TBB: apply TBBR naming convention to certificates and extensions

author Juan Castillo <juan.castillo@arm.com>

Thu, 3 Dec 2015 10:19:21 +0000 (10:19 +0000)

committer Juan Castillo <juan.castillo@arm.com>

Mon, 14 Dec 2015 12:29:44 +0000 (12:29 +0000)
author Juan Castillo <juan.castillo@arm.com>
Thu, 3 Dec 2015 10:19:21 +0000 (10:19 +0000)
committer Juan Castillo <juan.castillo@arm.com>
Mon, 14 Dec 2015 12:29:44 +0000 (12:29 +0000)
diff --git a/docs/auth-framework.md b/docs/auth-framework.md

index 0f799c0e745f9c30fe146e5b3cc27c8e8fd0f3fe..b910eaebfe650ef77e5af602af1be6ba63b33e54 100644 (file)
--- a/docs/auth-framework.md
+++ b/docs/auth-framework.md
@@ -726,30 +726,30 @@ Four image descriptors form the BL3-1 Chain of Trust:
         },
         .authenticated_data = {
                 [0] = {
-                       .type_desc = &tz_world_pk,
+                       .type_desc = &trusted_world_pk,
                         .data = {
-                               .ptr = (void *)plat_tz_world_pk_buf,
+                               .ptr = (void *)trusted_world_pk_buf,
                                 .len = (unsigned int)PK_DER_LEN
                         }
                 },
                 [1] = {
-                       .type_desc = &ntz_world_pk,
+                       .type_desc = &non_trusted_world_pk,
                         .data = {
-                               .ptr = (void *)plat_ntz_world_pk_buf,
+                               .ptr = (void *)non_trusted_world_pk_buf,
                                 .len = (unsigned int)PK_DER_LEN
                         }
                 }
         }
  },
-[BL31_KEY_CERT_ID] = {
-       .img_id = BL31_KEY_CERT_ID,
+[SOC_FW_KEY_CERT_ID] = {
+       .img_id = SOC_FW_KEY_CERT_ID,
         .img_type = IMG_CERT,
         .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
         .img_auth_methods = {
                 [0] = {
                         .type = AUTH_METHOD_SIG,
                         .param.sig = {
-                               .pk = &tz_world_pk,
+                               .pk = &trusted_world_pk,
                                 .sig = &sig,
                                 .alg = &sig_alg,
                                 .data = &raw_data,
@@ -758,23 +758,23 @@ Four image descriptors form the BL3-1 Chain of Trust:
         },
         .authenticated_data = {
                 [0] = {
-                       .type_desc = &bl31_content_pk,
+                       .type_desc = &soc_fw_content_pk,
                         .data = {
-                               .ptr = (void *)plat_content_pk,
+                               .ptr = (void *)content_pk_buf,
                                 .len = (unsigned int)PK_DER_LEN
                         }
                 }
         }
  },
-[BL31_CERT_ID] = {
-       .img_id = BL31_CERT_ID,
+[SOC_FW_CONTENT_CERT_ID] = {
+       .img_id = SOC_FW_CONTENT_CERT_ID,
         .img_type = IMG_CERT,
-       .parent = &cot_desc[BL31_KEY_CERT_ID],
+       .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
         .img_auth_methods = {
                 [0] = {
                         .type = AUTH_METHOD_SIG,
                         .param.sig = {
-                               .pk = &bl31_content_pk,
+                               .pk = &soc_fw_content_pk,
                                 .sig = &sig,
                                 .alg = &sig_alg,
                                 .data = &raw_data,
@@ -783,9 +783,9 @@ Four image descriptors form the BL3-1 Chain of Trust:
         },
         .authenticated_data = {
                 [0] = {
-                       .type_desc = &bl31_hash,
+                       .type_desc = &soc_fw_hash,
                         .data = {
-                               .ptr = (void *)plat_bl31_hash_buf,
+                               .ptr = (void *)soc_fw_hash_buf,
                                 .len = (unsigned int)HASH_DER_LEN
                         }
                 }
@@ -794,13 +794,13 @@ Four image descriptors form the BL3-1 Chain of Trust:
  [BL31_IMAGE_ID] = {
         .img_id = BL31_IMAGE_ID,
         .img_type = IMG_RAW,
-       .parent = &cot_desc[BL31_CERT_ID],
+       .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
         .img_auth_methods = {
                 [0] = {
                         .type = AUTH_METHOD_HASH,
                         .param.hash = {
                                 .data = &raw_data,
-                               .hash = &bl31_hash,
+                               .hash = &soc_fw_hash,
                         }
                 }
         }
@@ -835,7 +835,7 @@ is created in the `authenticated_data` array for that purpose. In that entry,
  the corresponding parameter descriptor must be specified along with the buffer
  address to store the parameter value. In this case, the `tz_world_pk` descriptor
  is used to extract the public key from an x509v3 extension with OID
-`TZ_WORLD_PK_OID`. The BL3-1 key certificate will use this descriptor as
+`TRUSTED_WORLD_PK_OID`. The BL3-1 key certificate will use this descriptor as
  parameter in the signature authentication method. The key is stored in the
  `plat_tz_world_pk_buf` buffer.
  
diff --git a/docs/porting-guide.md b/docs/porting-guide.md

index ba550f04649f7b5532fb5e885439818eae15bf3b..b77377f1874aa2b6b3f4d2e57cfe75fc01814abd 100644 (file)
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -247,7 +247,7 @@ mandatory:
  If Trusted Board Boot is enabled, the following certificate identifiers must
  also be defined:
  
-*   **#define : BL2_CERT_ID**
+*   **#define : TRUSTED_BOOT_FW_CERT_ID**
  
      BL2 content certificate identifier, used by BL1 to load the BL2 content
      certificate.
@@ -257,22 +257,22 @@ also be defined:
      Trusted key certificate identifier, used by BL2 to load the trusted key
      certificate.
  
-*   **#define : BL31_KEY_CERT_ID**
+*   **#define : SOC_FW_KEY_CERT_ID**
  
      BL3-1 key certificate identifier, used by BL2 to load the BL3-1 key
      certificate.
  
-*   **#define : BL31_CERT_ID**
+*   **#define : SOC_FW_CONTENT_CERT_ID**
  
      BL3-1 content certificate identifier, used by BL2 to load the BL3-1 content
      certificate.
  
-*   **#define : BL33_KEY_CERT_ID**
+*   **#define : NON_TRUSTED_FW_KEY_CERT_ID**
  
      BL3-3 key certificate identifier, used by BL2 to load the BL3-3 key
      certificate.
  
-*   **#define : BL33_CERT_ID**
+*   **#define : NON_TRUSTED_FW_CONTENT_CERT_ID**
  
      BL3-3 content certificate identifier, used by BL2 to load the BL3-3 content
      certificate.
@@ -285,12 +285,12 @@ also be defined:
      BL3-0 image identifier, used by BL2 to load BL3-0 into secure memory from
      platform storage before being transfered to the SCP.
  
-*   **#define : BL30_KEY_CERT_ID**
+*   **#define : SCP_FW_KEY_CERT_ID**
  
      BL3-0 key certificate identifier, used by BL2 to load the BL3-0 key
      certificate (mandatory when Trusted Board Boot is enabled).
  
-*   **#define : BL30_CERT_ID**
+*   **#define : SCP_FW_CONTENT_CERT_ID**
  
      BL3-0 content certificate identifier, used by BL2 to load the BL3-0 content
      certificate (mandatory when Trusted Board Boot is enabled).
@@ -302,12 +302,12 @@ also be defined:
  
      BL3-2 image identifier, used by BL2 to load BL3-2.
  
-*   **#define : BL32_KEY_CERT_ID**
+*   **#define : TRUSTED_OS_FW_KEY_CERT_ID**
  
      BL3-2 key certificate identifier, used by BL2 to load the BL3-2 key
      certificate (mandatory when Trusted Board Boot is enabled).
  
-*   **#define : BL32_CERT_ID**
+*   **#define : TRUSTED_OS_FW_CONTENT_CERT_ID**
  
      BL3-2 content certificate identifier, used by BL2 to load the BL3-2 content
      certificate (mandatory when Trusted Board Boot is enabled).
diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c

index 71634a19d1232ad75f91176ce110df949cc6e01e..ab0243dacfaaa305f78af6eee9735975dcc80981 100644 (file)
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -44,14 +44,14 @@
   * extracted from the certificates. In this case, because of the way the CoT is
   * established, we can reuse some of the buffers on different stages
   */
-static unsigned char plat_bl2_hash_buf[HASH_DER_LEN];
-static unsigned char plat_bl30_hash_buf[HASH_DER_LEN];
-static unsigned char plat_bl31_hash_buf[HASH_DER_LEN];
-static unsigned char plat_bl32_hash_buf[HASH_DER_LEN];
-static unsigned char plat_bl33_hash_buf[HASH_DER_LEN];
-static unsigned char plat_tz_world_pk_buf[PK_DER_LEN];
-static unsigned char plat_ntz_world_pk_buf[PK_DER_LEN];
-static unsigned char plat_content_pk[PK_DER_LEN];
+static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
+static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
+static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
+static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
+static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
+static unsigned char trusted_world_pk_buf[PK_DER_LEN];
+static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
+static unsigned char content_pk_buf[PK_DER_LEN];
  
  /*
   * Parameter type descriptors
@@ -65,36 +65,36 @@ static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
  static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
                 AUTH_PARAM_RAW_DATA, 0);
  
