From 0cffcdd617986f0750b384620f5b960059d91fc9 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Wed, 19 Jul 2023 10:39:08 +0100 Subject: [PATCH] feat(auth): add explicit entries for key OIDs Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config images have been explicitly entered. Implementations of signer-ID consume these entries. Change-Id: I24c9085ed5f266af06d40fb73302e35d857a9d5b Signed-off-by: Manish V Badarkhe --- include/tools_share/cca_oid.h | 14 +++++++++++++- include/tools_share/dualroot_oid.h | 1 - include/tools_share/tbbr_oid.h | 12 +++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h index d964aa743..8c53ef955 100644 --- a/include/tools_share/cca_oid.h +++ b/include/tools_share/cca_oid.h @@ -9,7 +9,6 @@ /* Reuse the Object IDs defined by TBBR for certificate extensions. */ #include "tbbr_oid.h" -#include "zero_oid.h" /* * Assign arbitrary Object ID values that do not conflict with any of the @@ -29,4 +28,17 @@ /* CCAFirmwareNVCounter - Non-volatile counter extension */ #define CCA_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.3" +/* + * First undef previous definitions from tbbr_oid.h. + * CCA ROTPK authenticates BL31 and its configuration image in + * CCA CoT. + **/ +#undef BL31_IMAGE_KEY_OID +#undef SOC_FW_CONFIG_KEY_OID +#undef HW_CONFIG_KEY_OID +#define BL31_IMAGE_KEY_OID ZERO_OID +#define SOC_FW_CONFIG_KEY_OID ZERO_OID +#define HW_CONFIG_KEY_OID ZERO_OID +#define RMM_IMAGE_KEY_OID ZERO_OID + #endif /* CCA_OID_H */ diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h index 76fffbaf9..3762c7937 100644 --- a/include/tools_share/dualroot_oid.h +++ b/include/tools_share/dualroot_oid.h @@ -9,7 +9,6 @@ /* Reuse the Object IDs defined by TBBR for certificate extensions. */ #include "tbbr_oid.h" -#include "zero_oid.h" /* * Platform root-of-trust public key. diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h index 52b43ab3e..9881d1a18 100644 --- a/include/tools_share/tbbr_oid.h +++ b/include/tools_share/tbbr_oid.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,6 +7,8 @@ #ifndef TBBR_OID_H #define TBBR_OID_H +#include "zero_oid.h" + #define MAX_OID_NAME_LEN 30 /* @@ -160,6 +162,14 @@ #define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307" #define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308" +/* + * Public Keys present in SOC FW content certificates authenticate BL31 and + * its configuration. + */ +#define BL31_IMAGE_KEY_OID SOC_FW_CONTENT_CERT_PK_OID +#define SOC_FW_CONFIG_KEY_OID SOC_FW_CONTENT_CERT_PK_OID +#define HW_CONFIG_KEY_OID ZERO_OID + #ifdef PLAT_DEF_OID #include #endif