1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #include <stdio.h> 8*91f16700Schasinglulu #include <string.h> 9*91f16700Schasinglulu #include <openssl/err.h> 10*91f16700Schasinglulu #include <openssl/x509v3.h> 11*91f16700Schasinglulu 12*91f16700Schasinglulu #if USE_TBBR_DEFS 13*91f16700Schasinglulu #include <tbbr_oid.h> 14*91f16700Schasinglulu #else 15*91f16700Schasinglulu #include <platform_oid.h> 16*91f16700Schasinglulu #endif 17*91f16700Schasinglulu 18*91f16700Schasinglulu #include "ext.h" 19*91f16700Schasinglulu #include "tbbr/tbb_ext.h" 20*91f16700Schasinglulu #include "tbbr/tbb_key.h" 21*91f16700Schasinglulu 22*91f16700Schasinglulu static ext_t tbb_ext[] = { 23*91f16700Schasinglulu [TRUSTED_FW_NVCOUNTER_EXT] = { 24*91f16700Schasinglulu .oid = TRUSTED_FW_NVCOUNTER_OID, 25*91f16700Schasinglulu .opt = "tfw-nvctr", 26*91f16700Schasinglulu .help_msg = "Trusted Firmware Non-Volatile counter value", 27*91f16700Schasinglulu .sn = "TrustedWorldNVCounter", 28*91f16700Schasinglulu .ln = "Trusted World Non-Volatile counter", 29*91f16700Schasinglulu .asn1_type = V_ASN1_INTEGER, 30*91f16700Schasinglulu .type = EXT_TYPE_NVCOUNTER, 31*91f16700Schasinglulu .attr.nvctr_type = NVCTR_TYPE_TFW 32*91f16700Schasinglulu }, 33*91f16700Schasinglulu [NON_TRUSTED_FW_NVCOUNTER_EXT] = { 34*91f16700Schasinglulu .oid = NON_TRUSTED_FW_NVCOUNTER_OID, 35*91f16700Schasinglulu .opt = "ntfw-nvctr", 36*91f16700Schasinglulu .help_msg = "Non-Trusted Firmware Non-Volatile counter value", 37*91f16700Schasinglulu .sn = "NormalWorldNVCounter", 38*91f16700Schasinglulu .ln = "Non-Trusted Firmware Non-Volatile counter", 39*91f16700Schasinglulu .asn1_type = V_ASN1_INTEGER, 40*91f16700Schasinglulu .type = EXT_TYPE_NVCOUNTER, 41*91f16700Schasinglulu .attr.nvctr_type = NVCTR_TYPE_NTFW 42*91f16700Schasinglulu }, 43*91f16700Schasinglulu [TRUSTED_BOOT_FW_HASH_EXT] = { 44*91f16700Schasinglulu .oid = TRUSTED_BOOT_FW_HASH_OID, 45*91f16700Schasinglulu .opt = "tb-fw", 46*91f16700Schasinglulu .help_msg = "Trusted Boot Firmware image file", 47*91f16700Schasinglulu .sn = "TrustedBootFirmwareHash", 48*91f16700Schasinglulu .ln = "Trusted Boot Firmware hash (SHA256)", 49*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 50*91f16700Schasinglulu .type = EXT_TYPE_HASH 51*91f16700Schasinglulu }, 52*91f16700Schasinglulu [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = { 53*91f16700Schasinglulu .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID, 54*91f16700Schasinglulu .opt = "tb-fw-config", 55*91f16700Schasinglulu .help_msg = "Trusted Boot Firmware Config file", 56*91f16700Schasinglulu .sn = "TrustedBootFirmwareConfigHash", 57*91f16700Schasinglulu .ln = "Trusted Boot Firmware Config hash", 58*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 59*91f16700Schasinglulu .type = EXT_TYPE_HASH, 60*91f16700Schasinglulu .optional = 1 61*91f16700Schasinglulu }, 62*91f16700Schasinglulu [HW_CONFIG_HASH_EXT] = { 63*91f16700Schasinglulu .oid = HW_CONFIG_HASH_OID, 64*91f16700Schasinglulu .opt = "hw-config", 65*91f16700Schasinglulu .help_msg = "HW Config file", 66*91f16700Schasinglulu .sn = "HWConfigHash", 67*91f16700Schasinglulu .ln = "HW Config hash", 68*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 69*91f16700Schasinglulu .type = EXT_TYPE_HASH, 70*91f16700Schasinglulu .optional = 1 71*91f16700Schasinglulu }, 72*91f16700Schasinglulu [FW_CONFIG_HASH_EXT] = { 73*91f16700Schasinglulu .oid = FW_CONFIG_HASH_OID, 74*91f16700Schasinglulu .opt = "fw-config", 75*91f16700Schasinglulu .help_msg = "Firmware Config file", 76*91f16700Schasinglulu .sn = "FirmwareConfigHash", 77*91f16700Schasinglulu .ln = "Firmware Config hash", 78*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 79*91f16700Schasinglulu .type = EXT_TYPE_HASH, 80*91f16700Schasinglulu .optional = 1 81*91f16700Schasinglulu }, 82*91f16700Schasinglulu [TRUSTED_WORLD_PK_EXT] = { 83*91f16700Schasinglulu .oid = TRUSTED_WORLD_PK_OID, 84*91f16700Schasinglulu .sn = "TrustedWorldPublicKey", 85*91f16700Schasinglulu .ln = "Trusted World Public Key", 86*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 87*91f16700Schasinglulu .type = EXT_TYPE_PKEY, 88*91f16700Schasinglulu .attr.key = TRUSTED_WORLD_KEY 89*91f16700Schasinglulu }, 90*91f16700Schasinglulu [NON_TRUSTED_WORLD_PK_EXT] = { 91*91f16700Schasinglulu .oid = NON_TRUSTED_WORLD_PK_OID, 92*91f16700Schasinglulu .sn = "NonTrustedWorldPublicKey", 93*91f16700Schasinglulu .ln = "Non-Trusted World Public Key", 94*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 95*91f16700Schasinglulu .type = EXT_TYPE_PKEY, 96*91f16700Schasinglulu .attr.key = NON_TRUSTED_WORLD_KEY 97*91f16700Schasinglulu }, 98*91f16700Schasinglulu [SCP_FW_CONTENT_CERT_PK_EXT] = { 99*91f16700Schasinglulu .oid = SCP_FW_CONTENT_CERT_PK_OID, 100*91f16700Schasinglulu .sn = "SCPFirmwareContentCertPK", 101*91f16700Schasinglulu .ln = "SCP Firmware content certificate public key", 102*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 103*91f16700Schasinglulu .type = EXT_TYPE_PKEY, 104*91f16700Schasinglulu .attr.key = SCP_FW_CONTENT_CERT_KEY 105*91f16700Schasinglulu }, 106*91f16700Schasinglulu [SCP_FW_HASH_EXT] = { 107*91f16700Schasinglulu .oid = SCP_FW_HASH_OID, 108*91f16700Schasinglulu .opt = "scp-fw", 109*91f16700Schasinglulu .help_msg = "SCP Firmware image file", 110*91f16700Schasinglulu .sn = "SCPFirmwareHash", 111*91f16700Schasinglulu .ln = "SCP Firmware hash (SHA256)", 112*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 113*91f16700Schasinglulu .type = EXT_TYPE_HASH 114*91f16700Schasinglulu }, 115*91f16700Schasinglulu [SOC_FW_CONTENT_CERT_PK_EXT] = { 116*91f16700Schasinglulu .oid = SOC_FW_CONTENT_CERT_PK_OID, 117*91f16700Schasinglulu .sn = "SoCFirmwareContentCertPK", 118*91f16700Schasinglulu .ln = "SoC Firmware content certificate public key", 119*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 120*91f16700Schasinglulu .type = EXT_TYPE_PKEY, 121*91f16700Schasinglulu .attr.key = SOC_FW_CONTENT_CERT_KEY 122*91f16700Schasinglulu }, 123*91f16700Schasinglulu [SOC_AP_FW_HASH_EXT] = { 124*91f16700Schasinglulu .oid = SOC_AP_FW_HASH_OID, 125*91f16700Schasinglulu .opt = "soc-fw", 126*91f16700Schasinglulu .help_msg = "SoC AP Firmware image file", 127*91f16700Schasinglulu .sn = "SoCAPFirmwareHash", 128*91f16700Schasinglulu .ln = "SoC AP Firmware hash (SHA256)", 129*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 130*91f16700Schasinglulu .type = EXT_TYPE_HASH 131*91f16700Schasinglulu }, 132*91f16700Schasinglulu [SOC_FW_CONFIG_HASH_EXT] = { 133*91f16700Schasinglulu .oid = SOC_FW_CONFIG_HASH_OID, 134*91f16700Schasinglulu .opt = "soc-fw-config", 135*91f16700Schasinglulu .help_msg = "SoC Firmware Config file", 136*91f16700Schasinglulu .sn = "SocFirmwareConfigHash", 137*91f16700Schasinglulu .ln = "SoC Firmware Config hash", 138*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 139*91f16700Schasinglulu .type = EXT_TYPE_HASH, 140*91f16700Schasinglulu .optional = 1 141*91f16700Schasinglulu }, 142*91f16700Schasinglulu [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { 143*91f16700Schasinglulu .