-static auth_param_type_desc_t tz_world_pk = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_PUB_KEY, TZ_WORLD_PK_OID);
-static auth_param_type_desc_t ntz_world_pk = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_PUB_KEY, NTZ_WORLD_PK_OID);
+static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
+static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
  
-static auth_param_type_desc_t bl30_content_pk = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_PUB_KEY, BL30_CONTENT_CERT_PK_OID);
-static auth_param_type_desc_t bl31_content_pk = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_PUB_KEY, BL31_CONTENT_CERT_PK_OID);
-static auth_param_type_desc_t bl32_content_pk = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_PUB_KEY, BL32_CONTENT_CERT_PK_OID);
-static auth_param_type_desc_t bl33_content_pk = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_PUB_KEY, BL33_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
  
-static auth_param_type_desc_t bl2_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, BL2_HASH_OID);
-static auth_param_type_desc_t bl30_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, BL30_HASH_OID);
-static auth_param_type_desc_t bl31_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, BL31_HASH_OID);
-static auth_param_type_desc_t bl32_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, BL32_HASH_OID);
-static auth_param_type_desc_t bl33_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, BL33_HASH_OID);
+static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
+static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, SCP_FW_HASH_OID);
+static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
+static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
+static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
  static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, SCP_BL2U_HASH_OID);
+               AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
  static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, BL2U_HASH_OID);
+               AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
  static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
-               AUTH_PARAM_HASH, NS_BL2U_HASH_OID);
+               AUTH_PARAM_HASH, FWU_HASH_OID);
  
  /*
   * TBBR Chain of trust definition
@@ -103,8 +103,8 @@ static const auth_img_desc_t cot_desc[] = {
         /*
          * BL2
          */
-       [BL2_CERT_ID] = {
-               .img_id = BL2_CERT_ID,
+       [TRUSTED_BOOT_FW_CERT_ID] = {
+               .img_id = TRUSTED_BOOT_FW_CERT_ID,
                 .img_type = IMG_CERT,
                 .parent = NULL,
                 .img_auth_methods = {
@@ -120,9 +120,9 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl2_hash,
+                               .type_desc = &tb_fw_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl2_hash_buf,
+                                       .ptr = (void *)tb_fw_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         }
@@ -131,13 +131,13 @@ static const auth_img_desc_t cot_desc[] = {
         [BL2_IMAGE_ID] = {
                 .img_id = BL2_IMAGE_ID,
                 .img_type = IMG_RAW,
-               .parent = &cot_desc[BL2_CERT_ID],
+               .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_HASH,
                                 .param.hash = {
                                         .data = &raw_data,
-                                       .hash = &bl2_hash,
+                                       .hash = &tb_fw_hash,
                                 }
                         }
                 }
@@ -162,33 +162,33 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &tz_world_pk,
+                               .type_desc = &trusted_world_pk,
                                 .data = {
-                                       .ptr = (void *)plat_tz_world_pk_buf,
+                                       .ptr = (void *)trusted_world_pk_buf,
                                         .len = (unsigned int)PK_DER_LEN
                                 }
                         },
                         [1] = {
-                               .type_desc = &ntz_world_pk,
+                               .type_desc = &non_trusted_world_pk,
                                 .data = {
-                                       .ptr = (void *)plat_ntz_world_pk_buf,
+                                       .ptr = (void *)non_trusted_world_pk_buf,
                                         .len = (unsigned int)PK_DER_LEN
                                 }
                         }
                 }
         },
         /*
-        * BL3-0
+        * SCP Firmware
          */
-       [BL30_KEY_CERT_ID] = {
-               .img_id = BL30_KEY_CERT_ID,
+       [SCP_FW_KEY_CERT_ID] = {
+               .img_id = SCP_FW_KEY_CERT_ID,
                 .img_type = IMG_CERT,
                 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &tz_world_pk,
+                                       .pk = &trusted_world_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -197,23 +197,23 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl30_content_pk,
+                               .type_desc = &scp_fw_content_pk,
                                 .data = {
-                                       .ptr = (void *)plat_content_pk,
+                                       .ptr = (void *)content_pk_buf,
                                         .len = (unsigned int)PK_DER_LEN
                                 }
                         }
                 }
         },
-       [BL30_CERT_ID] = {
-               .img_id = BL30_CERT_ID,
+       [SCP_FW_CONTENT_CERT_ID] = {
+               .img_id = SCP_FW_CONTENT_CERT_ID,
                 .img_type = IMG_CERT,
-               .parent = &cot_desc[BL30_KEY_CERT_ID],
+               .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &bl30_content_pk,
+                                       .pk = &scp_fw_content_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -222,9 +222,9 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl30_hash,
+                               .type_desc = &scp_fw_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl30_hash_buf,
+                                       .ptr = (void *)scp_fw_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         }
@@ -233,29 +233,29 @@ static const auth_img_desc_t cot_desc[] = {
         [BL30_IMAGE_ID] = {
                 .img_id = BL30_IMAGE_ID,
                 .img_type = IMG_RAW,
-               .parent = &cot_desc[BL30_CERT_ID],
+               .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_HASH,
                                 .param.hash = {
                                         .data = &raw_data,
-                                       .hash = &bl30_hash,
+                                       .hash = &scp_fw_hash,
                                 }
                         }
                 }
         },
         /*
-        * BL3-1
+        * SoC Firmware
          */
-       [BL31_KEY_CERT_ID] = {
-               .img_id = BL31_KEY_CERT_ID,
+       [SOC_FW_KEY_CERT_ID] = {
+               .img_id = SOC_FW_KEY_CERT_ID,
                 .img_type = IMG_CERT,
                 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &tz_world_pk,
+                                       .pk = &trusted_world_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -264,23 +264,23 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl31_content_pk,
+                               .type_desc = &soc_fw_content_pk,
                                 .data = {
-                                       .ptr = (void *)plat_content_pk,
+                                       .ptr = (void *)content_pk_buf,
                                         .len = (unsigned int)PK_DER_LEN
                                 }
                         }
                 }
         },
-       [BL31_CERT_ID] = {
-               .img_id = BL31_CERT_ID,
+       [SOC_FW_CONTENT_CERT_ID] = {
+               .img_id = SOC_FW_CONTENT_CERT_ID,
                 .img_type = IMG_CERT,
-               .parent = &cot_desc[BL31_KEY_CERT_ID],
+               .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &bl31_content_pk,
+                                       .pk = &soc_fw_content_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -289,9 +289,9 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl31_hash,
+                               .type_desc = &soc_fw_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl31_hash_buf,
+                                       .ptr = (void *)soc_fw_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         }
@@ -300,29 +300,29 @@ static const auth_img_desc_t cot_desc[] = {
         [BL31_IMAGE_ID] = {
                 .img_id = BL31_IMAGE_ID,
                 .img_type = IMG_RAW,
-               .parent = &cot_desc[BL31_CERT_ID],
+               .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_HASH,
                                 .param.hash = {
                                         .data = &raw_data,
-                                       .hash = &bl31_hash,
+                                       .hash = &soc_fw_hash,
                                 }
                         }
                 }
         },
         /*
-        * BL3-2
+        * Trusted OS Firmware
          */
-       [BL32_KEY_CERT_ID] = {
-               .img_id = BL32_KEY_CERT_ID,
+       [TRUSTED_OS_FW_KEY_CERT_ID] = {
+               .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
                 .img_type = IMG_CERT,
                 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &tz_world_pk,
+                                       .pk = &trusted_world_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -331,23 +331,23 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl32_content_pk,
+                               .type_desc = &tos_fw_content_pk,
                                 .data = {
-                                       .ptr = (void *)plat_content_pk,
+                                       .ptr = (void *)content_pk_buf,
                                         .len = (unsigned int)PK_DER_LEN
                                 }
                         }
                 }
         },
-       [BL32_CERT_ID] = {
-               .img_id = BL32_CERT_ID,
+       [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
+               .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
                 .img_type = IMG_CERT,
-               .parent = &cot_desc[BL32_KEY_CERT_ID],
+               .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &bl32_content_pk,
+                                       .pk = &tos_fw_content_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -356,9 +356,9 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl32_hash,
+                               .type_desc = &tos_fw_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl32_hash_buf,
+                                       .ptr = (void *)tos_fw_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         }
@@ -367,29 +367,29 @@ static const auth_img_desc_t cot_desc[] = {
         [BL32_IMAGE_ID] = {
                 .img_id = BL32_IMAGE_ID,
                 .img_type = IMG_RAW,
-               .parent = &cot_desc[BL32_CERT_ID],
+               .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_HASH,
                                 .param.hash = {
                                         .data = &raw_data,
-                                       .hash = &bl32_hash,
+                                       .hash = &tos_fw_hash,
                                 }
                         }
                 }
         },
         /*
-        * BL3-3
+        * Non-Trusted Firmware
          */
-       [BL33_KEY_CERT_ID] = {
-               .img_id = BL33_KEY_CERT_ID,
+       [NON_TRUSTED_FW_KEY_CERT_ID] = {
+               .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
                 .img_type = IMG_CERT,
                 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &ntz_world_pk,
+                                       .pk = &non_trusted_world_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -398,23 +398,23 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl33_content_pk,
+                               .type_desc = &nt_fw_content_pk,
                                 .data = {
-                                       .ptr = (void *)plat_content_pk,
+                                       .ptr = (void *)content_pk_buf,
                                         .len = (unsigned int)PK_DER_LEN
                                 }
                         }
                 }
         },
-       [BL33_CERT_ID] = {
-               .img_id = BL33_CERT_ID,
+       [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
+               .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
                 .img_type = IMG_CERT,
-               .parent = &cot_desc[BL33_KEY_CERT_ID],
+               .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_SIG,
                                 .param.sig = {
-                                       .pk = &bl33_content_pk,
+                                       .pk = &nt_fw_content_pk,
                                         .sig = &sig,
                                         .alg = &sig_alg,
                                         .data = &raw_data,
@@ -423,9 +423,9 @@ static const auth_img_desc_t cot_desc[] = {
                 },
                 .authenticated_data = {
                         [0] = {
-                               .type_desc = &bl33_hash,
+                               .type_desc = &nt_world_bl_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl33_hash_buf,
+                                       .ptr = (void *)nt_world_bl_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         }
@@ -434,13 +434,13 @@ static const auth_img_desc_t cot_desc[] = {
         [BL33_IMAGE_ID] = {
                 .img_id = BL33_IMAGE_ID,
                 .img_type = IMG_RAW,
-               .parent = &cot_desc[BL33_CERT_ID],
+               .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
                 .img_auth_methods = {
                         [0] = {
                                 .type = AUTH_METHOD_HASH,
                                 .param.hash = {
                                         .data = &raw_data,
-                                       .hash = &bl33_hash,
+                                       .hash = &nt_world_bl_hash,
                                 }
                         }
                 }
@@ -467,21 +467,21 @@ static const auth_img_desc_t cot_desc[] = {
                         [0] = {
                                 .type_desc = &scp_bl2u_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl30_hash_buf,
+                                       .ptr = (void *)scp_fw_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         },
                         [1] = {
                                 .type_desc = &bl2u_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl2_hash_buf,
+                                       .ptr = (void *)tb_fw_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         },
                         [2] = {
                                 .type_desc = &ns_bl2u_hash,
                                 .data = {
-                                       .ptr = (void *)plat_bl33_hash_buf,
+                                       .ptr = (void *)nt_world_bl_hash_buf,
                                         .len = (unsigned int)HASH_DER_LEN
                                 }
                         }
diff --git a/include/common/firmware_image_package.h b/include/common/firmware_image_package.h

