From e24659df354c31626f78f4d46d453e14959a9953 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Tue, 7 Nov 2017 16:50:31 +0000 Subject: [PATCH] Dynamic cfg: Update the tools This patch updates the `fiptool` and `cert_create` for the `hw_config` and `tb_fw_config` dynamic configuration files. The necessary UUIDs and OIDs are assigned to these files and the `cert_create` is updated to generate appropriate hashes and include them in the "Trusted Boot FW Certificate". The `fiptool` is updated to allow the configs to be specified via cmdline and included in the generated FIP. Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15 Signed-off-by: Soby Mathew --- include/tools_share/firmware_image_package.h | 7 ++++++- include/tools_share/tbbr_oid.h | 5 +++-- tools/cert_create/include/tbbr/tbb_ext.h | 4 +++- tools/cert_create/src/tbbr/tbb_cert.c | 8 ++++--- tools/cert_create/src/tbbr/tbb_ext.c | 22 +++++++++++++++++++- tools/fiptool/tbbr_config.c | 14 +++++++++++-- 6 files changed, 50 insertions(+), 10 deletions(-) diff --git a/include/tools_share/firmware_image_package.h b/include/tools_share/firmware_image_package.h index c39e6f02..b7fac07f 100644 --- a/include/tools_share/firmware_image_package.h +++ b/include/tools_share/firmware_image_package.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -63,6 +63,11 @@ {0x11449fa4, 0x635e, 0x11e4, 0x87, 0x28, {0x3f, 0x05, 0x72, 0x2a, 0xf3, 0x3d} } #define UUID_NON_TRUSTED_FW_CONTENT_CERT \ {0xf3c1c48e, 0x635d, 0x11e4, 0xa7, 0xa9, {0x87, 0xee, 0x40, 0xb2, 0x3f, 0xa7} } +/* Dynamic configs */ +#define UUID_HW_CONFIG \ + {0xd9f1b808, 0xcfc9, 0x4993, 0xa9, 0x62, {0x6f, 0xbc, 0x6b, 0x72, 0x65, 0xcc} } +#define UUID_TB_FW_CONFIG \ + {0xff58046c, 0x6baf, 0x4f7d, 0x82, 0xed, {0xaa, 0x27, 0xbc, 0x69, 0xbf, 0xd2} } typedef struct fip_toc_header { uint32_t name; diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h index e57790c6..18ddbdc2 100644 --- a/include/tools_share/tbbr_oid.h +++ b/include/tools_share/tbbr_oid.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -41,7 +41,8 @@ /* TrustedBootFirmwareHash - BL2 */ #define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" - +#define TRUSTED_BOOT_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.202" +#define HW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.203" /* * Trusted Key Certificate diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h index 85ad3595..5b427d35 100644 --- a/tools/cert_create/include/tbbr/tbb_ext.h +++ b/tools/cert_create/include/tbbr/tbb_ext.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,6 +13,8 @@ enum { TRUSTED_FW_NVCOUNTER_EXT, NON_TRUSTED_FW_NVCOUNTER_EXT, TRUSTED_BOOT_FW_HASH_EXT, + TRUSTED_BOOT_FW_CONFIG_HASH_EXT, + HW_CONFIG_HASH_EXT, TRUSTED_WORLD_PK_EXT, NON_TRUSTED_WORLD_PK_EXT, SCP_FW_CONTENT_CERT_PK_EXT, diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c index c815178c..325b4622 100644 --- a/tools/cert_create/src/tbbr/tbb_cert.c +++ b/tools/cert_create/src/tbbr/tbb_cert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -26,9 +26,11 @@ static cert_t tbb_certs[] = { .issuer = TRUSTED_BOOT_FW_CERT, .ext = { TRUSTED_FW_NVCOUNTER_EXT, - TRUSTED_BOOT_FW_HASH_EXT + TRUSTED_BOOT_FW_HASH_EXT, + TRUSTED_BOOT_FW_CONFIG_HASH_EXT, + HW_CONFIG_HASH_EXT }, - .num_ext = 2 + .num_ext = 4 }, [TRUSTED_KEY_CERT] = { .id = TRUSTED_KEY_CERT, diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index 504b0fc0..5f2cec19 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -53,6 +53,26 @@ static ext_t tbb_ext[] = { .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, + [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { + .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, + .opt = "tb-fw-config", + .help_msg = "Trusted Boot Firmware Config file", + .sn = "TrustedBootFirmwareConfigHash", + .ln = "Trusted Boot Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, + [HW_CONFIG_HASH_EXT] = { + .oid = HW_CONFIG_HASH_OID, + .opt = "hw-config", + .help_msg = "HW Config file", + .sn = "HWConfigHash", + .ln = "HW Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [TRUSTED_WORLD_PK_EXT] = { .oid = TRUSTED_WORLD_PK_OID, .sn = "TrustedWorldPublicKey", diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c index 827cab28..2c0adcd2 100644 --- a/tools/fiptool/tbbr_config.c +++ b/tools/fiptool/tbbr_config.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -67,7 +67,17 @@ toc_entry_t toc_entries[] = { .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33, .cmdline_name = "nt-fw" }, - + /* Dynamic Configs */ + { + .name = "HW_CONFIG", + .uuid = UUID_HW_CONFIG, + .cmdline_name = "hw-config" + }, + { + .name = "TB_FW_CONFIG", + .uuid = UUID_TB_FW_CONFIG, + .cmdline_name = "tb-fw-config" + }, /* Key Certificates */ { .name = "Root Of Trust key certificate", -- 2.30.2