1 /* 2 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stdio.h> 8 #include <string.h> 9 #include <openssl/err.h> 10 #include <openssl/x509v3.h> 11 12 #if USE_TBBR_DEFS 13 #include <tbbr_oid.h> 14 #else 15 #include <platform_oid.h> 16 #endif 17 18 #include "ext.h" 19 #include "tbbr/tbb_ext.h" 20 #include "tbbr/tbb_key.h" 21 22 static ext_t tbb_ext[] = { 23 [TRUSTED_FW_NVCOUNTER_EXT] = { 24 .oid = TRUSTED_FW_NVCOUNTER_OID, 25 .opt = "tfw-nvctr", 26 .help_msg = "Trusted Firmware Non-Volatile counter value", 27 .sn = "TrustedWorldNVCounter", 28 .ln = "Trusted World Non-Volatile counter", 29 .asn1_type = V_ASN1_INTEGER, 30 .type = EXT_TYPE_NVCOUNTER, 31 .attr.nvctr_type = NVCTR_TYPE_TFW 32 }, 33 [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 34 .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 35 .opt = "ntfw-nvctr", 36 .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 37 .sn = "NormalWorldNVCounter", 38 .ln = "Non-Trusted Firmware Non-Volatile counter", 39 .asn1_type = V_ASN1_INTEGER, 40 .type = EXT_TYPE_NVCOUNTER, 41 .attr.nvctr_type = NVCTR_TYPE_NTFW 42 }, 43 [TRUSTED_BOOT_FW_HASH_EXT] = { 44 .oid = TRUSTED_BOOT_FW_HASH_OID, 45 .opt = "tb-fw", 46 .help_msg = "Trusted Boot Firmware image file", 47 .sn = "TrustedBootFirmwareHash", 48 .ln = "Trusted Boot Firmware hash (SHA256)", 49 .asn1_type = V_ASN1_OCTET_STRING, 50 .type = EXT_TYPE_HASH 51 }, 52 [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { 53 .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, 54 .opt = "tb-fw-config", 55 .help_msg = "Trusted Boot Firmware Config file", 56 .sn = "TrustedBootFirmwareConfigHash", 57 .ln = "Trusted Boot Firmware Config hash", 58 .asn1_type = V_ASN1_OCTET_STRING, 59 .type = EXT_TYPE_HASH, 60 .optional = 1 61 }, 62 [HW_CONFIG_HASH_EXT] = { 63 .oid = HW_CONFIG_HASH_OID, 64 .opt = "hw-config", 65 .help_msg = "HW Config file", 66 .sn = "HWConfigHash", 67 .ln = "HW Config hash", 68 .asn1_type = V_ASN1_OCTET_STRING, 69 .type = EXT_TYPE_HASH, 70 .optional = 1 71 }, 72 [FW_CONFIG_HASH_EXT] = { 73 .oid = FW_CONFIG_HASH_OID, 74 .opt = "fw-config", 75 .help_msg = "Firmware Config file", 76 .sn = "FirmwareConfigHash", 77 .ln = "Firmware Config hash", 78 .asn1_type = V_ASN1_OCTET_STRING, 79 .type = EXT_TYPE_HASH, 80 .optional = 1 81 }, 82 [TRUSTED_WORLD_PK_EXT] = { 83 .oid = TRUSTED_WORLD_PK_OID, 84 .sn = "TrustedWorldPublicKey", 85 .ln = "Trusted World Public Key", 86 .asn1_type = V_ASN1_OCTET_STRING, 87 .type = EXT_TYPE_PKEY, 88 .attr.key = TRUSTED_WORLD_KEY 89 }, 90 [NON_TRUSTED_WORLD_PK_EXT] = { 91 .oid = NON_TRUSTED_WORLD_PK_OID, 92 .sn = "NonTrustedWorldPublicKey", 93 .ln = "Non-Trusted World Public Key", 94 .asn1_type = V_ASN1_OCTET_STRING, 95 .type = EXT_TYPE_PKEY, 96 .attr.key = NON_TRUSTED_WORLD_KEY 97 }, 98 [SCP_FW_CONTENT_CERT_PK_EXT] = { 99 .oid = SCP_FW_CONTENT_CERT_PK_OID, 100 .sn = "SCPFirmwareContentCertPK", 101 .ln = "SCP Firmware content certificate public key", 102 .asn1_type = V_ASN1_OCTET_STRING, 103 .type = EXT_TYPE_PKEY, 104 .attr.key = SCP_FW_CONTENT_CERT_KEY 105 }, 106 [SCP_FW_HASH_EXT] = { 107 .oid = SCP_FW_HASH_OID, 108 .opt = "scp-fw", 109 .help_msg = "SCP Firmware image file", 110 .sn = "SCPFirmwareHash", 111 .ln = "SCP Firmware hash (SHA256)", 112 .asn1_type = V_ASN1_OCTET_STRING, 113 .type = EXT_TYPE_HASH 114 }, 115 [SOC_FW_CONTENT_CERT_PK_EXT] = { 116 .oid = SOC_FW_CONTENT_CERT_PK_OID, 117 .sn = "SoCFirmwareContentCertPK", 118 .ln = "SoC Firmware content certificate public key", 119 .asn1_type = V_ASN1_OCTET_STRING, 120 .type = EXT_TYPE_PKEY, 121 .attr.key = SOC_FW_CONTENT_CERT_KEY 122 }, 123 [SOC_AP_FW_HASH_EXT] = { 124 .oid = SOC_AP_FW_HASH_OID, 125 .opt = "soc-fw", 126 .help_msg = "SoC AP Firmware image file", 127 .sn = "SoCAPFirmwareHash", 128 .ln = "SoC AP Firmware hash (SHA256)", 129 .asn1_type = V_ASN1_OCTET_STRING, 130 .type = EXT_TYPE_HASH 131 }, 132 [SOC_FW_CONFIG_HASH_EXT] = { 133 .oid = SOC_FW_CONFIG_HASH_OID, 134 .opt = "soc-fw-config", 135 .help_msg = "SoC Firmware Config file", 136 .sn = "SocFirmwareConfigHash", 137 .ln = "SoC Firmware Config hash", 138 .asn1_type = V_ASN1_OCTET_STRING, 139 .type = EXT_TYPE_HASH, 140 .optional = 1 141 }, 142 [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { 143 .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, 144 .sn = "TrustedOSFirmwareContentCertPK", 145 .ln = "Trusted OS Firmware content certificate public key", 146 .asn1_type = V_ASN1_OCTET_STRING, 147 .type = EXT_TYPE_PKEY, 148 .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY 149 }, 150 [TRUSTED_OS_FW_HASH_EXT] = { 151 .oid = TRUSTED_OS_FW_HASH_OID, 152 .opt = "tos-fw", 153 .help_msg = "Trusted OS image file", 154 .sn = "TrustedOSHash", 155 .ln = "Trusted OS hash (SHA256)", 156 .asn1_type = V_ASN1_OCTET_STRING, 157 .type = EXT_TYPE_HASH 158 }, 159 [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = { 160 .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID, 161 .opt = "tos-fw-extra1", 162 .help_msg = "Trusted OS Extra1 image file", 163 .sn = "TrustedOSExtra1Hash", 164 .ln = "Trusted OS Extra1 hash (SHA256)", 165 .asn1_type = V_ASN1_OCTET_STRING, 166 .type = EXT_TYPE_HASH, 167 .optional = 1 168 }, 169 [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = { 170 .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID, 171 .opt = "tos-fw-extra2", 172 .help_msg = "Trusted OS Extra2 image file", 173 .sn = "TrustedOSExtra2Hash", 174 .ln = "Trusted OS Extra2 hash (SHA256)", 175 .asn1_type = V_ASN1_OCTET_STRING, 176 .type = EXT_TYPE_HASH, 177 .optional = 1 178 }, 179 [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { 180 .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, 181 .opt = "tos-fw-config", 182 .help_msg = "Trusted OS Firmware Config file", 183 .sn = "TrustedOSFirmwareConfigHash", 184 .ln = "Trusted OS Firmware Config hash", 185 .asn1_type = V_ASN1_OCTET_STRING, 186 .type = EXT_TYPE_HASH, 187 .optional = 1 188 }, 189 [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { 190 .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, 191 .sn = "NonTrustedFirmwareContentCertPK", 192 .ln = "Non-Trusted Firmware content certificate public key", 193 .asn1_type = V_ASN1_OCTET_STRING, 194 .type = EXT_TYPE_PKEY, 195 .attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY 196 }, 197 [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 198 .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 199 .opt = "nt-fw", 200 .help_msg = "Non-Trusted World Bootloader image file", 201 .sn = "NonTrustedWorldBootloaderHash", 202 .ln = "Non-Trusted World hash (SHA256)", 203 .asn1_type = V_ASN1_OCTET_STRING, 204 .type = EXT_TYPE_HASH 205 }, 206 [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { 207 .