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, 144*91f16700Schasinglulu .sn = "TrustedOSFirmwareContentCertPK", 145*91f16700Schasinglulu .ln = "Trusted OS Firmware content certificate public key", 146*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 147*91f16700Schasinglulu .type = EXT_TYPE_PKEY, 148*91f16700Schasinglulu .attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY 149*91f16700Schasinglulu }, 150*91f16700Schasinglulu [TRUSTED_OS_FW_HASH_EXT] = { 151*91f16700Schasinglulu .oid = TRUSTED_OS_FW_HASH_OID, 152*91f16700Schasinglulu .opt = "tos-fw", 153*91f16700Schasinglulu .help_msg = "Trusted OS image file", 154*91f16700Schasinglulu .sn = "TrustedOSHash", 155*91f16700Schasinglulu .ln = "Trusted OS hash (SHA256)", 156*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 157*91f16700Schasinglulu .type = EXT_TYPE_HASH 158*91f16700Schasinglulu }, 159*91f16700Schasinglulu [TRUSTED_OS_FW_EXTRA1_HASH_EXT] = { 160*91f16700Schasinglulu .oid = TRUSTED_OS_FW_EXTRA1_HASH_OID, 161*91f16700Schasinglulu .opt = "tos-fw-extra1", 162*91f16700Schasinglulu .help_msg = "Trusted OS Extra1 image file", 163*91f16700Schasinglulu .sn = "TrustedOSExtra1Hash", 164*91f16700Schasinglulu .ln = "Trusted OS Extra1 hash (SHA256)", 165*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 166*91f16700Schasinglulu .type = EXT_TYPE_HASH, 167*91f16700Schasinglulu .optional = 1 168*91f16700Schasinglulu }, 169*91f16700Schasinglulu [TRUSTED_OS_FW_EXTRA2_HASH_EXT] = { 170*91f16700Schasinglulu .oid = TRUSTED_OS_FW_EXTRA2_HASH_OID, 171*91f16700Schasinglulu .opt = "tos-fw-extra2", 172*91f16700Schasinglulu .help_msg = "Trusted OS Extra2 image file", 173*91f16700Schasinglulu .sn = "TrustedOSExtra2Hash", 174*91f16700Schasinglulu .ln = "Trusted OS Extra2 hash (SHA256)", 175*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 176*91f16700Schasinglulu .type = EXT_TYPE_HASH, 177*91f16700Schasinglulu .optional = 1 178*91f16700Schasinglulu }, 179*91f16700Schasinglulu [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { 180*91f16700Schasinglulu .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, 181*91f16700Schasinglulu .opt = "tos-fw-config", 182*91f16700Schasinglulu .help_msg = "Trusted OS Firmware Config file", 183*91f16700Schasinglulu .sn = "TrustedOSFirmwareConfigHash", 184*91f16700Schasinglulu .ln = "Trusted OS Firmware Config hash", 185*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 186*91f16700Schasinglulu .type = EXT_TYPE_HASH, 187*91f16700Schasinglulu .optional = 1 188*91f16700Schasinglulu }, 189*91f16700Schasinglulu [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { 190*91f16700Schasinglulu .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, 191*91f16700Schasinglulu .sn = "NonTrustedFirmwareContentCertPK", 192*91f16700Schasinglulu .ln = "Non-Trusted Firmware content certificate public key", 193*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 194*91f16700Schasinglulu .type = EXT_TYPE_PKEY, 195*91f16700Schasinglulu .attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY 196*91f16700Schasinglulu }, 197*91f16700Schasinglulu [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = { 198*91f16700Schasinglulu .