From a8818bbf75196d84b098170c2c0f98382308c50c Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Wed, 10 Jun 2020 15:50:36 +0100
Subject: [PATCH] cert_create: extend Secure partition support for tbbr CoT

with sha 0792dd7, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for tbbr CoT.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
---
 include/tools_share/dualroot_oid.h        | 12 ----
 include/tools_share/tbbr_oid.h            | 12 ++++
 tools/cert_create/include/tbbr/tbb_cert.h |  1 +
 tools/cert_create/include/tbbr/tbb_ext.h  |  8 +++
 tools/cert_create/src/tbbr/tbb_cert.c     | 21 ++++++
 tools/cert_create/src/tbbr/tbb_ext.c      | 80 +++++++++++++++++++++++
 6 files changed, 122 insertions(+), 12 deletions(-)

diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h
index da367da92..3e88a6d22 100644
--- a/include/tools_share/dualroot_oid.h
+++ b/include/tools_share/dualroot_oid.h
@@ -16,16 +16,4 @@
  */
 #define PROT_PK_OID				"1.3.6.1.4.1.4128.2100.1102"
 
-/*
- * Secure Partitions Content Certificate
- */
-#define SP_PKG1_HASH_OID                        "1.3.6.1.4.1.4128.2100.1301"
-#define SP_PKG2_HASH_OID                        "1.3.6.1.4.1.4128.2100.1302"
-#define SP_PKG3_HASH_OID                        "1.3.6.1.4.1.4128.2100.1303"
-#define SP_PKG4_HASH_OID                        "1.3.6.1.4.1.4128.2100.1304"
-#define SP_PKG5_HASH_OID                        "1.3.6.1.4.1.4128.2100.1305"
-#define SP_PKG6_HASH_OID                        "1.3.6.1.4.1.4128.2100.1306"
-#define SP_PKG7_HASH_OID                        "1.3.6.1.4.1.4128.2100.1307"
-#define SP_PKG8_HASH_OID                        "1.3.6.1.4.1.4128.2100.1308"
-
 #endif /* DUALROOT_OID_H */
diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 6bccfdd1e..24a8f39ca 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -145,4 +145,16 @@
 /* NonTrustedFirmwareConfigHash - NT_FW_CONFIG */
 #define NON_TRUSTED_FW_CONFIG_HASH_OID		"1.3.6.1.4.1.4128.2100.1202"
 
+/*
+ * Secure Partitions Content Certificate
+ */
+#define SP_PKG1_HASH_OID			"1.3.6.1.4.1.4128.2100.1301"
+#define SP_PKG2_HASH_OID			"1.3.6.1.4.1.4128.2100.1302"
+#define SP_PKG3_HASH_OID			"1.3.6.1.4.1.4128.2100.1303"
+#define SP_PKG4_HASH_OID			"1.3.6.1.4.1.4128.2100.1304"
+#define SP_PKG5_HASH_OID			"1.3.6.1.4.1.4128.2100.1305"
+#define SP_PKG6_HASH_OID			"1.3.6.1.4.1.4128.2100.1306"
+#define SP_PKG7_HASH_OID			"1.3.6.1.4.1.4128.2100.1307"
+#define SP_PKG8_HASH_OID			"1.3.6.1.4.1.4128.2100.1308"
+
 #endif /* TBBR_OID_H */
diff --git a/tools/cert_create/include/tbbr/tbb_cert.h b/tools/cert_create/include/tbbr/tbb_cert.h
index 628ef3a42..e5fa3a238 100644
--- a/tools/cert_create/include/tbbr/tbb_cert.h
+++ b/tools/cert_create/include/tbbr/tbb_cert.h
@@ -23,6 +23,7 @@ enum {
 	TRUSTED_OS_FW_CONTENT_CERT,
 	NON_TRUSTED_FW_KEY_CERT,
 	NON_TRUSTED_FW_CONTENT_CERT,
+	SIP_SECURE_PARTITION_CONTENT_CERT,
 	FWU_CERT
 };
 
