1 /* 2 * Copyright (c) 2020, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <dualroot_oid.h> 8 9 #include "cert.h" 10 #include "ext.h" 11 #include "key.h" 12 13 #include "dualroot/cot.h" 14 15 /* 16 * Certificates used in the chain of trust. 17 * 18 * All certificates are self-signed so the issuer certificate field points to 19 * itself. 20 */ 21 static cert_t cot_certs[] = { 22 [TRUSTED_BOOT_FW_CERT] = { 23 .id = TRUSTED_BOOT_FW_CERT, 24 .opt = "tb-fw-cert", 25 .help_msg = "Trusted Boot FW Certificate (output file)", 26 .cn = "Trusted Boot FW Certificate", 27 .key = ROT_KEY, 28 .issuer = TRUSTED_BOOT_FW_CERT, 29 .ext = { 30 TRUSTED_FW_NVCOUNTER_EXT, 31 TRUSTED_BOOT_FW_HASH_EXT, 32 TRUSTED_BOOT_FW_CONFIG_HASH_EXT, 33 HW_CONFIG_HASH_EXT, 34 FW_CONFIG_HASH_EXT 35 }, 36 .num_ext = 5 37 }, 38 39 [TRUSTED_KEY_CERT] = { 40 .id = TRUSTED_KEY_CERT, 41 .opt = "trusted-key-cert", 42 .help_msg = "Trusted Key Certificate (output file)", 43 .cn = "Trusted Key Certificate", 44 .key = ROT_KEY, 45 .issuer = TRUSTED_KEY_CERT, 46 .ext = { 47 TRUSTED_FW_NVCOUNTER_EXT, 48 TRUSTED_WORLD_PK_EXT, 49 }, 50 .num_ext = 2 51 }, 52 53 [SCP_FW_KEY_CERT] = { 54 .id = SCP_FW_KEY_CERT, 55 .opt = "scp-fw-key-cert", 56 .help_msg = "SCP Firmware Key Certificate (output file)", 57 .cn = "SCP Firmware Key Certificate", 58 .key = TRUSTED_WORLD_KEY, 59 .issuer = SCP_FW_KEY_CERT, 60 .ext = { 61 TRUSTED_FW_NVCOUNTER_EXT, 62 SCP_FW_CONTENT_CERT_PK_EXT 63 }, 64 .num_ext = 2 65 }, 66 67 [SCP_FW_CONTENT_CERT] = { 68 .id = SCP_FW_CONTENT_CERT, 69 .opt = "scp-fw-cert", 70 .help_msg = "SCP Firmware Content Certificate (output file)", 71 .cn = "SCP Firmware Content Certificate", 72 .key = SCP_FW_CONTENT_CERT_KEY, 73 .issuer = SCP_FW_CONTENT_CERT, 74 .ext = { 75 TRUSTED_FW_NVCOUNTER_EXT, 76 SCP_FW_HASH_EXT 77 }, 78 .num_ext = 2 79 }, 80 81 [SOC_FW_KEY_CERT] = { 82 .id = SOC_FW_KEY_CERT, 83 .opt = "soc-fw-key-cert", 84 .help_msg = "SoC Firmware Key Certificate (output file)", 85 .cn = "SoC Firmware Key Certificate", 86 .key = TRUSTED_WORLD_KEY, 87 .issuer = SOC_FW_KEY_CERT, 88 .ext = { 89 TRUSTED_FW_NVCOUNTER_EXT, 90 SOC_FW_CONTENT_CERT_PK_EXT 91 }, 92 .num_ext = 2 93 }, 94 95 [SOC_FW_CONTENT_CERT] = { 96 .id = SOC_FW_CONTENT_CERT, 97 .opt = "soc-fw-cert", 98 .help_msg = "SoC Firmware Content Certificate (output file)", 99 .cn = "SoC Firmware Content Certificate", 100 .key = SOC_FW_CONTENT_CERT_KEY, 101 .issuer = SOC_FW_CONTENT_CERT, 102 .ext = { 103 TRUSTED_FW_NVCOUNTER_EXT, 104 SOC_AP_FW_HASH_EXT, 105 SOC_FW_CONFIG_HASH_EXT, 106 }, 107 .num_ext = 3 108 }, 109 110 [TRUSTED_OS_FW_KEY_CERT] = { 111 .id = TRUSTED_OS_FW_KEY_CERT, 112 .opt = "tos-fw-key-cert", 113 .help_msg = "Trusted OS Firmware Key Certificate (output file)", 114 .cn = "Trusted OS Firmware Key Certificate", 115 .key = TRUSTED_WORLD_KEY, 116 .issuer = TRUSTED_OS_FW_KEY_CERT, 117 .ext = { 118 TRUSTED_FW_NVCOUNTER_EXT, 119 TRUSTED_OS_FW_CONTENT_CERT_PK_EXT 120 }, 121 .num_ext = 2 122 }, 123 124 [TRUSTED_OS_FW_CONTENT_CERT] = { 125 .id = TRUSTED_OS_FW_CONTENT_CERT, 126 .opt = "tos-fw-cert", 127 .help_msg = "Trusted OS Firmware Content Certificate (output file)", 128 .cn = "Trusted OS Firmware Content Certificate", 129 .key = TRUSTED_OS_FW_CONTENT_CERT_KEY, 130 .issuer = TRUSTED_OS_FW_CONTENT_CERT, 131 .ext = { 132 TRUSTED_FW_NVCOUNTER_EXT, 133 TRUSTED_OS_FW_HASH_EXT, 134 TRUSTED_OS_FW_EXTRA1_HASH_EXT, 135 TRUSTED_OS_FW_EXTRA2_HASH_EXT, 136 TRUSTED_OS_FW_CONFIG_HASH_EXT, 137 }, 138 .num_ext = 5 139 }, 140 141 [SIP_SECURE_PARTITION_CONTENT_CERT] = { 142 .id = SIP_SECURE_PARTITION_CONTENT_CERT, 143 .opt = "sip-sp-cert", 144 .help_msg = "SiP owned Secure Partition Content Certificate (output file)", 145 .fn = NULL, 146 .cn = "SiP owned Secure Partition Content Certificate", 147 .key = TRUSTED_WORLD_KEY, 148 .issuer = SIP_SECURE_PARTITION_CONTENT_CERT, 149 .ext = { 150 TRUSTED_FW_NVCOUNTER_EXT, 151 SP_PKG1_HASH_EXT, 152 SP_PKG2_HASH_EXT, 153 SP_PKG3_HASH_EXT, 154 SP_PKG4_HASH_EXT, 155 }, 156 .num_ext = 5 157 }, 158 159 [PLAT_SECURE_PARTITION_CONTENT_CERT] = { 160 .id = PLAT_SECURE_PARTITION_CONTENT_CERT, 161 .opt = "plat-sp-cert", 162 .help_msg = "Platform owned Secure Partition Content Certificate (output file)", 163 .fn = NULL, 164 .cn = "Platform owned Secure Partition Content Certificate", 165 .key = PROT_KEY, 166 .issuer = PLAT_SECURE_PARTITION_CONTENT_CERT, 167 .ext = { 168 NON_TRUSTED_FW_NVCOUNTER_EXT, 169 SP_PKG5_HASH_EXT, 170 SP_PKG6_HASH_EXT, 171 SP_PKG7_HASH_EXT, 172 SP_PKG8_HASH_EXT, 173 PROT_PK_EXT, 174 }, 175 .num_ext = 6 176 }, 177 178 [FWU_CERT] = { 179 .id = FWU_CERT, 180 .opt = "fwu-cert", 181 .help_msg = "Firmware Update Certificate (output file)", 182 .cn = "Firmware Update Certificate", 183 .key = ROT_KEY, 184 .issuer = FWU_CERT, 185 .ext = { 186 SCP_FWU_CFG_HASH_EXT, 187 AP_FWU_CFG_HASH_EXT, 188 FWU_HASH_EXT 189 }, 190 .num_ext = 3 191 }, 192 193 [NON_TRUSTED_FW_CONTENT_CERT] = { 194 .id = NON_TRUSTED_FW_CONTENT_CERT, 195 .opt = "nt-fw-cert", 196 .help_msg = "Non-Trusted Firmware Content Certificate (output file)", 197 .cn = "Non-Trusted Firmware Content Certificate", 198 .key = PROT_KEY, 199 .issuer = NON_TRUSTED_FW_CONTENT_CERT, 200 .ext = { 201 NON_TRUSTED_FW_NVCOUNTER_EXT, 202 NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, 203 NON_TRUSTED_FW_CONFIG_HASH_EXT, 204 PROT_PK_EXT, 205 }, 206 .num_ext = 4 207 }, 208 }; 209 210 REGISTER_COT(cot_certs); 211 212 213 /* Certificate extensions. */ 214 static ext_t cot_ext[] = { 215 [TRUSTED_FW_NVCOUNTER_EXT] = { 216 .oid = TRUSTED_FW_NVCOUNTER_OID, 217 .opt = "tfw-nvctr", 218 .help_msg = "Trusted Firmware Non-Volatile counter value", 219 .sn = "TrustedWorldNVCounter", 220 .ln = "Trusted World Non-Volatile counter", 221 .asn1_type = V_ASN1_INTEGER, 222 .type = EXT_TYPE_NVCOUNTER, 223 .attr.nvctr_type = NVCTR_TYPE_TFW 224 }, 225 226 [TRUSTED_BOOT_FW_HASH_EXT] = { 227 .oid = TRUSTED_BOOT_FW_HASH_OID, 228 .opt = "tb-fw", 229 .help_msg = "Trusted Boot Firmware image file", 230 .sn = "TrustedBootFirmwareHash", 231 .ln = "Trusted Boot Firmware hash (SHA256)", 232 .asn1_type = V_ASN1_OCTET_STRING, 233 .type = EXT_TYPE_HASH 234 }, 235 236 [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { 237 .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, 238 .opt = "tb-fw-config", 239 .help_msg = "Trusted Boot Firmware Config file", 240 .sn = "TrustedBootFirmwareConfigHash", 241 .ln = "Trusted Boot Firmware Config hash", 242 .asn1_type = V_ASN1_OCTET_STRING, 243 .type = EXT_TYPE_HASH, 244 .optional = 1 245 }, 246 247 [HW_CONFIG_HASH_EXT] = { 248 .oid = HW_CONFIG_HASH_OID, 249 .opt = "hw-config", 250 .help_msg = "HW Config file", 251 .sn = "HWConfigHash", 252 .ln = "HW Config hash", 253 .asn1_type = V_ASN1_OCTET_STRING, 254 .type = EXT_TYPE_HASH, 255 .optional = 1 256 }, 257 258 [FW_CONFIG_HASH_EXT] = { 259 .oid = FW_CONFIG_HASH_OID, 260 .opt = "fw-config", 261 .help_msg = "Firmware Config file", 262 .sn = "FirmwareConfigHash", 263 .ln = "Firmware Config hash", 264 .asn1_type = V_ASN1_OCTET_STRING, 265 .type = EXT_TYPE_HASH, 266 .optional = 1 267 }, 268 269 [TRUSTED_WORLD_PK_EXT] = { 270 .oid = TRUSTED_WORLD_PK_OID, 271 .sn = "TrustedWorldPublicKey", 272 .ln = "Trusted World Public Key", 273 .asn1_type = V_ASN1_OCTET_STRING, 274 .type = EXT_TYPE_PKEY, 275 .attr.key = TRUSTED_WORLD_KEY 276 }, 277 278 [SCP_FW_CONTENT_CERT_PK_EXT] = { 279 .oid = SCP_FW_CONTENT_CERT_PK_OID, 280 .sn = "SCPFirmwareContentCertPK", 281 .ln = "SCP Firmware content certificate public key", 282 .asn1_type = V_ASN1_OCTET_STRING, 283 .type = EXT_TYPE_PKEY, 284 .attr.key = SCP_FW_CONTENT_CERT_KEY 285 }, 286 287 [SCP_FW_HASH_EXT] = { 288 .oid = SCP_FW_HASH_OID, 289 .opt = "scp-fw", 290 .help_msg = "SCP Firmware image file", 291 .sn = "SCPFirmwareHash", 292 .ln = "SCP Firmware hash (SHA256)", 293 .asn1_type = V_ASN1_OCTET_STRING, 294 .type = EXT_TYPE_HASH 295 }, 296 297 [SOC_FW_CONTENT_CERT_PK_EXT] = { 298 .oid = SOC_FW_CONTENT_CERT_PK_OID, 299 .sn = "SoCFirmwareContentCertPK", 300 .ln = "SoC Firmware content certificate public key", 301 .asn1_type = V_ASN1_OCTET_STRING, 302 .type = EXT_TYPE_PKEY, 303 .attr.key = SOC_FW_CONTENT_CERT_KEY 304 }, 305 306 [SOC_AP_FW_HASH_EXT] = { 307 .oid = SOC_AP_FW_HASH_OID, 