BL32 image for the ``fip`` target. In this case, the BL32 in the ARM
Trusted Firmware will not be built.
+- ``BL32_EXTRA1``: This is an optional build option which specifies the path to
+ Trusted OS Extra1 image for the ``fip`` target.
+
+- ``BL32_EXTRA2``: This is an optional build option which specifies the path to
+ Trusted OS Extra2 image for the ``fip`` target.
+
- ``BL32_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the
file that contains the BL32 private key in PEM format. If ``SAVE_KEYS=1``,
this file name will be used to save the key.
static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
+static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
+static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
static unsigned char trusted_world_pk_buf[PK_DER_LEN];
static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
+static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
+static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
.ptr = (void *)tos_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
+ },
+ [1] = {
+ .type_desc = &tos_fw_extra1_hash,
+ .data = {
+ .ptr = (void *)tos_fw_extra1_hash_buf,
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [2] = {
+ .type_desc = &tos_fw_extra2_hash,
+ .data = {
+ .ptr = (void *)tos_fw_extra2_hash_buf,
+ .len = (unsigned int)HASH_DER_LEN
+ }
}
}
},
}
}
},
+ [BL32_EXTRA1_IMAGE_ID] = {
+ .img_id = BL32_EXTRA1_IMAGE_ID,
+ .img_type = IMG_RAW,
+ .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
+ .img_auth_methods = {
+ [0] = {
+ .type = AUTH_METHOD_HASH,
+ .param.hash = {
+ .data = &raw_data,
+ .hash = &tos_fw_extra1_hash,
+ }
+ }
+ }
+ },
+ [BL32_EXTRA2_IMAGE_ID] = {
+ .img_id = BL32_EXTRA2_IMAGE_ID,
+ .img_type = IMG_RAW,
+ .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
+ .img_auth_methods = {
+ [0] = {
+ .type = AUTH_METHOD_HASH,
+ .param.hash = {
+ .data = &raw_data,
+ .hash = &tos_fw_extra2_hash,
+ }
+ }
+ }
+ },
/*
* Non-Trusted Firmware
*/
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/* Non-Trusted FWU Firmware NS_BL2U */
#define NS_BL2U_IMAGE_ID 20
+/* Secure Payload BL32_EXTRA1 (Trusted OS Extra1) */
+#define BL32_EXTRA1_IMAGE_ID 21
+
+/* Secure Payload BL32_EXTRA2 (Trusted OS Extra2) */
+#define BL32_EXTRA2_IMAGE_ID 22
+
#endif /* __TBBR_IMG_DEF_H__ */
/*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
{0x6d08d447, 0xfe4c, 0x4698, 0x9b, 0x95, {0x29, 0x50, 0xcb, 0xbd, 0x5a, 0x00} }
#define UUID_SECURE_PAYLOAD_BL32 \
{0x89e1d005, 0xdc53, 0x4713, 0x8d, 0x2b, {0x50, 0x0a, 0x4b, 0x7a, 0x3e, 0x38} }
+#define UUID_SECURE_PAYLOAD_BL32_EXTRA1 \
+ {0x9bc2700b, 0x5a2a, 0x4078, 0x9f, 0x65, {0x0a, 0x56, 0x82, 0x73, 0x82, 0x88} }
+#define UUID_SECURE_PAYLOAD_BL32_EXTRA2 \
+ {0xb17ba88e, 0xa2cf, 0x4d3f, 0x85, 0xfd, {0xe7, 0xbb, 0xa5, 0x02, 0x20, 0xd9} }
#define UUID_NON_TRUSTED_FIRMWARE_BL33 \
{0xa7eed0d6, 0xeafc, 0x4bd5, 0x97, 0x82, {0x99, 0x34, 0xf2, 0x34, 0xb6, 0xe4} }
/* Key certificates */
/* TrustedOSFirmwareHash - BL32 */
#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001"
+/* TrustedOSExtra1FirmwareHash - BL32 Extra1 */
+#define TRUSTED_OS_FW_EXTRA1_HASH_OID "1.3.6.1.4.1.4128.2100.1002"
+/* TrustedOSExtra2FirmwareHash - BL32 Extra2 */
+#define TRUSTED_OS_FW_EXTRA2_HASH_OID "1.3.6.1.4.1.4128.2100.1003"
/*
#
-# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tos_fw_key.crt,--tos-fw-key-cert))
$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tos_fw_content.crt,--tos-fw-cert))
$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tos_fw_key.crt,--tos-fw-key-cert))
+ifneq (${BL32_EXTRA1},)
+ $(eval $(call CERT_ADD_CMD_OPT,${BL32_EXTRA1},--tos-fw-extra1,true))
+endif
+ifneq (${BL32_EXTRA2},)
+ $(eval $(call CERT_ADD_CMD_OPT,${BL32_EXTRA2},--tos-fw-extra2,true))
+endif
endif
# Add the BL33 CoT (key cert + img cert + image)
# speed.
$(eval $(call add_define,MBEDTLS_SHA256_SMALLER))
+# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images
+# in the FIP if the platform requires.
