mirrors/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-08-13 16:07:04 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
901b0a3015
arm-trusted-firmware/tools/cert_create/include/cert.h
Pankaj Gupta b94bf967e6 cert_create: updated tool for platform defined certs, keys & extensions 
Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.

NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.

To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.

Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
2021-03-24 09:49:31 +05:30

77 lines
2.2 KiB
C
Raw Blame History

/*
* Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CERT_H
#define CERT_H
#include <openssl/ossl_typ.h>
#include <openssl/x509.h>
#include "ext.h"
#include "key.h"
#define CERT_MAX_EXT 9
/*
* This structure contains information related to the generation of the
* certificates. All these fields must be known and specified at build time
* except for the file name, which is picked up from the command line at
* run time.
*
* One instance of this structure must be created for each of the certificates
* present in the chain of trust.
*
* If the issuer points to this same instance, the generated certificate will
* be self-signed.
*/
typedef struct cert_s cert_t;
struct cert_s {
int id; /* Unique identifier */
const char *opt; /* Command line option to pass filename */
const char *fn; /* Filename to save the certificate */
const char *cn; /* Subject CN (Company Name) */
const char *help_msg; /* Help message */
/* These fields must be defined statically */
int key; /* Key to be signed */
int issuer; /* Issuer certificate */
int ext[CERT_MAX_EXT]; /* Certificate extensions */
int num_ext; /* Number of extensions in the certificate */
X509 *x; /* X509 certificate container */
};
/* Exported API */
int cert_init(void);
cert_t *cert_get_by_opt(const char *opt);
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
int cert_new(
int md_alg,
cert_t *cert,
int days,
int ca,
STACK_OF(X509_EXTENSION) * sk);
/* Macro to register the certificates used in the CoT */
#define REGISTER_COT(_certs) \
cert_t *def_certs = &_certs[0]; \
const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0])
/* Macro to register the platform defined certificates used in the CoT */
#define PLAT_REGISTER_COT(_pdef_certs) \
cert_t *pdef_certs = &_pdef_certs[0]; \
const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0])
/* Exported variables */
extern cert_t *def_certs;
extern const unsigned int num_def_certs;
extern cert_t *pdef_certs;
extern const unsigned int num_pdef_certs;
extern cert_t *certs;
extern unsigned int num_certs;
#endif /* CERT_H */
Reference in New Issue View Git Blame Copy Permalink