index daa043a86637a255cda244dc6c09a393ecb44d99..30c55025579ca3fa80e8d88cfae0932d2ce4e964 100644 (file)
--- a/include/common/firmware_image_package.h
+++ b/include/common/firmware_image_package.h
@@ -64,24 +64,24 @@
         {0x90e87e82, 0x60f8, 0x11e4, 0xa1, 0xb4, {0x77, 0x7a, 0x21, 0xb4, 0xf9, 0x4c} }
  #define UUID_NON_TRUSTED_WORLD_KEY_CERT \
         {0x3d87671c, 0x635f, 0x11e4, 0x97, 0x8d, {0x27, 0xc0, 0xc7, 0x14, 0x8a, 0xbd} }
-#define UUID_SCP_FIRMWARE_BL30_KEY_CERT \
+#define UUID_SCP_FW_KEY_CERT \
         {0xa1214202, 0x60f8, 0x11e4, 0x8d, 0x9b, {0xf3, 0x3c, 0x0e, 0x15, 0xa0, 0x14} }
-#define UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT \
+#define UUID_SOC_FW_KEY_CERT \
         {0xccbeb88a, 0x60f9, 0x11e4, 0x9a, 0xd0, {0xeb, 0x48, 0x22, 0xd8, 0xdc, 0xf8} }
-#define UUID_SECURE_PAYLOAD_BL32_KEY_CERT \
+#define UUID_TRUSTED_OS_FW_KEY_CERT \
         {0x03d67794, 0x60fb, 0x11e4, 0x85, 0xdd, {0xb7, 0x10, 0x5b, 0x8c, 0xee, 0x04} }
-#define UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT \
+#define UUID_NON_TRUSTED_FW_KEY_CERT \
         {0x2a83d58a, 0x60fb, 0x11e4, 0x8a, 0xaf, {0xdf, 0x30, 0xbb, 0xc4, 0x98, 0x59} }
  /* Content certificates */
-#define UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT \
+#define UUID_TRUSTED_BOOT_FW_CERT \
         {0xea69e2d6, 0x635d, 0x11e4, 0x8d, 0x8c, {0x9f, 0xba, 0xbe, 0x99, 0x56, 0xa5} }
-#define UUID_SCP_FIRMWARE_BL30_CERT \
+#define UUID_SCP_FW_CONTENT_CERT \
         {0x046fbe44, 0x635e, 0x11e4, 0xb2, 0x8b, {0x73, 0xd8, 0xea, 0xae, 0x96, 0x56} }
-#define UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT \
+#define UUID_SOC_FW_CONTENT_CERT \
         {0x200cb2e2, 0x635e, 0x11e4, 0x9c, 0xe8, {0xab, 0xcc, 0xf9, 0x2b, 0xb6, 0x66} }
-#define UUID_SECURE_PAYLOAD_BL32_CERT \
+#define UUID_TRUSTED_OS_FW_CONTENT_CERT \
         {0x11449fa4, 0x635e, 0x11e4, 0x87, 0x28, {0x3f, 0x05, 0x72, 0x2a, 0xf3, 0x3d} }
-#define UUID_NON_TRUSTED_FIRMWARE_BL33_CERT \
+#define UUID_NON_TRUSTED_FW_CONTENT_CERT \
         {0xf3c1c48e, 0x635d, 0x11e4, 0xa7, 0xa9, {0x87, 0xee, 0x40, 0xb2, 0x3f, 0xa7} }
  
  typedef struct fip_toc_header {
diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h

index fabe0b94205f818955f25e588127c31972741e5d..8b16639a9d968a26f99f90ab1352167576934592 100644 (file)
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@@ -50,18 +50,18 @@
  #define BL33_IMAGE_ID                  5
  
  /* Certificates */
-#define BL2_CERT_ID                    6
+#define TRUSTED_BOOT_FW_CERT_ID                6
  #define TRUSTED_KEY_CERT_ID            7
  
-#define BL30_KEY_CERT_ID               8
-#define BL31_KEY_CERT_ID               9
-#define BL32_KEY_CERT_ID               10
-#define BL33_KEY_CERT_ID               11
+#define SCP_FW_KEY_CERT_ID             8
+#define SOC_FW_KEY_CERT_ID             9
+#define TRUSTED_OS_FW_KEY_CERT_ID      10
+#define NON_TRUSTED_FW_KEY_CERT_ID     11
  
-#define BL30_CERT_ID                   12
-#define BL31_CERT_ID                   13
-#define BL32_CERT_ID                   14
-#define BL33_CERT_ID                   15
+#define SCP_FW_CONTENT_CERT_ID         12
+#define SOC_FW_CONTENT_CERT_ID         13
+#define TRUSTED_OS_FW_CONTENT_CERT_ID  14
+#define NON_TRUSTED_FW_CONTENT_CERT_ID 15
  
  /* Non-Trusted ROM Firmware NS_BL1U */
  #define NS_BL1U_IMAGE_ID               16
diff --git a/include/plat/arm/board/common/board_arm_oid.h b/include/plat/arm/board/common/board_arm_oid.h

index b29212e40edbb75c22618fa3b49ae21989f1599d..bf26a48ba296a2d625ba4bc20ac19196bd23c900 100644 (file)
--- a/include/plat/arm/board/common/board_arm_oid.h
+++ b/include/plat/arm/board/common/board_arm_oid.h
@@ -44,9 +44,9 @@
  
  
  /* TrustedFirmwareNVCounter - Non-volatile counter extension */
-#define TZ_FW_NVCOUNTER_OID                    "1.3.6.1.4.1.4128.2100.1"
+#define TRUSTED_FW_NVCOUNTER_OID               "1.3.6.1.4.1.4128.2100.1"
  /* NonTrustedFirmwareNVCounter - Non-volatile counter extension */
-#define NTZ_FW_NVCOUNTER_OID                   "1.3.6.1.4.1.4128.2100.2"
+#define NON_TRUSTED_FW_NVCOUNTER_OID           "1.3.6.1.4.1.4128.2100.2"
  
  
  /*
@@ -54,11 +54,11 @@
   */
  
  /* APFirmwareUpdaterConfigHash - BL2U */
-#define BL2U_HASH_OID                          "1.3.6.1.4.1.4128.2100.101"
+#define AP_FWU_CFG_HASH_OID                    "1.3.6.1.4.1.4128.2100.101"
  /* SCPFirmwareUpdaterConfigHash - SCP_BL2U */
-#define SCP_BL2U_HASH_OID                      "1.3.6.1.4.1.4128.2100.102"
+#define SCP_FWU_CFG_HASH_OID                   "1.3.6.1.4.1.4128.2100.102"
  /* FirmwareUpdaterHash - NS_BL2U */
-#define NS_BL2U_HASH_OID                       "1.3.6.1.4.1.4128.2100.103"
+#define FWU_HASH_OID                           "1.3.6.1.4.1.4128.2100.103"
  /* TrustedWatchdogRefreshTime */
  #define TRUSTED_WATCHDOG_TIME_OID              "1.3.6.1.4.1.4128.2100.104"
  
@@ -68,7 +68,7 @@
   */
  
  /* TrustedBootFirmwareHash - BL2 */
-#define BL2_HASH_OID                           "1.3.6.1.4.1.4128.2100.201"
+#define TRUSTED_BOOT_FW_HASH_OID               "1.3.6.1.4.1.4128.2100.201"
  
