diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile index 7efaf8a..8d7b8a5 100644 --- a/tools/cert_create/Makefile +++ b/tools/cert_create/Makefile @@ -36,6 +36,7 @@ OPENSSL_DIR := /usr OBJECTS := src/cert.o \ + src/cmd_opt.o \ src/ext.o \ src/key.o \ src/main.o \ diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h index 18129a7..11381c9 100644 --- a/tools/cert_create/include/cert.h +++ b/tools/cert_create/include/cert.h @@ -54,6 +54,7 @@ struct cert_s { int id; /* Unique identifier */ + const char *opt; /* Command line option to pass filename */ const char *fn; /* Filename to save the certificate */ const char *cn; /* Subject CN (Company Name) */ @@ -67,6 +68,8 @@ }; /* Exported API */ +int cert_init(void); +cert_t *cert_get_by_opt(const char *opt); int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk); diff --git a/tools/cert_create/include/cmd_opt.h b/tools/cert_create/include/cmd_opt.h new file mode 100644 index 0000000..ca48d7c --- /dev/null +++ b/tools/cert_create/include/cmd_opt.h @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef CMD_OPT_H_ +#define CMD_OPT_H_ + +#include + +#define CMD_OPT_MAX_NUM 64 + +/* Supported long command line option types */ +enum { + CMD_OPT_CERT, + CMD_OPT_KEY, + CMD_OPT_EXT +}; + +/* Exported API*/ +int cmd_opt_add(const char *name, int has_arg, int val); +const struct option *cmd_opt_get_array(void); +const char *cmd_opt_get_name(int idx); + +#endif /* CMD_OPT_H_ */ diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h index 60455e6..3c65473 100644 --- a/tools/cert_create/include/ext.h +++ b/tools/cert_create/include/ext.h @@ -56,6 +56,7 @@ * - V_ASN1_OCTET_STRING */ int type; + const char *opt; /* Command line option to specify data */ /* Extension data (depends on extension type) */ union { const char *fn; /* File with extension data */ @@ -79,7 +80,8 @@ }; /* Exported API */ -int ext_register(ext_t *tbb_ext); +int ext_init(void); +ext_t *ext_get_by_opt(const char *opt); X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, unsigned char *buf, size_t len); X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value); diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h index da9f119..6995a06 100644 --- a/tools/cert_create/include/key.h +++ b/tools/cert_create/include/key.h @@ -63,12 +63,15 @@ */ typedef struct key_s { int id; /* Key id */ + const char *opt; /* Command line option to specify a key */ const char *desc; /* Key description (debug purposes) */ char *fn; /* Filename to load/store the key */ EVP_PKEY *key; /* Key container */ } key_t; /* Exported API */ +int key_init(void); +key_t *key_get_by_opt(const char *opt); int key_create(key_t *key, int type); int key_load(key_t *key, unsigned int *err_code); int key_store(key_t *key); diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c index e58b10e..bf52645 100644 --- a/tools/cert_create/src/cert.c +++ b/tools/cert_create/src/cert.c @@ -39,6 +39,7 @@ #include #include "cert.h" +#include "cmd_opt.h" #include "debug.h" #include "key.h" #include "platform_oid.h" @@ -179,3 +180,35 @@ cert->x = x; return 1; } + +int cert_init(void) +{ + cert_t *cert; + int rc = 0; + unsigned int i; + + for (i = 0; i < num_certs; i++) { + cert = &certs[i]; + rc = cmd_opt_add(cert->opt, required_argument, CMD_OPT_CERT); + if (rc != 0) { + break; + } + } + + return rc; +} + +cert_t *cert_get_by_opt(const char *opt) +{ + cert_t *cert = NULL; + unsigned int i; + + for (i = 0; i < num_certs; i++) { + cert = &certs[i]; + if (0 == strcmp(cert->opt, opt)) { + return cert; + } + } + + return NULL; +} diff --git a/tools/cert_create/src/cmd_opt.c b/tools/cert_create/src/cmd_opt.c new file mode 100644 index 0000000..3847b98 --- /dev/null +++ b/tools/cert_create/src/cmd_opt.