$(eval $(call assert_boolean,SPIN_ON_BL1_EXIT))
$(eval $(call assert_boolean,TRUSTED_BOARD_BOOT))
$(eval $(call assert_boolean,USE_COHERENT_MEM))
+$(eval $(call assert_boolean,USE_TBBR_DEFS))
$(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call add_define,SPIN_ON_BL1_EXIT))
$(eval $(call add_define,TRUSTED_BOARD_BOOT))
$(eval $(call add_define,USE_COHERENT_MEM))
+$(eval $(call add_define,USE_TBBR_DEFS))
$(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY))
# Define the EL3_PAYLOAD_BASE flag only if it is provided.
.PHONY: ${CRTTOOL}
${CRTTOOL}:
- ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH}
+ ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
make PLAT=<platform> [DEBUG=1] [V=1] certtool
-Specifying the platform is mandatory since the tool is platform specific.
+For platforms that do not require their own IDs in certificate files,
+the generic 'cert_create' tool can be built with the following command:
+
+ make USE_TBBR_DEFS=1 [DEBUG=1] [V=1] certtool
+
`DEBUG=1` builds the tool in debug mode. `V=1` makes the build process more
verbose. The following command should be used to obtain help about the tool:
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <auth_mod.h>
#include <platform_def.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
#include <platform_oid.h>
+#endif
#include <stddef.h>
/*
+++ /dev/null
-/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef __BOARD_ARM_OID_H__
-#define __BOARD_ARM_OID_H__
-
-/*
- * The following is a list of OID values defined and reserved by ARM, which
- * are used to define the extension fields of the certificate structure, as
- * defined in the Trusted Board Boot Requirements (TBBR) specification,
- * ARM DEN0006C-1.
- *
- * Non-ARM platform owners that wish to align with the TBBR should define
- * constants with the same name in their own platform port(s), using their
- * own OIDs obtained from the ITU-T.
- */
-
-
-/* TrustedFirmwareNVCounter - Non-volatile counter extension */
-#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1"
-/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */
-#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2"
-
-
-/*
- * Non-Trusted Firmware Updater Certificate
- */
-
-/* APFirmwareUpdaterConfigHash - BL2U */
-#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101"
-/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */
-#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102"
-/* FirmwareUpdaterHash - NS_BL2U */
-#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103"
-/* TrustedWatchdogRefreshTime */
-#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104"
-
-
-/*
- * Trusted Boot Firmware Certificate
- */
-
-/* TrustedBootFirmwareHash - BL2 */
-#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201"
-
-
-/*
- * Trusted Key Certificate
- */
-
-/* PrimaryDebugCertificatePK */
-#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301"
-/* TrustedWorldPK */
-#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302"
-/* NonTrustedWorldPK */
-#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303"
-
-
-/*
- * Trusted Debug Certificate
- */
-
-/* DebugScenario */
-#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401"
-/* SoC Specific */
-#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402"
-/* SecondaryDebugCertPK */
-#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403"
-
-
-/*
- * SoC Firmware Key Certificate
- */
-
-/* SoCFirmwareContentCertPK */
-#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501"
-
-
-/*
- * SoC Firmware Content Certificate
- */
-
-/* APRomPatchHash - BL1_PATCH */
-#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601"
-/* SoCConfigHash */
-#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602"
-/* SoCAPFirmwareHash - BL31 */
-#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603"
-
-
-/*
- * SCP Firmware Key Certificate
- */
-
-/* SCPFirmwareContentCertPK */
-#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701"
-
-
-/*
- * SCP Firmware Content Certificate
- */
-
-/* SCPFirmwareHash - SCP_BL2 */
-#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801"
-/* SCPRomPatchHash - SCP_BL1_PATCH */
-#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802"
-
-
-/*
- * Trusted OS Firmware Key Certificate
- */
-
-/* TrustedOSFirmwareContentCertPK */
-#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901"
-
-
-/*
- * Trusted OS Firmware Content Certificate
- */
-
-/* TrustedOSFirmwareHash - BL32 */
-#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001"
-
-
-/*
- * Non-Trusted Firmware Key Certificate
- */
-
-/* NonTrustedFirmwareContentCertPK */
-#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101"
-
-
-/*
- * Non-Trusted Firmware Content Certificate
- */
-
-/* NonTrustedWorldBootloaderHash - BL33 */
-#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201"
-
-#endif /* __BOARD_ARM_OID_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __TBBR_OID_H__
+#define __TBBR_OID_H__
+
+/*
+ * The following is a list of OID values defined and reserved by ARM, which
+ * are used to define the extension fields of the certificate structure, as
+ * defined in the Trusted Board Boot Requirements (TBBR) specification,
+ * ARM DEN0006C-1.