  
  /*
@@ -78,9 +78,9 @@
  /* PrimaryDebugCertificatePK */
  #define PRIMARY_DEBUG_PK_OID                   "1.3.6.1.4.1.4128.2100.301"
  /* TrustedWorldPK */
-#define TZ_WORLD_PK_OID                                "1.3.6.1.4.1.4128.2100.302"
+#define TRUSTED_WORLD_PK_OID                   "1.3.6.1.4.1.4128.2100.302"
  /* NonTrustedWorldPK */
-#define NTZ_WORLD_PK_OID                       "1.3.6.1.4.1.4128.2100.303"
+#define NON_TRUSTED_WORLD_PK_OID               "1.3.6.1.4.1.4128.2100.303"
  
  
  /*
@@ -100,7 +100,7 @@
   */
  
  /* SoCFirmwareContentCertPK */
-#define BL31_CONTENT_CERT_PK_OID               "1.3.6.1.4.1.4128.2100.501"
+#define SOC_FW_CONTENT_CERT_PK_OID             "1.3.6.1.4.1.4128.2100.501"
  
  
  /*
@@ -112,7 +112,7 @@
  /* SoCConfigHash */
  #define SOC_CONFIG_HASH_OID                    "1.3.6.1.4.1.4128.2100.602"
  /* SoCAPFirmwareHash - BL31 */
-#define BL31_HASH_OID                          "1.3.6.1.4.1.4128.2100.603"
+#define SOC_AP_FW_HASH_OID                     "1.3.6.1.4.1.4128.2100.603"
  
  
  /*
@@ -120,7 +120,7 @@
   */
  
  /* SCPFirmwareContentCertPK */
-#define BL30_CONTENT_CERT_PK_OID               "1.3.6.1.4.1.4128.2100.701"
+#define SCP_FW_CONTENT_CERT_PK_OID             "1.3.6.1.4.1.4128.2100.701"
  
  
  /*
@@ -128,7 +128,7 @@
   */
  
  /* SCPFirmwareHash - BL30 */
-#define BL30_HASH_OID                          "1.3.6.1.4.1.4128.2100.801"
+#define SCP_FW_HASH_OID                                "1.3.6.1.4.1.4128.2100.801"
  /* SCPRomPatchHash - BL0_PATCH */
  #define SCP_ROM_PATCH_HASH_OID                 "1.3.6.1.4.1.4128.2100.802"
  
@@ -138,7 +138,7 @@
   */
  
  /* TrustedOSFirmwareContentCertPK */
-#define BL32_CONTENT_CERT_PK_OID               "1.3.6.1.4.1.4128.2100.901"
+#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID      "1.3.6.1.4.1.4128.2100.901"
  
  
  /*
@@ -146,7 +146,7 @@
   */
  
  /* TrustedOSFirmwareHash - BL32 */
-#define BL32_HASH_OID                          "1.3.6.1.4.1.4128.2100.1001"
+#define TRUSTED_OS_FW_HASH_OID                 "1.3.6.1.4.1.4128.2100.1001"
  
  
  /*
@@ -154,7 +154,7 @@
   */
  
  /* NonTrustedFirmwareContentCertPK */
-#define BL33_CONTENT_CERT_PK_OID               "1.3.6.1.4.1.4128.2100.1101"
+#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID     "1.3.6.1.4.1.4128.2100.1101"
  
  
  /*
@@ -162,6 +162,6 @@
   */
  
  /* NonTrustedWorldBootloaderHash - BL33 */
-#define BL33_HASH_OID                          "1.3.6.1.4.1.4128.2100.1201"
+#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID  "1.3.6.1.4.1.4128.2100.1201"
  
  #endif /* __BOARD_ARM_OID_H__ */
diff --git a/make_helpers/tbbr/tbbr_tools.mk b/make_helpers/tbbr/tbbr_tools.mk

index bf0d2967785ffa96fb35028c5f19be9c3bb44dff..eed3808aed0118650c5b8b596a7d365f102a96c4 100644 (file)
--- a/make_helpers/tbbr/tbbr_tools.mk
+++ b/make_helpers/tbbr/tbbr_tools.mk
@@ -76,61 +76,61 @@ $(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--
  $(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key)))
  
  # Add the BL2 CoT (image cert + image)
-$(if ${BL2},$(eval $(call CERT_ADD_CMD_OPT,${BL2},--bl2,true)),\
-            $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,2),--bl2,true)))
-$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl2.crt,--bl2-cert))
-$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl2.crt,--bl2-cert))
+$(if ${BL2},$(eval $(call CERT_ADD_CMD_OPT,${BL2},--tb-fw,true)),\
+            $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,2),--tb-fw,true)))
+$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
+$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
  
  # Add the BL30 CoT (key cert + img cert + image)
  ifneq (${BL30},)
-    $(eval $(call CERT_ADD_CMD_OPT,${BL30},--bl30,true))
-    $(if ${BL30_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL30_KEY},--bl30-key)))
-    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl30.crt,--bl30-cert))
-    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl30_key.crt,--bl30-key-cert))
-    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl30.crt,--bl30-cert))
-    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl30_key.crt,--bl30-key-cert))
+    $(eval $(call CERT_ADD_CMD_OPT,${BL30},--scp-fw,true))
+    $(if ${BL30_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL30_KEY},--scp-fw-key)))
+    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/scp_fw_content.crt,--scp-fw-cert))
+    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/scp_fw_key.crt,--scp-fw-key-cert))
+    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/scp_fw_content.crt,--scp-fw-cert))
+    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/scp_fw_key.crt,--scp-fw-key-cert))
  endif
  
  # Add the BL31 CoT (key cert + img cert + image)
-$(if ${BL31},$(eval $(call CERT_ADD_CMD_OPT,${BL31},--bl31,true)),\
-             $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,31),--bl31,true)))
-$(if ${BL31_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL31_KEY},--bl31-key)))
-$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl31.crt,--bl31-cert))
-$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl31_key.crt,--bl31-key-cert))
-$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl31.crt,--bl31-cert))
-$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl31_key.crt,--bl31-key-cert))
+$(if ${BL31},$(eval $(call CERT_ADD_CMD_OPT,${BL31},--soc-fw,true)),\
+             $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,31),--soc-fw,true)))
+$(if ${BL31_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL31_KEY},--soc-fw-key)))
+$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/soc_fw_content.crt,--soc-fw-cert))
+$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/soc_fw_key.crt,--soc-fw-key-cert))
+$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/soc_fw_content.crt,--soc-fw-cert))
+$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/soc_fw_key.crt,--soc-fw-key-cert))
  
  # Add the BL32 CoT (key cert + img cert + image)
  ifeq (${NEED_BL32},yes)
-    $(if ${BL32},$(eval $(call CERT_ADD_CMD_OPT,${BL32},--bl32,true)),\
-                 $(if ${BL32_SOURCES},$(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,32),--bl32,true))))
-    $(if ${BL32_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL32_KEY},--bl32-key)))
-    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl32.crt,--bl32-cert))
-    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl32_key.crt,--bl32-key-cert))
-    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl32.crt,--bl32-cert))
-    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl32_key.crt,--bl32-key-cert))
+    $(if ${BL32},$(eval $(call CERT_ADD_CMD_OPT,${BL32},--tos-fw,true)),\
+                 $(if ${BL32_SOURCES},$(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,32),--tos-fw,true))))
+    $(if ${BL32_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL32_KEY},--tos-fw-key)))
+    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tos_fw_content.crt,--tos-fw-cert))
+    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tos_fw_key.crt,--tos-fw-key-cert))
+    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tos_fw_content.crt,--tos-fw-cert))
+    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tos_fw_key.crt,--tos-fw-key-cert))
  endif
  
  # Add the BL33 CoT (key cert + img cert + image)
  ifneq (${BL33},)
-    $(eval $(call CERT_ADD_CMD_OPT,${BL33},--bl33,true))
-    $(if ${BL33_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL33_KEY},--bl33-key)))
-    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl33.crt,--bl33-cert))
-    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl33_key.crt,--bl33-key-cert))
-    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33.crt,--bl33-cert))
-    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33_key.crt,--bl33-key-cert))
+    $(eval $(call CERT_ADD_CMD_OPT,${BL33},--nt-fw,true))
+    $(if ${BL33_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL33_KEY},--nt-fw-key)))
+    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/nt_fw_content.crt,--nt-fw-cert))
+    $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/nt_fw_key.crt,--nt-fw-key-cert))
+    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/nt_fw_content.crt,--nt-fw-cert))
+    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/nt_fw_key.crt,--nt-fw-key-cert))
  endif
  
  # Add the BL2U image
-$(if ${BL2U},$(eval $(call FWU_CERT_ADD_CMD_OPT,${BL2U},--bl2u,true)),\
-     $(eval $(call FWU_CERT_ADD_CMD_OPT,$(call IMG_BIN,2u),--bl2u,true)))
+$(if ${BL2U},$(eval $(call FWU_CERT_ADD_CMD_OPT,${BL2U},--ap-fwu-cfg,true)),\
+     $(eval $(call FWU_CERT_ADD_CMD_OPT,$(call IMG_BIN,2u),--ap-fwu-cfg,true)))
  
  # Add the SCP_BL2U image
  ifneq (${SCP_BL2U},)
-    $(eval $(call FWU_CERT_ADD_CMD_OPT,${SCP_BL2U},--scp_bl2u,true))
+    $(eval $(call FWU_CERT_ADD_CMD_OPT,${SCP_BL2U},--scp-fwu-cfg,true))
  endif
  