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include + +/* Command line options */ +static struct option long_opt[CMD_OPT_MAX_NUM+1]; +static int num_reg_opt; + +int cmd_opt_add(const char *name, int has_arg, int val) +{ + if (num_reg_opt >= CMD_OPT_MAX_NUM) { + return -1; + } + long_opt[num_reg_opt].name = name; + long_opt[num_reg_opt].has_arg = has_arg; + long_opt[num_reg_opt].flag = 0; + long_opt[num_reg_opt].val = val; + num_reg_opt++; + + return 0; +} + +const struct option *cmd_opt_get_array(void) +{ + return long_opt; +} + +const char *cmd_opt_get_name(int idx) +{ + if (idx >= num_reg_opt) { + return NULL; + } + + return long_opt[idx].name; +} diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c index 6d09837..14aef66 100644 --- a/tools/cert_create/src/ext.c +++ b/tools/cert_create/src/ext.c @@ -35,6 +35,8 @@ #include #include #include + +#include "cmd_opt.h" #include "ext.h" DECLARE_ASN1_ITEM(ASN1_INTEGER) @@ -65,13 +67,26 @@ * * Return: 0 = success, Otherwise: error */ -int ext_register(ext_t *exts) +int ext_init(void) { ext_t *ext; X509V3_EXT_METHOD *m; - int i = 0, nid, ret; + int nid, ret; + unsigned int i; - while ((ext = &exts[i++]) && ext->oid) { + for (i = 0; i < num_extensions; i++) { + ext = &extensions[i]; + /* Register command line option */ + if (ext->opt) { + if (cmd_opt_add(ext->opt, required_argument, + CMD_OPT_EXT)) { + return 1; + } + } + /* Register the extension OID in OpenSSL */ + if (ext->oid == NULL) { + continue; + } nid = OBJ_create(ext->oid, ext->sn, ext->ln); if (ext->alias) { X509V3_EXT_add_alias(nid, ext->alias); @@ -295,3 +310,20 @@ return ex; } + +ext_t *ext_get_by_opt(const char *opt) +{ + ext_t *ext = NULL; + unsigned int i; + + /* Sequential search. This is not a performance concern since the number + * of extensions is bounded and the code runs on a host machine */ + for (i = 0; i < num_extensions; i++) { + ext = &extensions[i]; + if (ext->opt && !strcmp(ext->opt, opt)) { + return ext; + } + } + + return NULL; +} diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index 6072d9c..76d528b 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -38,6 +38,7 @@ #include #include "cert.h" +#include "cmd_opt.h" #include "debug.h" #include "key.h" #include "platform_oid.h" @@ -190,3 +191,40 @@ return 0; } + +int key_init(void) +{ + key_t *key; + int rc = 0; + unsigned int i; + + for (i = 0; i < num_keys; i++) { + key = &keys[i]; + if (key->opt != NULL) { + rc = cmd_opt_add(key->opt, required_argument, + CMD_OPT_KEY); + if (rc != 0) { + break; + } + } + } + + return rc; +} + +key_t *key_get_by_opt(const char *opt) +{ + key_t *key = NULL; + unsigned int i; + + /* Sequential search. This is not a performance concern since the number + * of keys is bounded and the code runs on a