+ */
+
+
+/* TrustedFirmwareNVCounter - Non-volatile counter extension */
+#define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1"
+/* NonTrustedFirmwareNVCounter - Non-volatile counter extension */
+#define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2"
+
+
+/*
+ * Non-Trusted Firmware Updater Certificate
+ */
+
+/* APFirmwareUpdaterConfigHash - BL2U */
+#define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101"
+/* SCPFirmwareUpdaterConfigHash - SCP_BL2U */
+#define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102"
+/* FirmwareUpdaterHash - NS_BL2U */
+#define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103"
+/* TrustedWatchdogRefreshTime */
+#define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104"
+
+
+/*
+ * Trusted Boot Firmware Certificate
+ */
+
+/* TrustedBootFirmwareHash - BL2 */
+#define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201"
+
+
+/*
+ * Trusted Key Certificate
+ */
+
+/* PrimaryDebugCertificatePK */
+#define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301"
+/* TrustedWorldPK */
+#define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302"
+/* NonTrustedWorldPK */
+#define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303"
+
+
+/*
+ * Trusted Debug Certificate
+ */
+
+/* DebugScenario */
+#define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401"
+/* SoC Specific */
+#define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402"
+/* SecondaryDebugCertPK */
+#define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403"
+
+
+/*
+ * SoC Firmware Key Certificate
+ */
+
+/* SoCFirmwareContentCertPK */
+#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501"
+
+
+/*
+ * SoC Firmware Content Certificate
+ */
+
+/* APRomPatchHash - BL1_PATCH */
+#define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601"
+/* SoCConfigHash */
+#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602"
+/* SoCAPFirmwareHash - BL31 */
+#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603"
+
+
+/*
+ * SCP Firmware Key Certificate
+ */
+
+/* SCPFirmwareContentCertPK */
+#define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701"
+
+
+/*
+ * SCP Firmware Content Certificate
+ */
+
+/* SCPFirmwareHash - SCP_BL2 */
+#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801"
+/* SCPRomPatchHash - SCP_BL1_PATCH */
+#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802"
+
+
+/*
+ * Trusted OS Firmware Key Certificate
+ */
+
+/* TrustedOSFirmwareContentCertPK */
+#define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901"
+
+
+/*
+ * Trusted OS Firmware Content Certificate
+ */
+
+/* TrustedOSFirmwareHash - BL32 */
+#define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001"
+
+
+/*
+ * Non-Trusted Firmware Key Certificate
+ */
+
+/* NonTrustedFirmwareContentCertPK */
+#define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101"
+
+
+/*
+ * Non-Trusted Firmware Content Certificate
+ */
+
+/* NonTrustedWorldBootloaderHash - BL33 */
+#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201"
+
+#endif /* __TBBR_OID_H__ */
# Build option to choose whether Trusted firmware uses Coherent memory or not.
USE_COHERENT_MEM := 1
+# Use tbbr_oid.h instead of platform_oid.h
+USE_TBBR_DEFS = $(ERROR_DEPRECATED)
+
# Build verbosity
V := 0
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include "../../../../../include/plat/arm/board/common/board_arm_oid.h"
+#include <tbbr_oid.h>
/*
* Required platform OIDs
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include "../../../../../include/plat/arm/board/common/board_arm_oid.h"
+#include <tbbr_oid.h>
/*
* Required platform OIDs
/*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <auth/auth_mod.h>
#include <platform.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
#include <platform_oid.h>
+#endif
#include <string.h>
/*
#
-# Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+ifeq (${USE_TBBR_DEFS},1)
+# In this case, cert_tool is platform-independent
+PLAT_MSG := TBBR Generic
+PLAT_INCLUDE := ../../include/tools_share
+else
+PLAT_MSG := ${PLAT}
+
PLATFORM_ROOT := ../../plat/
include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
ifeq ($(PLAT_INCLUDE),)
$(error "Error: Invalid platform '${PLAT}' has no include directory.")
endif
+endif
ifeq (${DEBUG},1)
CFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40
Q :=
endif
+$(eval $(call add_define,USE_TBBR_DEFS))
+CFLAGS += ${DEFINES}
+
# Make soft links and include from local directory otherwise wrong headers
# could get pulled in from firmware tree.
INC_DIR := -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
${BINARY}: ${OBJECTS} Makefile
@echo " LD $@"
@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
- const char platform_msg[] = "${PLAT}";' | \
+ const char platform_msg[] = "${PLAT_MSG}";' | \
${CC} -c ${CFLAGS} -xc - -o src/build_msg.o
${Q}${CC} src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <openssl/sha.h>
#include <openssl/x509v3.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
#include "cert.h"
#include "cmd_opt.h"
#include "debug.h"
#include "key.h"
-#include "platform_oid.h"
#include "sha.h"
#define SERIAL_RAND_BITS 64
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <openssl/evp.h>
#include <openssl/pem.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
#include "cert.h"
#include "cmd_opt.h"
#include "debug.h"
#include "key.h"
-#include "platform_oid.h"
#include "sha.h"
#define MAX_FILENAME_LEN 1024
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <openssl/sha.h>
#include <openssl/x509v3.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
#include "cert.h"
#include "cmd_opt.h"
#include "debug.h"
#include "ext.h"
#include "key.h"
-#include "platform_oid.h"
#include "sha.h"
#include "tbbr/tbb_ext.h"
#include "tbbr/tbb_cert.h"
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <string.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
#include "ext.h"
-#include "platform_oid.h"
#include "tbbr/tbb_ext.h"
#include "tbbr/tbb_key.h"