diff options
| author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2020-02-06 14:59:33 +0100 |
|---|---|---|
| committer | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2020-02-24 11:01:44 +0100 |
| commit | 1035a70625e322427853c161308b5960c42bb961 (patch) | |
| tree | 220ad32302d552166ac41ecdb9bb7dbd1d82d71b /plat | |
| parent | 32e26c067a21ae1dda62f63055b6c4264dbb45d0 (diff) | |
| download | platform_external_arm-trusted-firmware-1035a70625e322427853c161308b5960c42bb961.tar.gz platform_external_arm-trusted-firmware-1035a70625e322427853c161308b5960c42bb961.tar.bz2 platform_external_arm-trusted-firmware-1035a70625e322427853c161308b5960c42bb961.zip | |
plat/arm: Add support for dualroot CoT
- Use the development PROTPK if using the dualroot CoT.
Note that unlike the ROTPK, the PROTPK key hash file is not generated
from the key file, instead it has to be provided. This might be
enhanced in the future.
- Define a CoT build flag for the platform code to provide different
implementations where needed.
Change-Id: Iaaf25183b94e77a99a5d8d875831d90c102a97ea
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Diffstat (limited to 'plat')
| -rw-r--r-- | plat/arm/board/common/board_common.mk | 21 | ||||
| -rw-r--r-- | plat/arm/common/arm_common.mk | 2 |
2 files changed, 23 insertions, 0 deletions
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk index 459156b2a..1885a600a 100644 --- a/plat/arm/board/common/board_common.mk +++ b/plat/arm/board/common/board_common.mk @@ -68,4 +68,25 @@ BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ plat/arm/board/common/rotpk/arm_dev_rotpk.S +# Allows platform code to provide implementation variants depending on the +# selected chain of trust. +$(eval $(call add_define,ARM_COT_${COT})) + +ifeq (${COT},dualroot) +# Platform Root of Trust key files. +ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem +ARM_PROTPK_HASH := plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin + +# Provide the private key to cert_create tool. It needs it to sign the images. +PROT_KEY := ${ARM_PROT_KEY} + +$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"')) + +BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S +BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S + +$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH) +$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH) +endif + endif diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 17058d1a5..3521780a5 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -294,6 +294,8 @@ ifneq (${TRUSTED_BOARD_BOOT},0) # Include the selected chain of trust sources. ifeq (${COT},tbbr) AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot.c + else ifeq (${COT},dualroot) + AUTH_SOURCES += drivers/auth/dualroot/cot.c else $(error Unknown chain of trust ${COT}) endif |