cert_create: improve command line argument check
The certificate generation tool currently checks if all command
line options required to create all certificates in the CoT have
been specified. This prevents using the tool to create individual
certificates when the whole CoT is not required.
This patch improves the checking function so only those options
required by the certificates specified in the command line are
verified.
Change-Id: I2c426a8e2e2dec85b15f2d98fd4ba949c1aed385
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 29bf452..5bf41cc 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -116,8 +116,6 @@
static int new_keys;
static int save_keys;
static int print_cert;
-static int bl30_present;
-static int bl32_present;
/* Info messages created in the Makefile */
extern const char build_msg[];
@@ -218,74 +216,55 @@
static void check_cmd_params(void)
{
+ cert_t *cert;
+ ext_t *ext;
+ key_t *key;
+ int i, j;
+
/* Only save new keys */
if (save_keys && !new_keys) {
ERROR("Only new keys can be saved to disk\n");
exit(1);
}
- /* BL2, BL31 and BL33 are mandatory */
- if (extensions[BL2_HASH_EXT].data.fn == NULL) {
- ERROR("BL2 image not specified\n");
- exit(1);
- }
-
- if (extensions[BL31_HASH_EXT].data.fn == NULL) {
- ERROR("BL31 image not specified\n");
- exit(1);
- }
-
- if (extensions[BL33_HASH_EXT].data.fn == NULL) {
- ERROR("BL33 image not specified\n");
- exit(1);
- }
-
- /* BL30 and BL32 are optional */
- if (extensions[BL30_HASH_EXT].data.fn != NULL) {
- bl30_present = 1;
- }
-
- if (extensions[BL32_HASH_EXT].data.fn != NULL) {
- bl32_present = 1;
- }
-
- /* TODO: Certificate filenames */
-
- /* Filenames to store keys must be specified */
- if (save_keys || !new_keys) {
- if (keys[ROT_KEY].fn == NULL) {
- ERROR("ROT key not specified\n");
- exit(1);
+ /* Check that all required options have been specified in the
+ * command line */
+ for (i = 0; i < num_certs; i++) {
+ cert = &certs[i];
+ if (cert->fn == NULL) {
+ /* Certificate not requested. Skip to the next one */
+ continue;
}
- if (keys[TRUSTED_WORLD_KEY].fn == NULL) {
- ERROR("Trusted World key not specified\n");
- exit(1);
- }
-
- if (keys[NON_TRUSTED_WORLD_KEY].fn == NULL) {
- ERROR("Non-trusted World key not specified\n");
- exit(1);
- }
-
- if (keys[BL31_KEY].fn == NULL) {
- ERROR("BL31 key not specified\n");
- exit(1);
- }
-
- if (keys[BL33_KEY].fn == NULL) {
- ERROR("BL33 key not specified\n");
- exit(1);
- }
-
- if (bl30_present && (keys[BL30_KEY].fn == NULL)) {
- ERROR("BL30 key not specified\n");
- exit(1);
- }
-
- if (bl32_present && (keys[BL32_KEY].fn == NULL)) {
- ERROR("BL32 key not specified\n");
- exit(1);
+ /* Check that all parameters required to create this certificate
+ * have been specified in the command line */
+ for (j = 0; j < cert->num_ext; j++) {
+ ext = &extensions[cert->ext[j]];
+ switch (ext->type) {
+ case EXT_TYPE_PKEY:
+ /* Key filename must be specified */
+ key = &keys[ext->data.key];
+ if (!new_keys && key->fn == NULL) {
+ ERROR("Key '%s' required by '%s' not "
+ "specified\n", key->desc,
+ cert->cn);
+ exit(1);
+ }
+ break;
+ case EXT_TYPE_HASH:
+ /* Binary image must be specified */
+ if (ext->data.fn == NULL) {
+ ERROR("Image for '%s' not specified\n",
+ ext->ln);
+ exit(1);
+ }
+ break;
+ default:
+ ERROR("Unknown extension type in '%s'\n",
+ ext->ln);
+ exit(1);
+ break;
+ }
}
}
}
@@ -518,7 +497,7 @@
}
/* Create certificate. Signed with ROT key */
- if (!cert_new(cert, VAL_DAYS, 0, sk)) {
+ if (cert->fn && !cert_new(cert, VAL_DAYS, 0, sk)) {
ERROR("Cannot create %s\n", cert->cn);
exit(1);
}