308 .opt = "soc-fw", 309 .help_msg = "SoC AP Firmware image file", 310 .sn = "SoCAPFirmwareHash", 311 .ln = "SoC AP Firmware hash (SHA256)", 312 .asn1_type = V_ASN1_OCTET_STRING, 313 .type = EXT_TYPE_HASH 314 }, 315 316 [SOC_FW_CONFIG_HASH_EXT] = { 317 .oid = SOC_FW_CONFIG_HASH_OID, 318 .opt = "soc-fw-config", 319 .help_msg = "SoC Firmware Config file", 320 .sn = "SocFirmwareConfigHash", 321 .ln = "SoC Firmware Config hash", 322 .asn1_type = V_ASN1_OCTET_STRING, 323 .type = EXT_TYPE_HASH, 324 .optional = 1 325 }, 326 327 [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { 328 .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, 329 .sn = "TrustedOSFirmwareContentCertPK", 330 .ln = "Trusted OS Firmware content certificate public key", 331 .asn1_type = V_ASN1_OCTET_STRING, 332 .type = EXT_TYPE_PKEY, 333 .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY 334 }, 335 336 [TRUSTED_OS_FW_HASH_EXT] = { 337 .oid = TRUSTED_OS_FW_HASH_OID, 338 .opt = "tos-fw", 339 .help_msg = "Trusted OS image file", 340 .sn = "TrustedOSHash", 341 .ln = "Trusted OS hash (SHA256)", 342 .asn1_type = V_ASN1_OCTET_STRING, 343 .type = EXT_TYPE_HASH 344 }, 345 346 [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = { 347 .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID, 348 .opt = "tos-fw-extra1", 349 .help_msg = "Trusted OS Extra1 image file", 350 .sn = "TrustedOSExtra1Hash", 351 .ln = "Trusted OS Extra1 hash (SHA256)", 352 .asn1_type = V_ASN1_OCTET_STRING, 353 .type = EXT_TYPE_HASH, 354 .optional = 1 355 }, 356 357 [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = { 358 .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID, 359 .opt = "tos-fw-extra2", 360 .help_msg = "Trusted OS Extra2 image file", 361 .sn = "TrustedOSExtra2Hash", 362 .ln = "Trusted OS Extra2 hash (SHA256)", 363 .asn1_type = V_ASN1_OCTET_STRING, 364 .type = EXT_TYPE_HASH, 365 .optional = 1 366 }, 367 368 [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { 369 .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, 370 .opt = "tos-fw-config", 371 .help_msg = "Trusted OS Firmware Config file", 372 .sn = "TrustedOSFirmwareConfigHash", 373 .ln = "Trusted OS Firmware Config hash", 374 .asn1_type = V_ASN1_OCTET_STRING, 375 .type = EXT_TYPE_HASH, 376 .optional = 1 377 }, 378 379 [SP_PKG1_HASH_EXT] = { 380 .oid = SP_PKG1_HASH_OID, 381 .opt = "sp-pkg1", 382 .help_msg = "Secure Partition Package1 file", 383 .sn = "SPPkg1Hash", 384 .ln = "SP Pkg1 hash (SHA256)", 385 .asn1_type = V_ASN1_OCTET_STRING, 386 .type = EXT_TYPE_HASH, 387 .optional = 1 388 }, 389 [SP_PKG2_HASH_EXT] = { 390 .oid = SP_PKG2_HASH_OID, 391 .opt = "sp-pkg2", 392 .help_msg = "Secure Partition Package2 file", 393 .sn = "SPPkg2Hash", 394 .ln = "SP Pkg2 hash (SHA256)", 395 .asn1_type = V_ASN1_OCTET_STRING, 396 .type = EXT_TYPE_HASH, 397 .optional = 1 398 }, 399 [SP_PKG3_HASH_EXT] = { 400 .oid = SP_PKG3_HASH_OID, 401 .opt = "sp-pkg3", 402 .help_msg = "Secure Partition Package3 file", 403 .sn = "SPPkg3Hash", 404 .ln = "SP Pkg3 hash (SHA256)", 405 .asn1_type = V_ASN1_OCTET_STRING, 406 .type = EXT_TYPE_HASH, 407 .optional = 1 408 }, 409 [SP_PKG4_HASH_EXT] = { 410 .oid = SP_PKG4_HASH_OID, 411 .opt = "sp-pkg4", 412 .help_msg = "Secure Partition Package4 file", 413 .sn = "SPPkg4Hash", 414 .ln = "SP Pkg4 hash (SHA256)", 415 .asn1_type = V_ASN1_OCTET_STRING, 416 .type = EXT_TYPE_HASH, 417 .optional = 1 418 }, 419 [SP_PKG5_HASH_EXT] = { 420 .oid = SP_PKG5_HASH_OID, 421 .opt = "sp-pkg5", 422 .help_msg = "Secure Partition Package5 file", 423 .sn = "SPPkg5Hash", 424 .ln = "SP Pkg5 hash (SHA256)", 425 .asn1_type = V_ASN1_OCTET_STRING, 426 .type = EXT_TYPE_HASH, 427 .optional = 1 428 }, 429 [SP_PKG6_HASH_EXT] = { 430 .oid = SP_PKG6_HASH_OID, 431 .opt = "sp-pkg6", 432 .help_msg = "Secure Partition Package6 file", 433 .sn = "SPPkg6Hash", 434 .ln = "SP Pkg6 hash (SHA256)", 435 .asn1_type = V_ASN1_OCTET_STRING, 436 .type = EXT_TYPE_HASH, 437 .optional = 1 438 }, 439 [SP_PKG7_HASH_EXT] = { 440 .oid = SP_PKG7_HASH_OID, 441 .opt = "sp-pkg7", 442 .help_msg = "Secure Partition Package7 file", 443 .sn = "SPPkg7Hash", 444 .ln = "SP Pkg7 hash (SHA256)", 445 .asn1_type = V_ASN1_OCTET_STRING, 446 .type = EXT_TYPE_HASH, 447 .optional = 1 448 }, 449 [SP_PKG8_HASH_EXT] = { 450 .oid = SP_PKG8_HASH_OID, 451 .opt = "sp-pkg8", 452 .help_msg = "Secure Partition Package8 file", 453 .sn = "SPPkg8Hash", 454 .ln = "SP Pkg8 hash (SHA256)", 455 .asn1_type = V_ASN1_OCTET_STRING, 456 .type = EXT_TYPE_HASH, 457 .optional = 1 458 }, 459 460 [SCP_FWU_CFG_HASH_EXT] = { 461 .oid = SCP_FWU_CFG_HASH_OID, 462 .opt = "scp-fwu-cfg", 463 .help_msg = "SCP Firmware Update Config image file", 464 .sn = "SCPFWUpdateConfig", 465 .ln = "SCP Firmware Update Config hash (SHA256)", 466 .asn1_type = V_ASN1_OCTET_STRING, 467 .type = EXT_TYPE_HASH, 468 .optional = 1 469 }, 470 471 [AP_FWU_CFG_HASH_EXT] = { 472 .oid = AP_FWU_CFG_HASH_OID, 473 .opt = "ap-fwu-cfg", 474 .help_msg = "AP Firmware Update Config image file", 475 .sn = "APFWUpdateConfig", 476 .ln = "AP Firmware Update Config hash (SHA256)", 477 .asn1_type = V_ASN1_OCTET_STRING, 478 .type = EXT_TYPE_HASH, 479 .optional = 1 480 }, 481 482 [FWU_HASH_EXT] = { 483 .oid = FWU_HASH_OID, 484 .opt = "fwu", 485 .help_msg = "Firmware Updater image file", 486 .sn = "FWUpdaterHash", 487 .ln = "Firmware Updater hash (SHA256)", 488 .asn1_type = V_ASN1_OCTET_STRING, 489 .type = EXT_TYPE_HASH, 490 .optional = 1 491 }, 492 493 [PROT_PK_EXT] = { 494 .oid = PROT_PK_OID, 495 .sn = "PlatformRoTKey", 496 .ln = "Platform Root of Trust Public Key", 497 .asn1_type = V_ASN1_OCTET_STRING, 498 .type = EXT_TYPE_PKEY, 499 .attr.key = PROT_KEY 500 }, 501 502 [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 503 .