host machine */ + for (i = 0; i < num_keys; i++) { + key = &keys[i]; + if (0 == strcmp(key->opt, opt)) { + return key; + } + } + + return NULL; +} diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index 5bf41cc..b7ad33f 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -41,6 +41,7 @@ #include #include "cert.h" +#include "cmd_opt.h" #include "debug.h" #include "ext.h" #include "key.h" @@ -139,43 +140,7 @@ #endif /* OPENSSL_NO_EC */ }; -/* Command line options */ -static const struct option long_opt[] = { - /* Binary images */ - {"bl2", required_argument, 0, BL2_ID}, - {"bl30", required_argument, 0, BL30_ID}, - {"bl31", required_argument, 0, BL31_ID}, - {"bl32", required_argument, 0, BL32_ID}, - {"bl33", required_argument, 0, BL33_ID}, - /* Certificate files */ - {"bl2-cert", required_argument, 0, BL2_CERT_ID}, - {"trusted-key-cert", required_argument, 0, TRUSTED_KEY_CERT_ID}, - {"bl30-key-cert", required_argument, 0, BL30_KEY_CERT_ID}, - {"bl30-cert", required_argument, 0, BL30_CERT_ID}, - {"bl31-key-cert", required_argument, 0, BL31_KEY_CERT_ID}, - {"bl31-cert", required_argument, 0, BL31_CERT_ID}, - {"bl32-key-cert", required_argument, 0, BL32_KEY_CERT_ID}, - {"bl32-cert", required_argument, 0, BL32_CERT_ID}, - {"bl33-key-cert", required_argument, 0, BL33_KEY_CERT_ID}, - {"bl33-cert", required_argument, 0, BL33_CERT_ID}, - /* Private key files */ - {"rot-key", required_argument, 0, ROT_KEY_ID}, - {"trusted-world-key", required_argument, 0, TRUSTED_WORLD_KEY_ID}, - {"non-trusted-world-key", required_argument, 0, NON_TRUSTED_WORLD_KEY_ID}, - {"bl30-key", required_argument, 0, BL30_KEY_ID}, - {"bl31-key", required_argument, 0, BL31_KEY_ID}, - {"bl32-key", required_argument, 0, BL32_KEY_ID}, - {"bl33-key", required_argument, 0, BL33_KEY_ID}, - /* Common options */ - {"key-alg", required_argument, 0, 'a'}, - {"help", no_argument, 0, 'h'}, - {"save-keys", no_argument, 0, 'k'}, - {"new-chain", no_argument, 0, 'n'}, - {"print-cert", no_argument, 0, 'p'}, - {0, 0, 0, 0} -}; - -static void print_help(const char *cmd) +static void print_help(const char *cmd, const struct option *long_opt) { int i = 0; printf("\n\n"); @@ -274,10 +239,13 @@ STACK_OF(X509_EXTENSION) * sk = NULL; X509_EXTENSION *cert_ext = NULL; ext_t *ext = NULL; - cert_t *cert; + key_t *key = NULL; + cert_t *cert = NULL; FILE *file = NULL; int i, j, ext_nid; int c, opt_idx = 0; + const struct option *cmd_opt; + const char *cur_opt; unsigned int err_code; unsigned char md[SHA256_DIGEST_LENGTH]; const EVP_MD *md_info; @@ -288,9 +256,37 @@ /* Set default options */ key_alg = KEY_ALG_RSA; + /* Add common command line options */ + cmd_opt_add("key-alg", required_argument, 'a'); + cmd_opt_add("help", no_argument, 'h'); + cmd_opt_add("save-keys", no_argument, 'k'); + cmd_opt_add("new-chain", no_argument, 'n'); + cmd_opt_add("print-cert", no_argument, 'p'); + + /* Initialize the certificates */ + if (cert_init() != 0) { + ERROR("Cannot initialize certificates\n"); + exit(1); + } + + /* Initialize the keys */ + if (key_init() != 0) { + ERROR("Cannot initialize keys\n"); + exit(1); + } + + /* Initialize the new types and register OIDs for the extensions */ + if (ext_init() != 0) { + ERROR("Cannot initialize TBB extensions\n"); + exit(1); + } + + /* Get