  # Add the NS_BL2U image
  ifneq (${NS_BL2U},)
-    $(eval $(call FWU_CERT_ADD_CMD_OPT,${NS_BL2U},--ns_bl2u,true))
+    $(eval $(call FWU_CERT_ADD_CMD_OPT,${NS_BL2U},--fwu,true))
  endif
diff --git a/plat/arm/board/fvp/fvp_io_storage.c b/plat/arm/board/fvp/fvp_io_storage.c

index 0b74de2e251a39f1df0b87c5fbf4aa1fefdfa3e7..bc3d7b11dc8eafe179ebdc17f3dd975c8cddee0d 100644 (file)
--- a/plat/arm/board/fvp/fvp_io_storage.c
+++ b/plat/arm/board/fvp/fvp_io_storage.c
@@ -44,14 +44,14 @@
  #define BL33_IMAGE_NAME                        "bl33.bin"
  
  #if TRUSTED_BOARD_BOOT
-#define BL2_CERT_NAME                  "bl2.crt"
+#define TRUSTED_BOOT_FW_CERT_NAME      "tb_fw.crt"
  #define TRUSTED_KEY_CERT_NAME          "trusted_key.crt"
-#define BL31_KEY_CERT_NAME             "bl31_key.crt"
-#define BL32_KEY_CERT_NAME             "bl32_key.crt"
-#define BL33_KEY_CERT_NAME             "bl33_key.crt"
-#define BL31_CERT_NAME                 "bl31.crt"
-#define BL32_CERT_NAME                 "bl32.crt"
-#define BL33_CERT_NAME                 "bl33.crt"
+#define SOC_FW_KEY_CERT_NAME           "soc_fw_key.crt"
+#define TOS_FW_KEY_CERT_NAME           "tos_fw_key.crt"
+#define NT_FW_KEY_CERT_NAME            "nt_fw_key.crt"
+#define SOC_FW_CONTENT_CERT_NAME       "soc_fw_content.crt"
+#define TOS_FW_CONTENT_CERT_NAME       "tos_fw_content.crt"
+#define NT_FW_CONTENT_CERT_NAME                "nt_fw_content.crt"
  #endif /* TRUSTED_BOARD_BOOT */
  
  /* IO devices */
@@ -76,36 +76,36 @@ static const io_file_spec_t sh_file_spec[] = {
                 .mode = FOPEN_MODE_RB
         },
  #if TRUSTED_BOARD_BOOT
-       [BL2_CERT_ID] = {
-               .path = BL2_CERT_NAME,
+       [TRUSTED_BOOT_FW_CERT_ID] = {
+               .path = TRUSTED_BOOT_FW_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
         [TRUSTED_KEY_CERT_ID] = {
                 .path = TRUSTED_KEY_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
-       [BL31_KEY_CERT_ID] = {
-               .path = BL31_KEY_CERT_NAME,
+       [SOC_FW_KEY_CERT_ID] = {
+               .path = SOC_FW_KEY_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
-       [BL32_KEY_CERT_ID] = {
-               .path = BL32_KEY_CERT_NAME,
+       [TRUSTED_OS_FW_KEY_CERT_ID] = {
+               .path = TOS_FW_KEY_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
-       [BL33_KEY_CERT_ID] = {
-               .path = BL33_KEY_CERT_NAME,
+       [NON_TRUSTED_FW_KEY_CERT_ID] = {
+               .path = NT_FW_KEY_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
-       [BL31_CERT_ID] = {
-               .path = BL31_CERT_NAME,
+       [SOC_FW_CONTENT_CERT_ID] = {
+               .path = SOC_FW_CONTENT_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
-       [BL32_CERT_ID] = {
-               .path = BL32_CERT_NAME,
+       [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
+               .path = TOS_FW_CONTENT_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
-       [BL33_CERT_ID] = {
-               .path = BL33_CERT_NAME,
+       [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
+               .path = NT_FW_CONTENT_CERT_NAME,
                 .mode = FOPEN_MODE_RB
         },
  #endif /* TRUSTED_BOARD_BOOT */
diff --git a/plat/arm/common/arm_io_storage.c b/plat/arm/common/arm_io_storage.c

index f7e99e9c4c188da151d251202ddc8f1775d230d6..56d711c0df8660faa243305215cc876460110584 100644 (file)
--- a/plat/arm/common/arm_io_storage.c
+++ b/plat/arm/common/arm_io_storage.c
@@ -70,44 +70,44 @@ static const io_uuid_spec_t bl33_uuid_spec = {
  };
  
  #if TRUSTED_BOARD_BOOT
-static const io_uuid_spec_t bl2_cert_uuid_spec = {
-       .uuid = UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT,
+static const io_uuid_spec_t tb_fw_cert_uuid_spec = {
+       .uuid = UUID_TRUSTED_BOOT_FW_CERT,
  };
  
  static const io_uuid_spec_t trusted_key_cert_uuid_spec = {
         .uuid = UUID_TRUSTED_KEY_CERT,
  };
  
-static const io_uuid_spec_t bl30_key_cert_uuid_spec = {
-       .uuid = UUID_SCP_FIRMWARE_BL30_KEY_CERT,
+static const io_uuid_spec_t scp_fw_key_cert_uuid_spec = {
+       .uuid = UUID_SCP_FW_KEY_CERT,
  };
  
-static const io_uuid_spec_t bl31_key_cert_uuid_spec = {
-       .uuid = UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT,
+static const io_uuid_spec_t soc_fw_key_cert_uuid_spec = {
+       .uuid = UUID_SOC_FW_KEY_CERT,
  };
  
-static const io_uuid_spec_t bl32_key_cert_uuid_spec = {
-       .uuid = UUID_SECURE_PAYLOAD_BL32_KEY_CERT,
+static const io_uuid_spec_t tos_fw_key_cert_uuid_spec = {
+       .uuid = UUID_TRUSTED_OS_FW_KEY_CERT,
  };
  
-static const io_uuid_spec_t bl33_key_cert_uuid_spec = {
-       .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT,
+static const io_uuid_spec_t nt_fw_key_cert_uuid_spec = {
+       .uuid = UUID_NON_TRUSTED_FW_KEY_CERT,
  };
  
-static const io_uuid_spec_t bl30_cert_uuid_spec = {
-       .uuid = UUID_SCP_FIRMWARE_BL30_CERT,
+static const io_uuid_spec_t scp_fw_cert_uuid_spec = {
+       .uuid = UUID_SCP_FW_CONTENT_CERT,
  };
  
-static const io_uuid_spec_t bl31_cert_uuid_spec = {
-       .uuid = UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT,
+static const io_uuid_spec_t soc_fw_cert_uuid_spec = {
+       .uuid = UUID_SOC_FW_CONTENT_CERT,
  };
  
-static const io_uuid_spec_t bl32_cert_uuid_spec = {
-       .uuid = UUID_SECURE_PAYLOAD_BL32_CERT,
+static const io_uuid_spec_t tos_fw_cert_uuid_spec = {
+       .uuid = UUID_TRUSTED_OS_FW_CONTENT_CERT,
  };
  
-static const io_uuid_spec_t bl33_cert_uuid_spec = {
-       .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33_CERT,
+static const io_uuid_spec_t nt_fw_cert_uuid_spec = {
+       .uuid = UUID_NON_TRUSTED_FW_CONTENT_CERT,
  };
  #endif /* TRUSTED_BOARD_BOOT */
  
@@ -154,9 +154,9 @@ static const struct plat_io_policy policies[] = {
                 open_fip
         },
  #if TRUSTED_BOARD_BOOT
-       [BL2_CERT_ID] = {
+       [TRUSTED_BOOT_FW_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl2_cert_uuid_spec,
+               (uintptr_t)&tb_fw_cert_uuid_spec,
                 open_fip
         },
         [TRUSTED_KEY_CERT_ID] = {
@@ -164,44 +164,44 @@ static const struct plat_io_policy policies[] = {
                 (uintptr_t)&trusted_key_cert_uuid_spec,
                 open_fip
         },
-       [BL30_KEY_CERT_ID] = {
+       [SCP_FW_KEY_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl30_key_cert_uuid_spec,
+               (uintptr_t)&scp_fw_key_cert_uuid_spec,
                 open_fip
         },
-       [BL31_KEY_CERT_ID] = {
+       [SOC_FW_KEY_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl31_key_cert_uuid_spec,
+               (uintptr_t)&soc_fw_key_cert_uuid_spec,
                 open_fip
         },
-       [BL32_KEY_CERT_ID] = {
+       [TRUSTED_OS_FW_KEY_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl32_key_cert_uuid_spec,
+               (uintptr_t)&tos_fw_key_cert_uuid_spec,
                 open_fip
         },
-       [BL33_KEY_CERT_ID] = {
+       [NON_TRUSTED_FW_KEY_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl33_key_cert_uuid_spec,
+               (uintptr_t)&nt_fw_key_cert_uuid_spec,
                 open_fip
         },
-       [BL30_CERT_ID] = {
+       [SCP_FW_CONTENT_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl30_cert_uuid_spec,
+               (uintptr_t)&scp_fw_cert_uuid_spec,
                 open_fip
         },
-       [BL31_CERT_ID] = {
+       [SOC_FW_CONTENT_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl31_cert_uuid_spec,
+               (uintptr_t)&soc_fw_cert_uuid_spec,
                 open_fip
         },
-       [BL32_CERT_ID] = {
+       [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl32_cert_uuid_spec,
+               (uintptr_t)&tos_fw_cert_uuid_spec,
                 open_fip
         },
-       [BL33_CERT_ID] = {
+       [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
                 &fip_dev_handle,
-               (uintptr_t)&bl33_cert_uuid_spec,
+               (uintptr_t)&nt_fw_cert_uuid_spec,
                 open_fip
         },
  #endif /* TRUSTED_BOARD_BOOT */
diff --git a/tools/cert_create/include/tbbr/tbb_cert.h b/tools/cert_create/include/tbbr/tbb_cert.h

index 2bc3be63c6bc18a7b3cc53203bf31544571586e8..c0f7ba25fd474d210e0820501bf601d73c862486 100644 (file)
--- a/tools/cert_create/include/tbbr/tbb_cert.h
+++ b/tools/cert_create/include/tbbr/tbb_cert.h
@@ -37,16 +37,16 @@
   * Enumerate the certificates that are used to establish the chain of trust
   */
  enum {
-       BL2_CERT,
+       TRUSTED_BOOT_FW_CERT,
         TRUSTED_KEY_CERT,
-       BL30_KEY_CERT,
-       BL30_CERT,
-       BL31_KEY_CERT,
-       BL31_CERT,
-       BL32_KEY_CERT,
-       BL32_CERT,
-       BL33_KEY_CERT,
-       BL33_CERT,
+       SCP_FW_KEY_CERT,
+       SCP_FW_CONTENT_CERT,
+       SOC_FW_KEY_CERT,
+       SOC_FW_CONTENT_CERT,
+       TRUSTED_OS_FW_KEY_CERT,
+       TRUSTED_OS_FW_CONTENT_CERT,
+       NON_TRUSTED_FW_KEY_CERT,
+       NON_TRUSTED_FW_CONTENT_CERT,
         FWU_CERT
  };
  