+ifneq ($(BL32_EXTRA1),)
+$(eval $(call FIP_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1))
+endif
+ifneq ($(BL32_EXTRA2),)
+$(eval $(call FIP_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2))
+endif
+
# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms
ENABLE_PSCI_STAT := 1
ENABLE_PMF := 1
/*
- * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
.uuid = UUID_SECURE_PAYLOAD_BL32,
};
+static const io_uuid_spec_t bl32_extra1_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
+};
+
+static const io_uuid_spec_t bl32_extra2_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+};
+
static const io_uuid_spec_t bl33_uuid_spec = {
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
};
(uintptr_t)&bl32_uuid_spec,
open_fip
},
+ [BL32_EXTRA1_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl32_extra1_uuid_spec,
+ open_fip
+ },
+ [BL32_EXTRA2_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl32_extra2_uuid_spec,
+ open_fip
+ },
[BL33_IMAGE_ID] = {
&fip_dev_handle,
(uintptr_t)&bl33_uuid_spec,
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
SOC_AP_FW_HASH_EXT,
TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
TRUSTED_OS_FW_HASH_EXT,
+ TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+ TRUSTED_OS_FW_EXTRA2_HASH_EXT,
NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
SCP_FWU_CFG_HASH_EXT,
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
.issuer = TRUSTED_OS_FW_CONTENT_CERT,
.ext = {
TRUSTED_FW_NVCOUNTER_EXT,
- TRUSTED_OS_FW_HASH_EXT
+ TRUSTED_OS_FW_HASH_EXT,
+ TRUSTED_OS_FW_EXTRA1_HASH_EXT,
+ TRUSTED_OS_FW_EXTRA2_HASH_EXT
},
- .num_ext = 2
+ .num_ext = 4
},
[NON_TRUSTED_FW_KEY_CERT] = {
.id = NON_TRUSTED_FW_KEY_CERT,
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
+ [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
+ .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
+ .opt = "tos-fw-extra1",
+ .help_msg = "Trusted OS Extra1 image file",
+ .sn = "TrustedOSExtra1Hash",
+ .ln = "Trusted OS Extra1 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
+ .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
+ .opt = "tos-fw-extra2",
+ .help_msg = "Trusted OS Extra2 image file",
+ .sn = "TrustedOSExtra2Hash",
+ .ln = "Trusted OS Extra2 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
.sn = "NonTrustedFirmwareContentCertPK",
--scp-fw FILENAME SCP Firmware SCP_BL2
--soc-fw FILENAME EL3 Runtime Firmware BL31
--tos-fw FILENAME Secure Payload BL32 (Trusted OS)
+ --tos-fw-extra1 FILENAME Secure Payload BL32 Extra1 (Trusted OS Extra1)
+ --tos-fw-extra2 FILENAME Secure Payload BL32 Extra2 (Trusted OS Extra2)
--nt-fw FILENAME Non-Trusted Firmware BL33
--rot-cert FILENAME Root Of Trust key certificate
--trusted-key-cert FILENAME Trusted key certificate
--scp-fw | \
--soc-fw | \
--tos-fw | \
+ --tos-fw-extra1 | \
+ --tos-fw-extra2 | \
--nt-fw | \
--rot-cert | \
--trusted-key-cert | \
.uuid = UUID_SECURE_PAYLOAD_BL32,
.cmdline_name = "tos-fw"
},
+ {
+ .name = "Secure Payload BL32 Extra1 (Trusted OS Extra1)",
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
+ .cmdline_name = "tos-fw-extra1"
+ },
+ {
+ .name = "Secure Payload BL32 Extra2 (Trusted OS Extra2)",
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+ .cmdline_name = "tos-fw-extra2"
+ },
{
.name = "Non-Trusted Firmware BL33",
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
projects / project / bcm63xx / atf.git / commitdiff