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 504 .opt = "ntfw-nvctr", 505 .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 506 .sn = "NormalWorldNVCounter", 507 .ln = "Non-Trusted Firmware Non-Volatile counter", 508 .asn1_type = V_ASN1_INTEGER, 509 .type = EXT_TYPE_NVCOUNTER, 510 .attr.nvctr_type = NVCTR_TYPE_NTFW 511 }, 512 513 [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 514 .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 515 .opt = "nt-fw", 516 .help_msg = "Non-Trusted World Bootloader image file", 517 .sn = "NonTrustedWorldBootloaderHash", 518 .ln = "Non-Trusted World hash (SHA256)", 519 .asn1_type = V_ASN1_OCTET_STRING, 520 .type = EXT_TYPE_HASH 521 }, 522 523 [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { 524 .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, 525 .opt = "nt-fw-config", 526 .help_msg = "Non Trusted OS Firmware Config file", 527 .sn = "NonTrustedOSFirmwareConfigHash", 528 .ln = "Non-Trusted OS Firmware Config hash", 529 .asn1_type = V_ASN1_OCTET_STRING, 530 .type = EXT_TYPE_HASH, 531 .optional = 1 532 }, 533 }; 534 535 REGISTER_EXTENSIONS(cot_ext); 536 537 538 /* Keys used to establish the chain of trust. */ 539 static key_t cot_keys[] = { 540 [ROT_KEY] = { 541 .id = ROT_KEY, 542 .opt = "rot-key", 543 .help_msg = "Root Of Trust key (input/output file)", 544 .desc = "Root Of Trust key" 545 }, 546 547 [TRUSTED_WORLD_KEY] = { 548 .id = TRUSTED_WORLD_KEY, 549 .opt = "trusted-world-key", 550 .help_msg = "Trusted World key (input/output file)", 551 .desc = "Trusted World key" 552 }, 553 554 [SCP_FW_CONTENT_CERT_KEY] = { 555 .id = SCP_FW_CONTENT_CERT_KEY, 556 .opt = "scp-fw-key", 557 .help_msg = "SCP Firmware Content Certificate key (input/output file)", 558 .desc = "SCP Firmware Content Certificate key" 559 }, 560 561 [SOC_FW_CONTENT_CERT_KEY] = { 562 .id = SOC_FW_CONTENT_CERT_KEY, 563 .opt = "soc-fw-key", 564 .help_msg = "SoC Firmware Content Certificate key (input/output file)", 565 .desc = "SoC Firmware Content Certificate key" 566 }, 567 568 [TRUSTED_OS_FW_CONTENT_CERT_KEY] = { 569 .id = TRUSTED_OS_FW_CONTENT_CERT_KEY, 570 .opt = "tos-fw-key", 571 .help_msg = "Trusted OS Firmware Content Certificate key (input/output file)", 572 .desc = "Trusted OS Firmware Content Certificate key" 573 }, 574 575 [PROT_KEY] = { 576 .id = PROT_KEY, 577 .opt = "prot-key", 578 .help_msg = "Platform Root of Trust key", 579 .desc = "Platform Root of Trust key" 580 }, 581 }; 582 583 REGISTER_KEYS(cot_keys); 584