm - * - * A DCE 1.1 compatible source representation of UUIDs. - */ -struct uuid { - uint32_t time_low; - uint16_t time_mid; - uint16_t time_hi_and_version; - uint8_t clock_seq_hi_and_reserved; - uint8_t clock_seq_low; - uint8_t node[_UUID_NODE_LEN]; -}; - -/* XXX namespace pollution? */ -typedef struct uuid uuid_t; - -#endif /* _SYS_UUID_H_ */ diff --git a/include/plat/arm/board/common/board_arm_oid.h b/include/plat/arm/board/common/board_arm_oid.h deleted file mode 100644 index fc6cd79..0000000 --- a/include/plat/arm/board/common/board_arm_oid.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef __BOARD_ARM_OID_H__ -#define __BOARD_ARM_OID_H__ - -/* - * The following is a list of OID values defined and reserved by ARM, which - * are used to define the extension fields of the certificate structure, as - * defined in the Trusted Board Boot Requirements (TBBR) specification, - * ARM DEN0006C-1. - * - * Non-ARM platform owners that wish to align with the TBBR should define - * constants with the same name in their own platform port(s), using their - * own OIDs obtained from the ITU-T. - */ - - -/* TrustedFirmwareNVCounter - Non-volatile counter extension */ -#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" -/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ -#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" - - -/* - * Non-Trusted Firmware Updater Certificate - */ - -/* APFirmwareUpdaterConfigHash - BL2U */ -#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" -/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ -#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" -/* FirmwareUpdaterHash - NS_BL2U */ -#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" -/* TrustedWatchdogRefreshTime */ -#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" - - -/* - * Trusted Boot Firmware Certificate - */ - -/* TrustedBootFirmwareHash - BL2 */ -#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" - - -/* - * Trusted Key Certificate - */ - -/* PrimaryDebugCertificatePK */ -#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" -/* TrustedWorldPK */ -#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" -/* NonTrustedWorldPK */ -#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" - - -/* - * Trusted Debug Certificate - */ - -/* DebugScenario */ -#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" -/* SoC Specific */ -#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" -/* SecondaryDebugCertPK */ -#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" - - -/* - * SoC Firmware Key Certificate - */ - -/* SoCFirmwareContentCertPK */ -#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" - - -/* - * SoC Firmware Content Certificate - */ - -/* APRomPatchHash - BL1_PATCH */ -#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" -/* SoCConfigHash */ -#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" -/* SoCAPFirmwareHash - BL31 */ -#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" - - -/* - * SCP Firmware Key Certificate - */ - -/* SCPFirmwareContentCertPK */ -#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" - - -/* - * SCP Firmware Content Certificate - */ - -/* SCPFirmwareHash - SCP_BL2 */ -#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" -/* SCPRomPatchHash - SCP_BL1_PATCH */ -#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" - - -/* - * Trusted OS Firmware Key Certificate - */ - -/* TrustedOSFirmwareContentCertPK */ -#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" - - -/* - * Trusted OS Firmware Content Certificate - */ - -/* TrustedOSFirmwareHash - BL32 */ -#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" - - -/* - * Non-Trusted Firmware Key Certificate - */ - -/* NonTrustedFirmwareContentCertPK */ -#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" - - -/* - * Non-Trusted Firmware Content Certificate - */ - -/* NonTrustedWorldBootloaderHash - BL33 */ -#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" - -#endif /* __BOARD_ARM_OID_H__ */ diff --git a/include/tools_share/firmware_image_package.h b/include/tools_share/firmware_image_package.h new file mode 100644 index 0000000..dcf16b4 --- /dev/null +++ b/include/tools_share/firmware_image_package.