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID, 199*91f16700Schasinglulu .opt = "nt-fw", 200*91f16700Schasinglulu .help_msg = "Non-Trusted World Bootloader image file", 201*91f16700Schasinglulu .sn = "NonTrustedWorldBootloaderHash", 202*91f16700Schasinglulu .ln = "Non-Trusted World hash (SHA256)", 203*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 204*91f16700Schasinglulu .type = EXT_TYPE_HASH 205*91f16700Schasinglulu }, 206*91f16700Schasinglulu [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { 207*91f16700Schasinglulu .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, 208*91f16700Schasinglulu .opt = "nt-fw-config", 209*91f16700Schasinglulu .help_msg = "Non Trusted OS Firmware Config file", 210*91f16700Schasinglulu .sn = "NonTrustedOSFirmwareConfigHash", 211*91f16700Schasinglulu .ln = "Non-Trusted OS Firmware Config hash", 212*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 213*91f16700Schasinglulu .type = EXT_TYPE_HASH, 214*91f16700Schasinglulu .optional = 1 215*91f16700Schasinglulu }, 216*91f16700Schasinglulu [SP_PKG1_HASH_EXT] = { 217*91f16700Schasinglulu .oid = SP_PKG1_HASH_OID, 218*91f16700Schasinglulu .opt = "sp-pkg1", 219*91f16700Schasinglulu .help_msg = "Secure Partition Package1 file", 220*91f16700Schasinglulu .sn = "SPPkg1Hash", 221*91f16700Schasinglulu .ln = "SP Pkg1 hash (SHA256)", 222*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 223*91f16700Schasinglulu .type = EXT_TYPE_HASH, 224*91f16700Schasinglulu .optional = 1 225*91f16700Schasinglulu }, 226*91f16700Schasinglulu [SP_PKG2_HASH_EXT] = { 227*91f16700Schasinglulu .oid = SP_PKG2_HASH_OID, 228*91f16700Schasinglulu .opt = "sp-pkg2", 229*91f16700Schasinglulu .help_msg = "Secure Partition Package2 file", 230*91f16700Schasinglulu .sn = "SPPkg2Hash", 231*91f16700Schasinglulu .ln = "SP Pkg2 hash (SHA256)", 232*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 233*91f16700Schasinglulu .type = EXT_TYPE_HASH, 234*91f16700Schasinglulu .optional = 1 235*91f16700Schasinglulu }, 236*91f16700Schasinglulu [SP_PKG3_HASH_EXT] = { 237*91f16700Schasinglulu .oid = SP_PKG3_HASH_OID, 238*91f16700Schasinglulu .opt = "sp-pkg3", 239*91f16700Schasinglulu .help_msg = "Secure Partition Package3 file", 240*91f16700Schasinglulu .sn = "SPPkg3Hash", 241*91f16700Schasinglulu .ln = "SP Pkg3 hash (SHA256)", 242*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 243*91f16700Schasinglulu .type = EXT_TYPE_HASH, 244*91f16700Schasinglulu .optional = 1 245*91f16700Schasinglulu }, 246*91f16700Schasinglulu [SP_PKG4_HASH_EXT] = { 247*91f16700Schasinglulu .oid = SP_PKG4_HASH_OID, 248*91f16700Schasinglulu .opt = "sp-pkg4", 249*91f16700Schasinglulu .help_msg = "Secure Partition Package4 file", 250*91f16700Schasinglulu .sn = "SPPkg4Hash", 251*91f16700Schasinglulu .ln = "SP Pkg4 hash (SHA256)", 252*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 253*91f16700Schasinglulu .type = EXT_TYPE_HASH, 254*91f16700Schasinglulu .optional = 1 255*91f16700Schasinglulu }, 256*91f16700Schasinglulu [SP_PKG5_HASH_EXT] = { 257*91f16700Schasinglulu .oid = SP_PKG5_HASH_OID, 258*91f16700Schasinglulu .opt = "sp-pkg5", 259*91f16700Schasinglulu .help_msg = "Secure Partition Package5 file", 260*91f16700Schasinglulu .sn = "SPPkg5Hash", 261*91f16700Schasinglulu .ln = "SP Pkg5 hash (SHA256)", 262*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 263*91f16700Schasinglulu .type = EXT_TYPE_HASH, 264*91f16700Schasinglulu .optional = 1 265*91f16700Schasinglulu }, 266*91f16700Schasinglulu [SP_PKG6_HASH_EXT] = { 267*91f16700Schasinglulu .oid = SP_PKG6_HASH_OID, 268*91f16700Schasinglulu .opt = "sp-pkg6", 269*91f16700Schasinglulu .help_msg = "Secure Partition Package6 file", 270*91f16700Schasinglulu .sn = "SPPkg6Hash", 271*91f16700Schasinglulu .ln = "SP Pkg6 hash (SHA256)", 272*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 273*91f16700Schasinglulu .type = EXT_TYPE_HASH, 274*91f16700Schasinglulu .optional = 1 275*91f16700Schasinglulu }, 276*91f16700Schasinglulu [SP_PKG7_HASH_EXT] = { 277*91f16700Schasinglulu .oid = SP_PKG7_HASH_OID, 278*91f16700Schasinglulu .opt = "sp-pkg7", 279*91f16700Schasinglulu .help_msg = "Secure Partition Package7 file", 280*91f16700Schasinglulu .sn = "SPPkg7Hash", 281*91f16700Schasinglulu .ln = "SP Pkg7 hash (SHA256)", 282*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 283*91f16700Schasinglulu .type = EXT_TYPE_HASH, 284*91f16700Schasinglulu .optional = 1 285*91f16700Schasinglulu }, 286*91f16700Schasinglulu [SP_PKG8_HASH_EXT] = { 287*91f16700Schasinglulu .oid = SP_PKG8_HASH_OID, 288*91f16700Schasinglulu .opt = "sp-pkg8", 289*91f16700Schasinglulu .help_msg = "Secure Partition Package8 file", 290*91f16700Schasinglulu .sn = "SPPkg8Hash", 291*91f16700Schasinglulu .ln = "SP Pkg8 hash (SHA256)", 292*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 293*91f16700Schasinglulu .type = EXT_TYPE_HASH, 294*91f16700Schasinglulu .optional = 1 295*91f16700Schasinglulu }, 296*91f16700Schasinglulu [SCP_FWU_CFG_HASH_EXT] = { 297*91f16700Schasinglulu .oid = SCP_FWU_CFG_HASH_OID, 298*91f16700Schasinglulu .opt = "scp-fwu-cfg", 299*91f16700Schasinglulu .help_msg = "SCP Firmware Update Config image file", 300*91f16700Schasinglulu .sn = "SCPFWUpdateConfig", 301*91f16700Schasinglulu .ln = "SCP Firmware Update Config hash (SHA256)", 302*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 303*91f16700Schasinglulu .type = EXT_TYPE_HASH, 304*91f16700Schasinglulu .optional = 1 305*91f16700Schasinglulu }, 306*91f16700Schasinglulu [AP_FWU_CFG_HASH_EXT] = { 307*91f16700Schasinglulu .oid = AP_FWU_CFG_HASH_OID, 308*91f16700Schasinglulu .opt = "ap-fwu-cfg", 309*91f16700Schasinglulu .help_msg = "AP Firmware Update Config image file", 310*91f16700Schasinglulu .sn = "APFWUpdateConfig", 311*91f16700Schasinglulu .ln = "AP Firmware Update Config hash (SHA256)", 312*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 313*91f16700Schasinglulu .type = EXT_TYPE_HASH, 314*91f16700Schasinglulu .optional = 1 315*91f16700Schasinglulu }, 316*91f16700Schasinglulu [FWU_HASH_EXT] = { 317*91f16700Schasinglulu .oid = FWU_HASH_OID, 318*91f16700Schasinglulu .opt = "fwu", 319*91f16700Schasinglulu .help_msg = "Firmware Updater image file", 320*91f16700Schasinglulu .sn = "FWUpdaterHash", 321*91f16700Schasinglulu .ln = "Firmware Updater hash (SHA256)", 322*91f16700Schasinglulu .asn1_type = V_ASN1_OCTET_STRING, 323*91f16700Schasinglulu .type = EXT_TYPE_HASH, 324*91f16700Schasinglulu .optional = 1 325*91f16700Schasinglulu } 326*91f16700Schasinglulu }; 327*91f16700Schasinglulu 328*91f16700Schasinglulu REGISTER_EXTENSIONS(tbb_ext); 329