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 462aafcfa..7ac97a513 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -30,6 +30,14 @@ enum {
 	NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
 	NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
 	NON_TRUSTED_FW_CONFIG_HASH_EXT,
+	SP_PKG1_HASH_EXT,
+	SP_PKG2_HASH_EXT,
+	SP_PKG3_HASH_EXT,
+	SP_PKG4_HASH_EXT,
+	SP_PKG5_HASH_EXT,
+	SP_PKG6_HASH_EXT,
+	SP_PKG7_HASH_EXT,
+	SP_PKG8_HASH_EXT,
 	SCP_FWU_CFG_HASH_EXT,
 	AP_FWU_CFG_HASH_EXT,
 	FWU_HASH_EXT
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 7fb32d82c..b614e2e49 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -164,6 +164,27 @@ static cert_t tbb_certs[] = {
 		},
 		.num_ext = 3
 	},
+	[SIP_SECURE_PARTITION_CONTENT_CERT] = {
+		.id = SIP_SECURE_PARTITION_CONTENT_CERT,
+		.opt = "sip-sp-cert",
+		.help_msg = "SiP owned Secure Partition Content Certificate (output file)",
+		.fn = NULL,
+		.cn = "SiP owned Secure Partition Content Certificate",
+		.key = TRUSTED_WORLD_KEY,
+		.issuer = SIP_SECURE_PARTITION_CONTENT_CERT,
+		.ext = {
+			TRUSTED_FW_NVCOUNTER_EXT,
+			SP_PKG1_HASH_EXT,
+			SP_PKG2_HASH_EXT,
+			SP_PKG3_HASH_EXT,
+			SP_PKG4_HASH_EXT,
+			SP_PKG5_HASH_EXT,
+			SP_PKG6_HASH_EXT,
+			SP_PKG7_HASH_EXT,
+			SP_PKG8_HASH_EXT,
+		},
+		.num_ext = 9
+	},
 	[FWU_CERT] = {
 		.id = FWU_CERT,
 		.opt = "fwu-cert",
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index ee5377fe8..0068d3b4a 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -203,6 +203,86 @@ static ext_t tbb_ext[] = {
 		.type = EXT_TYPE_HASH,
 		.optional = 1
 	},
+	[SP_PKG1_HASH_EXT] = {
+		.oid = SP_PKG1_HASH_OID,
+		.opt = "sp-pkg1",
+		.help_msg = "Secure Partition Package1 file",
+		.sn = "SPPkg1Hash",
+		.ln = "SP Pkg1 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG2_HASH_EXT] = {
+		.oid = SP_PKG2_HASH_OID,
+		.opt = "sp-pkg2",
+		.help_msg = "Secure Partition Package2 file",
+		.sn = "SPPkg2Hash",
+		.ln = "SP Pkg2 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG3_HASH_EXT] = {
+		.oid = SP_PKG3_HASH_OID,
+		.opt = "sp-pkg3",
+		.help_msg = "Secure Partition Package3 file",
+		.sn = "SPPkg3Hash",
+		.ln = "SP Pkg3 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG4_HASH_EXT] = {
+		.oid = SP_PKG4_HASH_OID,
+		.opt = "sp-pkg4",
+		.help_msg = "Secure Partition Package4 file",
+		.sn = "SPPkg4Hash",
+		.ln = "SP Pkg4 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG5_HASH_EXT] = {
+		.oid = SP_PKG5_HASH_OID,
+		.opt = "sp-pkg5",
+		.help_msg = "Secure Partition Package5 file",
+		.sn = "SPPkg5Hash",
+		.ln = "SP Pkg5 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG6_HASH_EXT] = {
+		.oid = SP_PKG6_HASH_OID,
+		.opt = "sp-pkg6",
+		.help_msg = "Secure Partition Package6 file",
+		.sn = "SPPkg6Hash",
+		.ln = "SP Pkg6 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG7_HASH_EXT] = {
+		.oid = SP_PKG7_HASH_OID,
+		.opt = "sp-pkg7",
+		.help_msg = "Secure Partition Package7 file",
+		.sn = "SPPkg7Hash",
+		.ln = "SP Pkg7 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+	[SP_PKG8_HASH_EXT] = {
+		.oid = SP_PKG8_HASH_OID,
+		.opt = "sp-pkg8",
+		.help_msg = "Secure Partition Package8 file",
+		.sn = "SPPkg8Hash",
+		.ln = "SP Pkg8 hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[SCP_FWU_CFG_HASH_EXT] = {
 		.oid = SCP_FWU_CFG_HASH_OID,
 		.opt = "scp-fwu-cfg",