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h

index ecbe8669d4542e3ded19fdda5201d1797a356177..8589cf7b510307fdae9c8561a726650910b5c40c 100644 (file)
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -34,22 +34,22 @@
  
  /* TBBR extensions */
  enum {
-       TZ_FW_NVCOUNTER_EXT,
-       NTZ_FW_NVCOUNTER_EXT,
-       BL2_HASH_EXT,
-       TZ_WORLD_PK_EXT,
-       NTZ_WORLD_PK_EXT,
-       BL31_CONTENT_CERT_PK_EXT,
-       BL31_HASH_EXT,
-       BL30_CONTENT_CERT_PK_EXT,
-       BL30_HASH_EXT,
-       BL32_CONTENT_CERT_PK_EXT,
-       BL32_HASH_EXT,
-       BL33_CONTENT_CERT_PK_EXT,
-       BL33_HASH_EXT,
-       SCP_BL2U_HASH_EXT,
-       BL2U_HASH_EXT,
-       NS_BL2U_HASH_EXT
+       TRUSTED_FW_NVCOUNTER_EXT,
+       NON_TRUSTED_FW_NVCOUNTER_EXT,
+       TRUSTED_BOOT_FW_HASH_EXT,
+       TRUSTED_WORLD_PK_EXT,
+       NON_TRUSTED_WORLD_PK_EXT,
+       SCP_FW_CONTENT_CERT_PK_EXT,
+       SCP_FW_HASH_EXT,
+       SOC_FW_CONTENT_CERT_PK_EXT,
+       SOC_AP_FW_HASH_EXT,
+       TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
+       TRUSTED_OS_FW_HASH_EXT,
+       NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
+       NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+       SCP_FWU_CFG_HASH_EXT,
+       AP_FWU_CFG_HASH_EXT,
+       FWU_HASH_EXT
  };
  
  #endif /* TBB_EXT_H_ */
diff --git a/tools/cert_create/include/tbbr/tbb_key.h b/tools/cert_create/include/tbbr/tbb_key.h

index 159030945af44356983b80de75855b59452eff0a..0becf3f5da382c39c56870c220a6615425a52818 100644 (file)
--- a/tools/cert_create/include/tbbr/tbb_key.h
+++ b/tools/cert_create/include/tbbr/tbb_key.h
@@ -40,10 +40,10 @@ enum {
         ROT_KEY,
         TRUSTED_WORLD_KEY,
         NON_TRUSTED_WORLD_KEY,
-       BL30_KEY,
-       BL31_KEY,
-       BL32_KEY,
-       BL33_KEY
+       SCP_FW_CONTENT_CERT_KEY,
+       SOC_FW_CONTENT_CERT_KEY,
+       TRUSTED_OS_FW_CONTENT_CERT_KEY,
+       NON_TRUSTED_FW_CONTENT_CERT_KEY
  };
  
  #endif /* TBB_KEY_H_ */
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c

index de15ef6fecfa14bbc7a14814f5fb5f394ce7bf6a..6d11a27735b46aa092144e5a37306d2dd0008a02 100644 (file)
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -91,16 +91,16 @@ enum {
         BL32_ID,
         BL33_ID,
         /* Certificate file names (outputs) */
-       BL2_CERT_ID,
+       TRUSTED_BOOT_FW_CERT_ID,
         TRUSTED_KEY_CERT_ID,
-       BL30_KEY_CERT_ID,
-       BL30_CERT_ID,
-       BL31_KEY_CERT_ID,
-       BL31_CERT_ID,
-       BL32_KEY_CERT_ID,
-       BL32_CERT_ID,
-       BL33_KEY_CERT_ID,
-       BL33_CERT_ID,
+       SCP_FW_KEY_CERT_ID,
+       SCP_FW_CONTENT_CERT_ID,
+       SOC_FW_KEY_CERT_ID,
+       SOC_FW_CONTENT_CERT_ID,
+       TRUSTED_OS_FW_KEY_CERT_ID,
+       TRUSTED_OS_FW_CONTENT_CERT_ID,
+       NON_TRUSTED_FW_KEY_CERT_ID,
+       NON_TRUSTED_FW_CONTENT_CERT_ID,
         /* Key file names (input/output) */
         ROT_KEY_ID,
         TRUSTED_WORLD_KEY_ID,
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c