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef __FIRMWARE_IMAGE_PACKAGE_H__ +#define __FIRMWARE_IMAGE_PACKAGE_H__ + +#include +#include + +/* This is used as a signature to validate the blob header */ +#define TOC_HEADER_NAME 0xAA640001 + + +/* ToC Entry UUIDs */ +#define UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U \ + {0x03279265, 0x742f, 0x44e6, 0x8d, 0xff, {0x57, 0x9a, 0xc1, 0xff, 0x06, 0x10} } +#define UUID_TRUSTED_UPDATE_FIRMWARE_BL2U \ + {0x37ebb360, 0xe5c1, 0x41ea, 0x9d, 0xf3, {0x19, 0xed, 0xa1, 0x1f, 0x68, 0x01} } +#define UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U \ + {0x111d514f, 0xe52b, 0x494e, 0xb4, 0xc5, {0x83, 0xc2, 0xf7, 0x15, 0x84, 0x0a} } +#define UUID_TRUSTED_FWU_CERT \ + {0xb28a4071, 0xd618, 0x4c87, 0x8b, 0x2e, {0xc6, 0xdc, 0xcd, 0x50, 0xf0, 0x96} } +#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \ + {0x0becf95f, 0x224d, 0x4d3e, 0xa5, 0x44, {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} } +#define UUID_SCP_FIRMWARE_SCP_BL2 \ + {0x3dfd6697, 0xbe89, 0x49e8, 0xae, 0x5d, {0x78, 0xa1, 0x40, 0x60, 0x82, 0x13} } +#define UUID_EL3_RUNTIME_FIRMWARE_BL31 \ + {0x6d08d447, 0xfe4c, 0x4698, 0x9b, 0x95, {0x29, 0x50, 0xcb, 0xbd, 0x5a, 0x00} } +#define UUID_SECURE_PAYLOAD_BL32 \ + {0x89e1d005, 0xdc53, 0x4713, 0x8d, 0x2b, {0x50, 0x0a, 0x4b, 0x7a, 0x3e, 0x38} } +#define UUID_NON_TRUSTED_FIRMWARE_BL33 \ + {0xa7eed0d6, 0xeafc, 0x4bd5, 0x97, 0x82, {0x99, 0x34, 0xf2, 0x34, 0xb6, 0xe4} } +/* Key certificates */ +#define UUID_ROT_KEY_CERT \ + {0x721d2d86, 0x60f8, 0x11e4, 0x92, 0x0b, {0x8b, 0xe7, 0x62, 0x16, 0x0f, 0x24} } +#define UUID_TRUSTED_KEY_CERT \ + {0x90e87e82, 0x60f8, 0x11e4, 0xa1, 0xb4, {0x77, 0x7a, 0x21, 0xb4, 0xf9, 0x4c} } +#define UUID_NON_TRUSTED_WORLD_KEY_CERT \ + {0x3d87671c, 0x635f, 0x11e4, 0x97, 0x8d, {0x27, 0xc0, 0xc7, 0x14, 0x8a, 0xbd} } +#define UUID_SCP_FW_KEY_CERT \ + {0xa1214202, 0x60f8, 0x11e4, 0x8d, 0x9b, {0xf3, 0x3c, 0x0e, 0x15, 0xa0, 0x14} } +#define UUID_SOC_FW_KEY_CERT \ + {0xccbeb88a, 0x60f9, 0x11e4, 0x9a, 0xd0, {0xeb, 0x48, 0x22, 0xd8, 0xdc, 0xf8} } +#define UUID_TRUSTED_OS_FW_KEY_CERT \ + {0x03d67794, 0x60fb, 0x11e4, 0x85, 0xdd, {0xb7, 0x10, 0x5b, 0x8c, 0xee, 0x04} } +#define UUID_NON_TRUSTED_FW_KEY_CERT \ + {0x2a83d58a, 0x60fb, 0x11e4, 0x8a, 0xaf, {0xdf, 0x30, 0xbb, 0xc4, 0x98, 0x59} } +/* Content certificates */ +#define UUID_TRUSTED_BOOT_FW_CERT \ + {0xea69e2d6, 0x635d, 0x11e4, 0x8d, 0x8c, {0x9f, 0xba, 0xbe, 0x99, 0x56, 0xa5} } +#define UUID_SCP_FW_CONTENT_CERT \ + {0x046fbe44, 0x635e, 0x11e4, 0xb2, 0x8b, {0x73, 0xd8, 0xea, 0xae, 0x96, 0x56} } +#define UUID_SOC_FW_CONTENT_CERT \ + {0x200cb2e2, 0x635e, 0x11e4, 0x9c, 0xe8, {0xab, 0xcc, 0xf9, 0x2b, 0xb6, 0x66} } +#define UUID_TRUSTED_OS_FW_CONTENT_CERT \ + {0x11449fa4, 0x635e, 0x11e4, 0x87, 0x28, {0x3f, 0x05, 0x72, 0x2a, 0xf3, 0x3d} } +#define UUID_NON_TRUSTED_FW_CONTENT_CERT \ + {0xf3c1c48e, 0x635d, 0x11e4, 0xa7, 0xa9, {0x87, 0xee, 0x40, 0xb2, 0x3f, 0xa7} } + +typedef struct fip_toc_header { + uint32_t name; + uint32_t serial_number; + uint64_t flags; +} fip_toc_header_t; + +typedef struct fip_toc_entry { + uuid_t uuid; + uint64_t offset_address; + uint64_t size; + uint64_t flags; +} fip_toc_entry_t; + +#endif /* __FIRMWARE_IMAGE_PACKAGE_H__ */ diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h new file mode 100644 index 0000000..7a34087 --- /dev/null +++ b/include/tools_share/tbbr_oid.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef __TBBR_OID_H__ +#define __TBBR_OID_H__ + +/* + * The following is a list of OID values defined and reserved by ARM, which + * are used to define the extension fields of the certificate structure, as + * defined in the Trusted Board Boot Requirements (TBBR) specification, + * ARM DEN0006C-1. + */ + + +/* TrustedFirmwareNVCounter - Non-volatile counter extension */ +#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" +/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ +#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" + + +/* + * Non-Trusted Firmware Updater Certificate + */ + +/* APFirmwareUpdaterConfigHash - BL2U */ +#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" +/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ +#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" +/* FirmwareUpdaterHash - NS_BL2U */ +#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" +/* TrustedWatchdogRefreshTime */ +#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" + + +/* + * Trusted Boot Firmware Certificate + */ + +/* TrustedBootFirmwareHash - BL2 */ +#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" + + +/* + * Trusted Key Certificate + */ + +/* PrimaryDebugCertificatePK */ +#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" +/* TrustedWorldPK */ +#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" +/* NonTrustedWorldPK */ +#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" + + +/* + * Trusted Debug Certificate + */ + +/* DebugScenario */ +#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" +/* SoC Specific */ +#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" +/* SecondaryDebugCertPK */ +#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" + + +/* + * SoC Firmware Key Certificate + */ + +/* SoCFirmwareContentCertPK */ +#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" + + +/* + * SoC Firmware Content Certificate + */ + +/* APRomPatchHash - BL1_PATCH */ +#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" +/* SoCConfigHash */ +#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" +/* SoCAPFirmwareHash - BL31 */ +#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" + + +/* + * SCP Firmware Key Certificate + */ + +/* SCPFirmwareContentCertPK */ +#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" + + +/* + * SCP Firmware Content Certificate + */ + +/* SCPFirmwareHash - SCP_BL2 */ +#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" +/* SCPRomPatchHash - SCP_BL1_PATCH */ +#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" + + +/* + * Trusted OS Firmware Key Certificate + */ + +/* TrustedOSFirmwareContentCertPK */ +#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" + + +/* + * Trusted OS Firmware Content Certificate + */ + +/* TrustedOSFirmwareHash - BL32 */ +#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" + + +/* + * Non-Trusted Firmware Key Certificate + */ + +/* NonTrustedFirmwareContentCertPK */ +#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" + + +/* + * Non-Trusted Firmware Content Certificate + */ + +/* NonTrustedWorldBootloaderHash - BL33 */ +#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" + +#endif /* __TBBR_OID_H__ */ diff --git a/include/tools_share/uuid.h b/include/tools_share/uuid.h new file mode 100644 index 0000000..6d935bd --- /dev/null +++ b/include/tools_share/uuid.h @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002 Marcel Moolenaar + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * Portions copyright (c) 2014, ARM Limited and Contributors. + * All rights reserved. + */ + +#ifndef _SYS_UUID_H_ +#define _SYS_UUID_H_ + +/* Length of a node address (an IEEE 802 address). */ +#define _UUID_NODE_LEN 6 + +/* Length of UUID string including dashes. */ +#define _UUID_STR_LEN 36 + +/* + * See also: + * http://www.opengroup.org/dce/info/draft-leach-uuids-guids-01.txt + * http://www.opengroup.org/onlinepubs/009629399/apdxa.htm + * + * A DCE 1.1 compatible source representation of UUIDs. + */ +struct uuid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_hi_and_version; + uint8_t clock_seq_hi_and_reserved; + uint8_t clock_seq_low; + uint8_t node[_UUID_NODE_LEN]; +}; + +/* XXX namespace pollution? */ +typedef struct uuid uuid_t; + +#endif /* _SYS_UUID_H_ */ diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk index 36f220e..34d82c9 100644 --- a/make_helpers/build_macros.mk +++ b/make_helpers/build_macros.mk @@ -54,7 +54,7 @@ # Convenience function for verifying option has a boolean value # $(eval $(call assert_boolean,FOO)) will assert FOO is 0 or 1 define assert_boolean - $(and $(patsubst 0,,$(value $(1))),$(patsubst 1,,$(value $(1))),$(error $(1) must be boolean)) + $(if $(filter-out 0 