1 /* 2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef TBBR_OID_H 8 #define TBBR_OID_H 9 10 #include "zero_oid.h" 11 12 #define MAX_OID_NAME_LEN 30 13 14 /* 15 * The following is a list of OID values defined and reserved by ARM, which 16 * are used to define the extension fields of the certificate structure, as 17 * defined in the Trusted Board Boot Requirements (TBBR) specification, 18 * ARM DEN0006C-1. 19 */ 20 21 22 /* TrustedFirmwareNVCounter - Non-volatile counter extension */ 23 #define TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.1" 24 /* NonTrustedFirmwareNVCounter - Non-volatile counter extension */ 25 #define NON_TRUSTED_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.2" 26 27 28 /* 29 * Non-Trusted Firmware Updater Certificate 30 */ 31 32 /* APFirmwareUpdaterConfigHash - BL2U */ 33 #define AP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.101" 34 /* SCPFirmwareUpdaterConfigHash - SCP_BL2U */ 35 #define SCP_FWU_CFG_HASH_OID "1.3.6.1.4.1.4128.2100.102" 36 /* FirmwareUpdaterHash - NS_BL2U */ 37 #define FWU_HASH_OID "1.3.6.1.4.1.4128.2100.103" 38 /* TrustedWatchdogRefreshTime */ 39 #define TRUSTED_WATCHDOG_TIME_OID "1.3.6.1.4.1.4128.2100.104" 40 41 42 /* 43 * Trusted Boot Firmware Certificate 44 */ 45 46 /* TrustedBootFirmwareHash - BL2 */ 47 #define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" 48 #define TRUSTED_BOOT_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.202" 49 #define HW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.203" 50 #define FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.204" 51 52 /* 53 * Trusted Key Certificate 54 */ 55 56 /* PrimaryDebugCertificatePK */ 57 #define PRIMARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.301" 58 /* TrustedWorldPK */ 59 #define TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.302" 60 /* NonTrustedWorldPK */ 61 #define NON_TRUSTED_WORLD_PK_OID "1.3.6.1.4.1.4128.2100.303" 62 63 64 /* 65 * Trusted Debug Certificate 66 */ 67 68 /* DebugScenario */ 69 #define TRUSTED_DEBUG_SCENARIO_OID "1.3.6.1.4.1.4128.2100.401" 70 /* SoC Specific */ 71 #define TRUSTED_DEBUG_SOC_SPEC_OID "1.3.6.1.4.1.4128.2100.402" 72 /* SecondaryDebugCertPK */ 73 #define SECONDARY_DEBUG_PK_OID "1.3.6.1.4.1.4128.2100.403" 74 75 76 /* 77 * SoC Firmware Key Certificate 78 */ 79 80 /* SoCFirmwareContentCertPK */ 81 #define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" 82 83 /* 84 * SoC Firmware Content Certificate 85 */ 86 87 /* APRomPatchHash - BL1_PATCH */ 88 #define APROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.601" 89 /* SoCConfigHash */ 90 #define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" 91 /* SoCAPFirmwareHash - BL31 */ 92 #define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" 93 /* SoCFirmwareConfigHash = SOC_FW_CONFIG */ 94 #define SOC_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.604" 95 96 /* 97 * SCP Firmware Key Certificate 98 */ 99 100 /* SCPFirmwareContentCertPK */ 101 #define SCP_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.701" 102 103 104 /* 105 * SCP Firmware Content Certificate 106 */ 107 108 /* SCPFirmwareHash - SCP_BL2 */ 109 #define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801" 110 /* SCPRomPatchHash - SCP_BL1_PATCH */ 111 #define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802" 112 113 114 /* 115 * Trusted OS Firmware Key Certificate 116 */ 117 118 /* TrustedOSFirmwareContentCertPK */ 119 #define TRUSTED_OS_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.901" 120 121 122 /* 123 * Trusted OS Firmware Content Certificate 124 */ 125 126 /* TrustedOSFirmwareHash - BL32 */ 127 #define TRUSTED_OS_FW_HASH_OID "1.3.6.1.4.1.4128.2100.1001" 128 /* TrustedOSExtra1FirmwareHash - BL32 Extra1 */ 129 #define TRUSTED_OS_FW_EXTRA1_HASH_OID "1.3.6.1.4.1.4128.2100.1002" 130 /* TrustedOSExtra2FirmwareHash - BL32 Extra2 */ 131 #define TRUSTED_OS_FW_EXTRA2_HASH_OID "1.3.6.1.4.1.4128.2100.1003" 132 /* TrustedOSFirmwareConfigHash - TOS_FW_CONFIG */ 133 #define TRUSTED_OS_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1004" 134 135 136 /* 137 * Non-Trusted Firmware Key Certificate 138 */ 139 140 /* NonTrustedFirmwareContentCertPK */ 141 #define NON_TRUSTED_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.1101" 142 143 144 /* 145 * Non-Trusted Firmware Content Certificate 146 */ 147 148 /* NonTrustedWorldBootloaderHash - BL33 */ 149 #define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" 150 /* NonTrustedFirmwareConfigHash - NT_FW_CONFIG */ 151 #define NON_TRUSTED_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1202" 152 153 /* 154 * Secure Partitions Content Certificate 155 */ 156 #define SP_PKG1_HASH_OID "1.3.6.1.4.1.4128.2100.1301" 157 #define SP_PKG2_HASH_OID "1.3.6.1.4.1.4128.2100.1302" 158 #define SP_PKG3_HASH_OID "1.3.6.1.4.1.4128.2100.1303" 159 #define SP_PKG4_HASH_OID "1.3.6.1.4.1.4128.2100.1304" 160 #define SP_PKG5_HASH_OID "1.3.6.1.4.1.4128.2100.1305" 161 #define SP_PKG6_HASH_OID "1.3.6.1.4.1.4128.2100.1306" 162 #define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307" 163 #define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308" 164 165 /* 166 * Public Keys present in SOC FW content certificates authenticate BL31 and 167 * its configuration. 168 */ 169 #define BL31_IMAGE_KEY_OID SOC_FW_CONTENT_CERT_PK_OID 170 #define SOC_FW_CONFIG_KEY_OID SOC_FW_CONTENT_CERT_PK_OID 171 #define HW_CONFIG_KEY_OID ZERO_OID 172 173 #ifdef PLAT_DEF_OID 174 #include <platform_oid.h> 175 #endif 176 #endif /* TBBR_OID_H */ 177