index 59a1cd9c7d5a58577f24d886a2f3b3d1a555e47c..20be59f77a0561d6ad84e1001eed65d1e0fa01a5 100644 (file)
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -40,15 +40,15 @@
   * field points to itself.
   */
  static cert_t tbb_certs[] = {
-       [BL2_CERT] = {
-               .id = BL2_CERT,
-               .opt = "bl2-cert",
+       [TRUSTED_BOOT_FW_CERT] = {
+               .id = TRUSTED_BOOT_FW_CERT,
+               .opt = "tb-fw-cert",
                 .fn = NULL,
-               .cn = "BL2 Certificate",
+               .cn = "Trusted Boot FW Certificate",
                 .key = ROT_KEY,
-               .issuer = BL2_CERT,
+               .issuer = TRUSTED_BOOT_FW_CERT,
                 .ext = {
-                       BL2_HASH_EXT
+                       TRUSTED_BOOT_FW_HASH_EXT
                 },
                 .num_ext = 1
         },
@@ -60,104 +60,104 @@ static cert_t tbb_certs[] = {
                 .key = ROT_KEY,
                 .issuer = TRUSTED_KEY_CERT,
                 .ext = {
-                       TZ_WORLD_PK_EXT,
-                       NTZ_WORLD_PK_EXT
+                       TRUSTED_WORLD_PK_EXT,
+                       NON_TRUSTED_WORLD_PK_EXT
                 },
                 .num_ext = 2
         },
-       [BL30_KEY_CERT] = {
-               .id = BL30_KEY_CERT,
-               .opt = "bl30-key-cert",
+       [SCP_FW_KEY_CERT] = {
+               .id = SCP_FW_KEY_CERT,
+               .opt = "scp-fw-key-cert",
                 .fn = NULL,
-               .cn = "BL3-0 Key Certificate",
+               .cn = "SCP Firmware Key Certificate",
                 .key = TRUSTED_WORLD_KEY,
-               .issuer = BL30_KEY_CERT,
+               .issuer = SCP_FW_KEY_CERT,
                 .ext = {
-                       BL30_CONTENT_CERT_PK_EXT
+                       SCP_FW_CONTENT_CERT_PK_EXT
                 },
                 .num_ext = 1
         },
-       [BL30_CERT] = {
-               .id = BL30_CERT,
-               .opt = "bl30-cert",
+       [SCP_FW_CONTENT_CERT] = {
+               .id = SCP_FW_CONTENT_CERT,
+               .opt = "scp-fw-cert",
                 .fn = NULL,
-               .cn = "BL3-0 Content Certificate",
-               .key = BL30_KEY,
-               .issuer = BL30_CERT,
+               .cn = "SCP Firmware Content Certificate",
+               .key = SCP_FW_CONTENT_CERT_KEY,
+               .issuer = SCP_FW_CONTENT_CERT,
                 .ext = {
-                       BL30_HASH_EXT
+                       SCP_FW_HASH_EXT
                 },
                 .num_ext = 1
         },
-       [BL31_KEY_CERT] = {
-               .id = BL31_KEY_CERT,
-               .opt = "bl31-key-cert",
+       [SOC_FW_KEY_CERT] = {
+               .id = SOC_FW_KEY_CERT,
+               .opt = "soc-fw-key-cert",
                 .fn = NULL,
-               .cn = "BL3-1 Key Certificate",
+               .cn = "SoC Firmware Key Certificate",
                 .key = TRUSTED_WORLD_KEY,
-               .issuer = BL31_KEY_CERT,
+               .issuer = SOC_FW_KEY_CERT,
                 .ext = {
-                       BL31_CONTENT_CERT_PK_EXT
+                       SOC_FW_CONTENT_CERT_PK_EXT
                 },
                 .num_ext = 1
         },
-       [BL31_CERT] = {
-               .id = BL31_CERT,
-               .opt = "bl31-cert",
+       [SOC_FW_CONTENT_CERT] = {
+               .id = SOC_FW_CONTENT_CERT,
+               .opt = "soc-fw-cert",
                 .fn = NULL,
-               .cn = "BL3-1 Content Certificate",
-               .key = BL31_KEY,
-               .issuer = BL31_CERT,
+               .cn = "SoC Firmware Content Certificate",
+               .key = SOC_FW_CONTENT_CERT_KEY,
+               .issuer = SOC_FW_CONTENT_CERT,
                 .ext = {
-                       BL31_HASH_EXT
+                       SOC_AP_FW_HASH_EXT
                 },
                 .num_ext = 1
         },
-       [BL32_KEY_CERT] = {
-               .id = BL32_KEY_CERT,
-               .opt = "bl32-key-cert",
+       [TRUSTED_OS_FW_KEY_CERT] = {
+               .id = TRUSTED_OS_FW_KEY_CERT,
+               .opt = "tos-fw-key-cert",
                 .fn = NULL,
-               .cn = "BL3-2 Key Certificate",
+               .cn = "Trusted OS Firmware Key Certificate",
                 .key = TRUSTED_WORLD_KEY,
-               .issuer = BL32_KEY_CERT,
+               .issuer = TRUSTED_OS_FW_KEY_CERT,
                 .ext = {
-                       BL32_CONTENT_CERT_PK_EXT
+                       TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
                 },
                 .num_ext = 1
         },
-       [BL32_CERT] = {
-               .id = BL32_CERT,
-               .opt = "bl32-cert",
+       [TRUSTED_OS_FW_CONTENT_CERT] = {
+               .id = TRUSTED_OS_FW_CONTENT_CERT,
+               .opt = "tos-fw-cert",
                 .fn = NULL,
-               .cn = "BL3-2 Content Certificate",
-               .key = BL32_KEY,
-               .issuer = BL32_CERT,
+               .cn = "Trusted OS Firmware Content Certificate",
+               .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+               .issuer = TRUSTED_OS_FW_CONTENT_CERT,
                 .ext = {
-                       BL32_HASH_EXT
+                       TRUSTED_OS_FW_HASH_EXT
                 },
                 .num_ext = 1
         },
-       [BL33_KEY_CERT] = {
-               .id = BL33_KEY_CERT,
-               .opt = "bl33-key-cert",
+       [NON_TRUSTED_FW_KEY_CERT] = {
+               .id = NON_TRUSTED_FW_KEY_CERT,
+               .opt = "nt-fw-key-cert",
                 .fn = NULL,
-               .cn = "BL3-3 Key Certificate",
+               .cn = "Non-Trusted Firmware Key Certificate",
                 .key = NON_TRUSTED_WORLD_KEY,
-               .issuer = BL33_KEY_CERT,
+               .issuer = NON_TRUSTED_FW_KEY_CERT,
                 .ext = {
-                       BL33_CONTENT_CERT_PK_EXT
+                       NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
                 },
                 .num_ext = 1
         },
-       [BL33_CERT] = {
-               .id = BL33_CERT,
-               .opt = "bl33-cert",
+       [NON_TRUSTED_FW_CONTENT_CERT] = {
+               .id = NON_TRUSTED_FW_CONTENT_CERT,
+               .opt = "nt-fw-cert",
                 .fn = NULL,
-               .cn = "BL3-3 Content Certificate",
-               .key = BL33_KEY,
-               .issuer = BL33_CERT,
+               .cn = "Non-Trusted Firmware Content Certificate",
+               .key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+               .issuer = NON_TRUSTED_FW_CONTENT_CERT,
                 .ext = {
-                       BL33_HASH_EXT
+                       NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
                 },
                 .num_ext = 1
         },
@@ -169,9 +169,9 @@ static cert_t tbb_certs[] = {
                 .key = ROT_KEY,
                 .issuer = FWU_CERT,
                 .ext = {
-                       SCP_BL2U_HASH_EXT,
-                       BL2U_HASH_EXT,
-                       NS_BL2U_HASH_EXT
+                       SCP_FWU_CFG_HASH_EXT,
+                       AP_FWU_CFG_HASH_EXT,
+                       FWU_HASH_EXT
                 },
                 .num_ext = 3
         }
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c

index b0af6f1a5e90a5c116b22abddfeb3e51845bc818..1400fbfdc92b859a1b95f74b482e786c0b1072fd 100644 (file)
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -42,133 +42,133 @@
  #define NORMAL_WORLD_NVCTR_VALUE       0
  
  static ext_t tbb_ext[] = {
-       [TZ_FW_NVCOUNTER_EXT] = {
-               .oid = TZ_FW_NVCOUNTER_OID,
+       [TRUSTED_FW_NVCOUNTER_EXT] = {
+               .oid = TRUSTED_FW_NVCOUNTER_OID,
                 .sn = "TrustedWorldNVCounter",
                 .ln = "Trusted World Non-Volatile counter",
                 .asn1_type = V_ASN1_INTEGER,
                 .type = EXT_TYPE_NVCOUNTER,
                 .data.nvcounter = TRUSTED_WORLD_NVCTR_VALUE
         },
-       [NTZ_FW_NVCOUNTER_EXT] = {
-               .oid = NTZ_FW_NVCOUNTER_OID,
+       [NON_TRUSTED_FW_NVCOUNTER_EXT] = {
+               .oid = NON_TRUSTED_FW_NVCOUNTER_OID,
                 .sn = "NormalWorldNVCounter",
                 .ln = "Normal World Non-Volatile counter",
                 .asn1_type = V_ASN1_INTEGER,
                 .type = EXT_TYPE_NVCOUNTER,
                 .data.nvcounter = NORMAL_WORLD_NVCTR_VALUE
         },
-       [BL2_HASH_EXT] = {
-               .oid = BL2_HASH_OID,
-               .opt = "bl2",
+       [TRUSTED_BOOT_FW_HASH_EXT] = {
+               .oid = TRUSTED_BOOT_FW_HASH_OID,
+               .opt = "tb-fw",
                 .sn = "TrustedBootFirmwareHash",
-               .ln = "Trusted Boot Firmware (BL2) hash (SHA256)",
+               .ln = "Trusted Boot Firmware hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH
         },
-       [TZ_WORLD_PK_EXT] = {
-               .oid = TZ_WORLD_PK_OID,
+       [TRUSTED_WORLD_PK_EXT] = {
+               .oid = TRUSTED_WORLD_PK_OID,
                 .sn = "TrustedWorldPublicKey",
                 .ln = "Trusted World Public Key",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_PKEY,
                 .data.key = TRUSTED_WORLD_KEY
         },
-       [NTZ_WORLD_PK_EXT] = {
-               .oid = NTZ_WORLD_PK_OID,
+       [NON_TRUSTED_WORLD_PK_EXT] = {
+               .oid = NON_TRUSTED_WORLD_PK_OID,
                 .sn = "NonTrustedWorldPublicKey",
                 .ln = "Non-Trusted World Public Key",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_PKEY,
                 .data.key = NON_TRUSTED_WORLD_KEY
         },
-       [BL30_CONTENT_CERT_PK_EXT] = {
-               .oid = BL30_CONTENT_CERT_PK_OID,
+       [SCP_FW_CONTENT_CERT_PK_EXT] = {
+               .oid = SCP_FW_CONTENT_CERT_PK_OID,
                 .sn = "SCPFirmwareContentCertPK",
                 .ln = "SCP Firmware content certificate public key",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_PKEY,
-               .data.key = BL30_KEY
+               .data.key = SCP_FW_CONTENT_CERT_KEY
         },
-       [BL30_HASH_EXT] = {
-               .oid = BL30_HASH_OID,
-               .opt = "bl30",
+       [SCP_FW_HASH_EXT] = {
+               .oid = SCP_FW_HASH_OID,
+               .opt = "scp-fw",
                 .sn = "SCPFirmwareHash",
-               .ln = "SCP Firmware (BL30) hash (SHA256)",
+               .ln = "SCP Firmware hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH
         },
-       [BL31_CONTENT_CERT_PK_EXT] = {
-               .oid = BL31_CONTENT_CERT_PK_OID,
+       [SOC_FW_CONTENT_CERT_PK_EXT] = {
+               .oid = SOC_FW_CONTENT_CERT_PK_OID,
                 .sn = "SoCFirmwareContentCertPK",
                 .ln = "SoC Firmware content certificate public key",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_PKEY,
-               .data.key = BL31_KEY
+               .data.key = SOC_FW_CONTENT_CERT_KEY
         },
-       [BL31_HASH_EXT] = {
-               .oid = BL31_HASH_OID,
-               .opt = "bl31",
+       [SOC_AP_FW_HASH_EXT] = {
+               .oid = SOC_AP_FW_HASH_OID,
+               .opt = "soc-fw",
                 .sn = "SoCAPFirmwareHash",
-               .ln = "SoC AP Firmware (BL31) hash (SHA256)",
+               .ln = "SoC AP Firmware hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH
         },
-       [BL32_CONTENT_CERT_PK_EXT] = {
-               .oid = BL32_CONTENT_CERT_PK_OID,
+       [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
+               .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
                 .sn = "TrustedOSFirmwareContentCertPK",
                 .ln = "Trusted OS Firmware content certificate public key",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_PKEY,
-               .data.key = BL32_KEY
+               .data.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
         },
-       [BL32_HASH_EXT] = {
-               .oid = BL32_HASH_OID,
-               .opt = "bl32",
+       [TRUSTED_OS_FW_HASH_EXT] = {
+               .oid = TRUSTED_OS_FW_HASH_OID,
+               .opt = "tos-fw",
                 .sn = "TrustedOSHash",
-               .ln = "Trusted OS (BL32) hash (SHA256)",
+               .ln = "Trusted OS hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH
         },
-       [BL33_CONTENT_CERT_PK_EXT] = {
-               .oid = BL33_CONTENT_CERT_PK_OID,
+       [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
+               .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
                 .sn = "NonTrustedFirmwareContentCertPK",
                 .ln = "Non-Trusted Firmware content certificate public key",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_PKEY,
-               .data.key = BL33_KEY
+               .data.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
         },
-       [BL33_HASH_EXT] = {
-               .oid = BL33_HASH_OID,
-               .opt = "bl33",
+       [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
+               .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
+               .opt = "nt-fw",
                 .sn = "NonTrustedWorldBootloaderHash",
-               .ln = "Non-Trusted World (BL33) hash (SHA256)",
+               .ln = "Non-Trusted World hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH
         },
-       [SCP_BL2U_HASH_EXT] = {
-               .oid = SCP_BL2U_HASH_OID,
-               .opt = "scp_bl2u",
+       [SCP_FWU_CFG_HASH_EXT] = {
+               .oid = SCP_FWU_CFG_HASH_OID,
+               .opt = "scp-fwu-cfg",
                 .sn = "SCPFWUpdateConfig",
-               .ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)",
+               .ln = "SCP Firmware Update Config hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH,
                 .optional = 1
         },
-       [BL2U_HASH_EXT] = {
-               .oid = BL2U_HASH_OID,
-               .opt = "bl2u",
+       [AP_FWU_CFG_HASH_EXT] = {
+               .oid = AP_FWU_CFG_HASH_OID,
+               .opt = "ap-fwu-cfg",
                 .sn = "APFWUpdateConfig",
-               .ln = "AP Firmware Update Config (BL2U) hash (SHA256)",
+               .ln = "AP Firmware Update Config hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH,
                 .optional = 1
         },
-       [NS_BL2U_HASH_EXT] = {
-               .oid = NS_BL2U_HASH_OID,
-               .opt = "ns_bl2u",
+       [FWU_HASH_EXT] = {
+               .oid = FWU_HASH_OID,
+               .opt = "fwu",
                 .sn = "FWUpdaterHash",
-               .ln = "Firmware Updater (NS_BL2U) hash (SHA256)",
+               .ln = "Firmware Updater hash (SHA256)",
                 .asn1_type = V_ASN1_OCTET_STRING,
                 .type = EXT_TYPE_HASH,
                 .optional = 1
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c