the command line options populated during the initialization */ + cmd_opt = cmd_opt_get_array(); + while (1) { /* getopt_long stores the option index here. */ - c = getopt_long(argc, argv, "ahknp", long_opt, &opt_idx); + c = getopt_long(argc, argv, "ahknp", cmd_opt, &opt_idx); /* Detect the end of the options. */ if (c == -1) { @@ -306,7 +302,7 @@ } break; case 'h': - print_help(argv[0]); + print_help(argv[0], cmd_opt); break; case 'k': save_keys = 1; @@ -317,71 +313,20 @@ case 'p': print_cert = 1; break; - case BL2_ID: - extensions[BL2_HASH_EXT].data.fn = strdup(optarg); + case CMD_OPT_EXT: + cur_opt = cmd_opt_get_name(opt_idx); + ext = ext_get_by_opt(cur_opt); + ext->data.fn = strdup(optarg); break; - case BL30_ID: - extensions[BL30_HASH_EXT].data.fn = strdup(optarg); + case CMD_OPT_KEY: + cur_opt = cmd_opt_get_name(opt_idx); + key = key_get_by_opt(cur_opt); + key->fn = strdup(optarg); break; - case BL31_ID: - extensions[BL31_HASH_EXT].data.fn = strdup(optarg); - break; - case BL32_ID: - extensions[BL32_HASH_EXT].data.fn = strdup(optarg); - break; - case BL33_ID: - extensions[BL33_HASH_EXT].data.fn = strdup(optarg); - break; - case BL2_CERT_ID: - certs[BL2_CERT].fn = strdup(optarg); - break; - case TRUSTED_KEY_CERT_ID: - certs[TRUSTED_KEY_CERT].fn = strdup(optarg); - break; - case BL30_KEY_CERT_ID: - certs[BL30_KEY_CERT].fn = strdup(optarg); - break; - case BL30_CERT_ID: - certs[BL30_CERT].fn = strdup(optarg); - break; - case BL31_KEY_CERT_ID: - certs[BL31_KEY_CERT].fn = strdup(optarg); - break; - case BL31_CERT_ID: - certs[BL31_CERT].fn = strdup(optarg); - break; - case BL32_KEY_CERT_ID: - certs[BL32_KEY_CERT].fn = strdup(optarg); - break; - case BL32_CERT_ID: - certs[BL32_CERT].fn = strdup(optarg); - break; - case BL33_KEY_CERT_ID: - certs[BL33_KEY_CERT].fn = strdup(optarg); - break; - case BL33_CERT_ID: - certs[BL33_CERT].fn = strdup(optarg); - break; - case ROT_KEY_ID: - keys[ROT_KEY].fn = strdup(optarg); - break; - case TRUSTED_WORLD_KEY_ID: - keys[TRUSTED_WORLD_KEY].fn = strdup(optarg); - break; - case NON_TRUSTED_WORLD_KEY_ID: - keys[NON_TRUSTED_WORLD_KEY].fn = strdup(optarg); - break; - case BL30_KEY_ID: - keys[BL30_KEY].fn = strdup(optarg); - break; - case BL31_KEY_ID: - keys[BL31_KEY].fn = strdup(optarg); - break; - case BL32_KEY_ID: - keys[BL32_KEY].fn = strdup(optarg); - break; - case BL33_KEY_ID: - keys[BL33_KEY].fn = strdup(optarg); + case CMD_OPT_CERT: + cur_opt = cmd_opt_get_name(opt_idx); + cert = cert_get_by_opt(cur_opt); + cert->fn = strdup(optarg); break; case '?': default: @@ -393,12 +338,6 @@ /* Check command line arguments */ check_cmd_params(); - /* Register the new types and OIDs for the extensions */ - if (ext_register(extensions) != 0) { - ERROR("Cannot register TBB extensions\n"); - exit(1); - } - /* Indicate SHA256 as image hash algorithm in the certificate * extension */ md_info = EVP_sha256(); diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c index d0ae836..770bd6a 100644 --- a/tools/cert_create/src/tbbr/tbb_cert.c +++ b/tools/cert_create/src/tbbr/tbb_cert.c @@ -42,6 +42,7 @@ static cert_t tbb_certs[] = { [BL2_CERT] = { .id = BL2_CERT, + .opt = "bl2-cert", .fn = NULL, .cn = "BL2 Certificate", .key = ROT_KEY, @@ -53,6 +54,7 @@ }, [TRUSTED_KEY_CERT] = { .id = TRUSTED_KEY_CERT, + .opt = "trusted-key-cert", .fn = NULL, .cn = "Trusted Key Certificate", .key = ROT_KEY, @@ -65,6 +67,7 @@ }, [BL30_KEY_CERT] = { .id = BL30_KEY_CERT, + .opt = "bl30-key-cert", .fn = NULL, .cn = "BL3-0 Key Certificate", .key = TRUSTED_WORLD_KEY, @@ -76,6 +79,7 @@ }, [BL30_CERT] = { .id = BL30_CERT, + .opt = "bl30-cert", .fn = NULL, .cn = "BL3-0 Content Certificate", .key = BL30_KEY, @@ -87,6 +91,7 @@ }, [BL31_KEY_CERT] = { .id = BL31_KEY_CERT, + .opt = "bl31-key-cert", .fn = NULL, .cn = "BL3-1 Key Certificate", .key = TRUSTED_WORLD_KEY, @@ -98,6 +103,7 @@ }, [BL31_CERT] = { .id = BL31_CERT, + .opt = "bl31-cert", .fn = NULL, .cn = "BL3-1 Content Certificate", .key = BL31_KEY, @@ -109,6 +115,7 @@ }, [BL32_KEY_CERT] = { .id = BL32_KEY_CERT, + .opt = "bl32-key-cert", .fn = NULL, .cn = "BL3-2 Key Certificate", .key = TRUSTED_WORLD_KEY, @@ -120,6 +127,7 @@ }, [BL32_CERT] = { .id = BL32_CERT, + .opt = "bl32-cert", .fn = NULL, .cn = "BL3-2 Content Certificate", .key = BL32_KEY, @@ -131,6 +139,7 @@ }, [BL33_KEY_CERT] = { .id = BL33_KEY_CERT, + .opt = "bl33-key-cert", .fn = NULL, .cn = "BL3-3 Key Certificate", .key = NON_TRUSTED_WORLD_KEY, @@ -142,6 +151,7 @@ }, [BL33_CERT] = { .id = BL33_CERT, + .opt = "bl33-cert", .fn = NULL, .cn = "BL3-3 Content Certificate", .key = BL33_KEY, diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index c4816df..c39c9e6 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -60,6 +60,7 @@ }, [BL2_HASH_EXT] = { .oid = BL2_HASH_OID, + .opt = "bl2", .sn = "TrustedBootFirmwareHash", .ln = "Trusted Boot Firmware (BL2) hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, @@ -91,6 +92,7 @@ }, [BL30_HASH_EXT] = { .oid = BL30_HASH_OID, + .opt = "bl30", .sn = "SCPFirmwareHash", .ln = "SCP Firmware (BL30) hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, @@ -106,6 +108,7 @@ }, [BL31_HASH_EXT] = { .oid = BL31_HASH_OID, + .opt = "bl31", .sn = "SoCAPFirmwareHash", .ln = "SoC AP Firmware (BL31) hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, @@ -121,6 +124,7 @@ }, [BL32_HASH_EXT] = { .oid = BL32_HASH_OID, + .opt = "bl32", .sn = "TrustedOSHash", .ln = "Trusted OS (BL32) hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, @@ -136,6 +140,7 @@ }, [BL33_HASH_EXT] = { .oid = BL33_HASH_OID, + .opt = "bl33", .sn = "NonTrustedWorldBootloaderHash", .ln = "Non-Trusted World (BL33) hash (SHA256)", .asn1_type = V_ASN1_OCTET_STRING, diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c index 3685559..eaaf1ff 100644 --- a/tools/cert_create/src/tbbr/tbb_key.c +++ b/tools/cert_create/src/tbbr/tbb_key.c @@ -38,30 +38,37 @@ static key_t tbb_keys[] = { [ROT_KEY] = { .id = ROT_KEY, + .opt = "rot-key", .desc = "Root Of Trust key" }, [TRUSTED_WORLD_KEY] = { .id = TRUSTED_WORLD_KEY, + .opt = "trusted-world-key", .desc = "Trusted World key" }, [NON_TRUSTED_WORLD_KEY] = { .id = NON_TRUSTED_WORLD_KEY, + .opt = "non-trusted-world-key", .desc = "Non Trusted World key" }, [BL30_KEY] = { .id = BL30_KEY, + .opt = "bl30-key", .desc = "BL30 key" }, [BL31_KEY] = { .id = BL31_KEY, + .opt = "bl31-key", .desc = "BL31 key" }, [BL32_KEY] = { .id = BL32_KEY, + .opt = "bl32-key", .desc = "BL32 key" }, [BL33_KEY] = { .id = BL33_KEY, + .opt = "bl33-key", .desc = "BL33 key" } };