1,$($1)),$(error $1 must be boolean)) endef 0-9 := 0 1 2 3 4 5 6 7 8 9 diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 18c41e0..a31e59c 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -128,6 +128,9 @@ # Build option to choose whether Trusted firmware uses Coherent memory or not. USE_COHERENT_MEM := 1 +# Use tbbr_oid.h instead of platform_oid.h +USE_TBBR_DEFS = $(ERROR_DEPRECATED) + # Build verbosity V := 0 diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c index eb1dc8c..391ae45 100644 --- a/plat/arm/board/common/board_arm_trusted_boot.c +++ b/plat/arm/board/common/board_arm_trusted_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,9 +7,9 @@ #include #include #include -#include #include #include +#include /* Weak definition may be overridden in specific platform */ #pragma weak plat_match_rotpk diff --git a/plat/arm/board/fvp/fvp_trusted_boot.c b/plat/arm/board/fvp/fvp_trusted_boot.c index 51d3083..d1e8b9f 100644 --- a/plat/arm/board/fvp/fvp_trusted_boot.c +++ b/plat/arm/board/fvp/fvp_trusted_boot.c @@ -1,13 +1,14 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #include -#include #include #include +#include + #include "fvp_def.h" /* diff --git a/plat/arm/board/fvp/include/platform_oid.h b/plat/arm/board/fvp/include/platform_oid.h deleted file mode 100644 index 5ef1580..0000000 --- a/plat/arm/board/fvp/include/platform_oid.h +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -#include "../../../../../include/plat/arm/board/common/board_arm_oid.h" - -/* - * Required platform OIDs - * (Provided by included header) - */ diff --git a/plat/arm/board/juno/include/platform_oid.h b/plat/arm/board/juno/include/platform_oid.h deleted file mode 100644 index 5ef1580..0000000 --- a/plat/arm/board/juno/include/platform_oid.h +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -#include "../../../../../include/plat/arm/board/common/board_arm_oid.h" - -/* - * Required platform OIDs - * (Provided by included header) - */ diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 58fc94e..3c20769 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -87,6 +87,9 @@ # Enable new version of image loading on ARM platforms LOAD_IMAGE_V2 := 1 +# Use generic OID definition (tbbr_oid.h) +USE_TBBR_DEFS := 1 + PLAT_INCLUDES += -Iinclude/common/tbbr \ -Iinclude/plat/arm/common diff --git a/plat/common/tbbr/plat_tbbr.c b/plat/common/tbbr/plat_tbbr.c index 4aa9457..f5a4f31 100644 --- a/plat/common/tbbr/plat_tbbr.c +++ b/plat/common/tbbr/plat_tbbr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,7 +7,11 @@ #include #include #include +#if USE_TBBR_DEFS +#include +#else #include +#endif #include /* diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile index 989a8e4..8a21649 100644 --- a/tools/cert_create/Makefile +++ b/tools/cert_create/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -27,6 +27,13 @@ include ${MAKE_HELPERS_DIRECTORY}build_macros.mk include ${MAKE_HELPERS_DIRECTORY}build_env.mk +ifeq (${USE_TBBR_DEFS},1) +# In this case, cert_tool is platform-independent +PLAT_MSG := TBBR Generic +PLAT_INCLUDE := ../../include/tools_share +else +PLAT_MSG := ${PLAT} + PLATFORM_ROOT := ../../plat/ include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk @@ -35,6 +42,7 @@ ifeq ($(PLAT_INCLUDE),) $(error "Error: Invalid platform '${PLAT}' has no include directory.") endif +endif ifeq (${DEBUG},1) CFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40 @@ -47,6 +55,9 @@ Q := endif +$(eval $(call add_define,USE_TBBR_DEFS)) +CFLAGS += ${DEFINES} + # Make soft links and include from local directory otherwise wrong headers # could get pulled in from firmware tree. INC_DIR := -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include @@ -62,7 +73,7 @@ ${BINARY}: ${OBJECTS} Makefile @echo " LD $@" @echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \ - const char platform_msg[] = "${PLAT}";' | \ + const char platform_msg[] = "${PLAT_MSG}";' | \ ${CC} -c ${CFLAGS} -xc - -o src/build_msg.o ${Q}${CC} src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@ diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c index 62ff255..80ccfe9 100644 --- a/tools/cert_create/src/cert.c +++ b/tools/cert_create/src/cert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,11 +14,16 @@ #include #include +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "key.h" -#include "platform_oid.h" #include "sha.h" #define SERIAL_RAND_BITS 64 diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index a118fbb..c1bde5d 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,11 +13,16 @@ #include #include +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "key.h" -#include "platform_oid.h" #include "sha.h" #define MAX_FILENAME_LEN 1024 diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index e0f331c..9923637 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -18,12 +18,17 @@ #include #include +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "ext.h" #include "key.h" -#include "platform_oid.h" #include "sha.h" #include "tbbr/tbb_ext.h" #include "tbbr/tbb_cert.h" diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index 11d779b..d9a8ea2 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -8,8 +8,14 @@ #include #include #include + +#if USE_TBBR_DEFS +#include +#else +#include +#endif + #include "ext.h" -#include "platform_oid.h" #include "tbbr/tbb_ext.h" #include "tbbr/tbb_key.h" diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile index 0a46ad7..29eac2a 100644 --- a/tools/fiptool/Makefile +++ b/tools/fiptool/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2014-2016, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -11,7 +11,6 @@ PROJECT := fiptool${BIN_EXT} OBJECTS := fiptool.o tbbr_config.o V := 0 -COPIED_H_FILES := uuid.h firmware_image_package.h override CPPFLAGS += -D_GNU_SOURCE -D_XOPEN_SOURCE=700 CFLAGS := -Wall -Werror -pedantic -std=c99 @@ -28,8 +27,7 @@ Q := endif -# Only include from local directory (see comment below). -INCLUDE_PATHS := -I. +INCLUDE_PATHS := -I. -I../../include/tools_share CC := gcc @@ -48,24 +46,9 @@ ${Q}mkdir -p ../fip_create ${Q}install -m 755 fip_create.sh ../fip_create/fip_create -%.o: %.c %.h ${COPIED_H_FILES} Makefile +%.o: %.c %.h Makefile @echo " CC $<" ${Q}${CC} -c ${CPPFLAGS} ${CFLAGS} ${INCLUDE_PATHS} $< -o $@ -# -# Copy required library headers to a local directory so they can be included -# by this project without adding the library directories to the system include -# path. This avoids conflicts with definitions in the compiler standard -# include path. -# -uuid.h : ../../include/lib/stdlib/sys/uuid.h - $(call SHELL_COPY,$<,$@) - -firmware_image_package.h : ../../include/common/firmware_image_package.h - $(call SHELL_COPY,$<,$@) - clean: $(call SHELL_DELETE_ALL, ${PROJECT} ${OBJECTS} fip_create) - -distclean: clean - $(call SHELL_DELETE_ALL, ${COPIED_H_FILES}) diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c index 7bfd272..4d80f2f 100644 --- a/tools/fiptool/fiptool.c +++ b/tools/fiptool/fiptool.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -20,8 +20,9 @@ #include +#include + #include "fiptool.h" -#include "firmware_image_package.h" #include "tbbr_config.h" #define OPT_TOC_ENTRY 0 diff --git a/tools/fiptool/fiptool.h b/tools/fiptool/fiptool.h index 81453e0..4b5cdd9 100644 --- a/tools/fiptool/fiptool.h +++ b/tools/fiptool/fiptool.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,8 +10,8 @@ #include #include -#include "firmware_image_package.h" -#include "uuid.h" +#include +#include #define NELEM(x) (sizeof (x) / sizeof *(x)) diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c index 4662083..7c6c24b 100644 --- a/tools/fiptool/tbbr_config.c +++ b/tools/fiptool/tbbr_config.c @@ -1,12 +1,13 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #include -#include "firmware_image_package.h" +#include + #include "tbbr_config.h" /* The images used depends on the platform. */ diff --git a/tools/fiptool/tbbr_config.h b/tools/fiptool/tbbr_config.h index a5155c8..bad757d 100644 --- a/tools/fiptool/tbbr_config.h +++ b/tools/fiptool/tbbr_config.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,7 +9,7 @@ #include -#include "uuid.h" +#include /* TODO: Update this number as required */ #define TOC_HEADER_SERIAL_NUMBER 0x12345678