index eaaf1ff1e813ac053fc45f682b49455ef5677faf..089425a91631efa96709f6b70ad9609beb854b22 100644 (file)
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -51,25 +51,25 @@ static key_t tbb_keys[] = {
                 .opt = "non-trusted-world-key",
                 .desc = "Non Trusted World key"
         },
-       [BL30_KEY] = {
-               .id = BL30_KEY,
-               .opt = "bl30-key",
-               .desc = "BL30 key"
+       [SCP_FW_CONTENT_CERT_KEY] = {
+               .id = SCP_FW_CONTENT_CERT_KEY,
+               .opt = "scp-fw-key",
+               .desc = "SCP Firmware Content Certificate key"
         },
-       [BL31_KEY] = {
-               .id = BL31_KEY,
-               .opt = "bl31-key",
-               .desc = "BL31 key"
+       [SOC_FW_CONTENT_CERT_KEY] = {
+               .id = SOC_FW_CONTENT_CERT_KEY,
+               .opt = "soc-fw-key",
+               .desc = "SoC Firmware Content Certificate key"
         },
-       [BL32_KEY] = {
-               .id = BL32_KEY,
-               .opt = "bl32-key",
-               .desc = "BL32 key"
+       [TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
+               .id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+               .opt = "tos-fw-key",
+               .desc = "Trusted OS Firmware Content Certificate key"
         },
-       [BL33_KEY] = {
-               .id = BL33_KEY,
-               .opt = "bl33-key",
-               .desc = "BL33 key"
+       [NON_TRUSTED_FW_CONTENT_CERT_KEY] = {
+               .id = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+               .opt = "nt-fw-key",
+               .desc = "Non Trusted Firmware Content Certificate key"
         }
  };
  
diff --git a/tools/fip_create/fip_create.c b/tools/fip_create/fip_create.c

index 571318406f1444695652a63a4e1167b43a7f172c..ef533c7eb8215390b71d7839a8328e99bb7b5e02 100644 (file)
--- a/tools/fip_create/fip_create.c
+++ b/tools/fip_create/fip_create.c
@@ -78,25 +78,25 @@ static entry_lookup_list_t toc_entry_lookup_list[] = {
           "rot-cert", NULL, FLAG_FILENAME },
         { "Trusted key certificate", UUID_TRUSTED_KEY_CERT,
           "trusted-key-cert", NULL, FLAG_FILENAME},
-       { "SCP Firmware BL3-0 key certificate", UUID_SCP_FIRMWARE_BL30_KEY_CERT,
-         "bl30-key-cert", NULL, FLAG_FILENAME},
-       { "EL3 Runtime Firmware BL3-1 key certificate", UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT,
-         "bl31-key-cert", NULL, FLAG_FILENAME},
-       { "Secure Payload BL3-2 (Trusted OS) key certificate", UUID_SECURE_PAYLOAD_BL32_KEY_CERT,
-         "bl32-key-cert", NULL, FLAG_FILENAME},
-       { "Non-Trusted Firmware BL3-3 key certificate", UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT,
-         "bl33-key-cert", NULL, FLAG_FILENAME},
+       { "SCP Firmware key certificate", UUID_SCP_FW_KEY_CERT,
+         "scp-fw-key-cert", NULL, FLAG_FILENAME},
+       { "SoC Firmware key certificate", UUID_SOC_FW_KEY_CERT,
+         "soc-fw-key-cert", NULL, FLAG_FILENAME},
+       { "Trusted OS Firmware key certificate", UUID_TRUSTED_OS_FW_KEY_CERT,
+         "tos-fw-key-cert", NULL, FLAG_FILENAME},
+       { "Non-Trusted Firmware key certificate", UUID_NON_TRUSTED_FW_KEY_CERT,
+         "nt-fw-key-cert", NULL, FLAG_FILENAME},
         /* Content certificates */
-       { "Trusted Boot Firmware BL2 certificate", UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT,
-         "bl2-cert", NULL, FLAG_FILENAME },
-       { "SCP Firmware BL3-0 certificate", UUID_SCP_FIRMWARE_BL30_CERT,
-         "bl30-cert", NULL, FLAG_FILENAME},
-       { "EL3 Runtime Firmware BL3-1 certificate", UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT,
-         "bl31-cert", NULL, FLAG_FILENAME},
-       { "Secure Payload BL3-2 (Trusted OS) certificate", UUID_SECURE_PAYLOAD_BL32_CERT,
-         "bl32-cert", NULL, FLAG_FILENAME},
-       { "Non-Trusted Firmware BL3-3 certificate", UUID_NON_TRUSTED_FIRMWARE_BL33_CERT,
-         "bl33-cert", NULL, FLAG_FILENAME},
+       { "Trusted Boot Firmware BL2 certificate", UUID_TRUSTED_BOOT_FW_CERT,
+         "tb-fw-cert", NULL, FLAG_FILENAME },
+       { "SCP Firmware content certificate", UUID_SCP_FW_CONTENT_CERT,
+         "scp-fw-cert", NULL, FLAG_FILENAME},
+       { "SoC Firmware content certificate", UUID_SOC_FW_CONTENT_CERT,
+         "soc-fw-cert", NULL, FLAG_FILENAME},
+       { "Trusted OS Firmware content certificate", UUID_TRUSTED_OS_FW_CONTENT_CERT,
+         "tos-fw-cert", NULL, FLAG_FILENAME},
+       { "Non-Trusted Firmware content certificate", UUID_NON_TRUSTED_FW_CONTENT_CERT,
+         "nt-fw-cert", NULL, FLAG_FILENAME},
         { NULL, {0}, 0 }
  };
author	Juan Castillo <juan.castillo@arm.com>
	Thu, 3 Dec 2015 10:19:21 +0000 (10:19 +0000)
committer	Juan Castillo <juan.castillo@arm.com>
	Mon, 14 Dec 2015 12:29:44 +0000 (12:29 +0000)
docs/auth-framework.md		patch \| blob \| history
docs/porting-guide.md		patch \| blob \| history
drivers/auth/tbbr/tbbr_cot.c		patch \| blob \| history
include/common/firmware_image_package.h		patch \| blob \| history
include/common/tbbr/tbbr_img_def.h		patch \| blob \| history
include/plat/arm/board/common/board_arm_oid.h		patch \| blob \| history
make_helpers/tbbr/tbbr_tools.mk		patch \| blob \| history
plat/arm/board/fvp/fvp_io_storage.c		patch \| blob \| history
plat/arm/common/arm_io_storage.c		patch \| blob \| history
tools/cert_create/include/tbbr/tbb_cert.h		patch \| blob \| history
tools/cert_create/include/tbbr/tbb_ext.h		patch \| blob \| history
tools/cert_create/include/tbbr/tbb_key.h		patch \| blob \| history
tools/cert_create/src/main.c		patch \| blob \| history
tools/cert_create/src/tbbr/tbb_cert.c		patch \| blob \| history
tools/cert_create/src/tbbr/tbb_ext.c		patch \| blob \| history
tools/cert_create/src/tbbr/tbb_key.c		patch \| blob \| history
tools/fip_create/fip_create.c		patch \| blob \| history