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, 208 .opt = "nt-fw-config", 209 .help_msg = "Non Trusted OS Firmware Config file", 210 .sn = "NonTrustedOSFirmwareConfigHash", 211 .ln = "Non-Trusted OS Firmware Config hash", 212 .asn1_type = V_ASN1_OCTET_STRING, 213 .type = EXT_TYPE_HASH, 214 .optional = 1 215 }, 216 [SP_PKG1_HASH_EXT] = { 217 .oid = SP_PKG1_HASH_OID, 218 .opt = "sp-pkg1", 219 .help_msg = "Secure Partition Package1 file", 220 .sn = "SPPkg1Hash", 221 .ln = "SP Pkg1 hash (SHA256)", 222 .asn1_type = V_ASN1_OCTET_STRING, 223 .type = EXT_TYPE_HASH, 224 .optional = 1 225 }, 226 [SP_PKG2_HASH_EXT] = { 227 .oid = SP_PKG2_HASH_OID, 228 .opt = "sp-pkg2", 229 .help_msg = "Secure Partition Package2 file", 230 .sn = "SPPkg2Hash", 231 .ln = "SP Pkg2 hash (SHA256)", 232 .asn1_type = V_ASN1_OCTET_STRING, 233 .type = EXT_TYPE_HASH, 234 .optional = 1 235 }, 236 [SP_PKG3_HASH_EXT] = { 237 .oid = SP_PKG3_HASH_OID, 238 .opt = "sp-pkg3", 239 .help_msg = "Secure Partition Package3 file", 240 .sn = "SPPkg3Hash", 241 .ln = "SP Pkg3 hash (SHA256)", 242 .asn1_type = V_ASN1_OCTET_STRING, 243 .type = EXT_TYPE_HASH, 244 .optional = 1 245 }, 246 [SP_PKG4_HASH_EXT] = { 247 .oid = SP_PKG4_HASH_OID, 248 .opt = "sp-pkg4", 249 .help_msg = "Secure Partition Package4 file", 250 .sn = "SPPkg4Hash", 251 .ln = "SP Pkg4 hash (SHA256)", 252 .asn1_type = V_ASN1_OCTET_STRING, 253 .type = EXT_TYPE_HASH, 254 .optional = 1 255 }, 256 [SP_PKG5_HASH_EXT] = { 257 .oid = SP_PKG5_HASH_OID, 258 .opt = "sp-pkg5", 259 .help_msg = "Secure Partition Package5 file", 260 .sn = "SPPkg5Hash", 261 .ln = "SP Pkg5 hash (SHA256)", 262 .asn1_type = V_ASN1_OCTET_STRING, 263 .type = EXT_TYPE_HASH, 264 .optional = 1 265 }, 266 [SP_PKG6_HASH_EXT] = { 267 .oid = SP_PKG6_HASH_OID, 268 .opt = "sp-pkg6", 269 .help_msg = "Secure Partition Package6 file", 270 .sn = "SPPkg6Hash", 271 .ln = "SP Pkg6 hash (SHA256)", 272 .asn1_type = V_ASN1_OCTET_STRING, 273 .type = EXT_TYPE_HASH, 274 .optional = 1 275 }, 276 [SP_PKG7_HASH_EXT] = { 277 .oid = SP_PKG7_HASH_OID, 278 .opt = "sp-pkg7", 279 .help_msg = "Secure Partition Package7 file", 280 .sn = "SPPkg7Hash", 281 .ln = "SP Pkg7 hash (SHA256)", 282 .asn1_type = V_ASN1_OCTET_STRING, 283 .type = EXT_TYPE_HASH, 284 .optional = 1 285 }, 286 [SP_PKG8_HASH_EXT] = { 287 .oid = SP_PKG8_HASH_OID, 288 .opt = "sp-pkg8", 289 .help_msg = "Secure Partition Package8 file", 290 .sn = "SPPkg8Hash", 291 .ln = "SP Pkg8 hash (SHA256)", 292 .asn1_type = V_ASN1_OCTET_STRING, 293 .type = EXT_TYPE_HASH, 294 .optional = 1 295 }, 296 [SCP_FWU_CFG_HASH_EXT] = { 297 .oid = SCP_FWU_CFG_HASH_OID, 298 .opt = "scp-fwu-cfg", 299 .help_msg = "SCP Firmware Update Config image file", 300 .sn = "SCPFWUpdateConfig", 301 .ln = "SCP Firmware Update Config hash (SHA256)", 302 .asn1_type = V_ASN1_OCTET_STRING, 303 .type = EXT_TYPE_HASH, 304 .optional = 1 305 }, 306 [AP_FWU_CFG_HASH_EXT] = { 307 .oid = AP_FWU_CFG_HASH_OID, 308 .opt = "ap-fwu-cfg", 309 .help_msg = "AP Firmware Update Config image file", 310 .sn = "APFWUpdateConfig", 311 .ln = "AP Firmware Update Config hash (SHA256)", 312 .asn1_type = V_ASN1_OCTET_STRING, 313 .type = EXT_TYPE_HASH, 314 .optional = 1 315 }, 316 [FWU_HASH_EXT] = { 317 .oid = FWU_HASH_OID, 318 .opt = "fwu", 319 .help_msg = "Firmware Updater image file", 320 .sn = "FWUpdaterHash", 321 .ln = "Firmware Updater hash (SHA256)", 322 .asn1_type = V_ASN1_OCTET_STRING, 323 .type = EXT_TYPE_HASH, 324 .optional = 1 325 } 326 }; 327 328 REGISTER_EXTENSIONS(tbb_ext); 329