TBB: apply TBBR naming convention to certificates and extensions

This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:

    * Certificate UUID names
    * Certificate identifier names
    * OID names

Changes apply to:

    * Generic code (variables and defines)
    * The default certificate identifiers provided in the generic
      code
    * Build system
    * ARM platforms port
    * cert_create tool internal definitions
    * fip_create and cert_create tools command line options
    * Documentation

IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:

Certificate UUIDs:

    UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
    UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
    UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
    UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
    UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
    UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
    UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
    UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
    UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT

Certificate identifiers:

    BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
    BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
    BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
    BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
    BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
    BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
    BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
    BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
    BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID

OIDs:

    TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
    NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
    BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
    TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
    NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
    BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
    BL30_HASH_OID --> SCP_FW_HASH_OID
    BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
    BL31_HASH_OID --> SOC_AP_FW_HASH_OID
    BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
    BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
    BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
    BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
    BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
    SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
    NS_BL2U_HASH_OID --> FWU_HASH_OID

Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079

8 files changed, 187 insertions, 187 deletions

diff --git a/tools/cert_create/include/tbbr/tbb_cert.h b/tools/cert_create/include/tbbr/tbb_cert.h
index 2bc3be63..c0f7ba25 100644
--- a/tools/cert_create/include/tbbr/tbb_cert.h
+++ b/tools/cert_create/include/tbbr/tbb_cert.h
@@ -37,16 +37,16 @@
  * Enumerate the certificates that are used to establish the chain of trust
  */
 enum {
-	BL2_CERT,
+	TRUSTED_BOOT_FW_CERT,
 	TRUSTED_KEY_CERT,
-	BL30_KEY_CERT,
-	BL30_CERT,
-	BL31_KEY_CERT,
-	BL31_CERT,
-	BL32_KEY_CERT,
-	BL32_CERT,
-	BL33_KEY_CERT,
-	BL33_CERT,
+	SCP_FW_KEY_CERT,
+	SCP_FW_CONTENT_CERT,
+	SOC_FW_KEY_CERT,
+	SOC_FW_CONTENT_CERT,
+	TRUSTED_OS_FW_KEY_CERT,
+	TRUSTED_OS_FW_CONTENT_CERT,
+	NON_TRUSTED_FW_KEY_CERT,
+	NON_TRUSTED_FW_CONTENT_CERT,
 	FWU_CERT
 };
 
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index ecbe8669..8589cf7b 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -34,22 +34,22 @@
 
 /* TBBR extensions */
 enum {
-	TZ_FW_NVCOUNTER_EXT,
-	NTZ_FW_NVCOUNTER_EXT,
-	BL2_HASH_EXT,
-	TZ_WORLD_PK_EXT,
-	NTZ_WORLD_PK_EXT,
-	BL31_CONTENT_CERT_PK_EXT,
-	BL31_HASH_EXT,
-	BL30_CONTENT_CERT_PK_EXT,
-	BL30_HASH_EXT,
-	BL32_CONTENT_CERT_PK_EXT,
-	BL32_HASH_EXT,
-	BL33_CONTENT_CERT_PK_EXT,
-	BL33_HASH_EXT,
-	SCP_BL2U_HASH_EXT,
-	BL2U_HASH_EXT,
-	NS_BL2U_HASH_EXT
+	TRUSTED_FW_NVCOUNTER_EXT,
+	NON_TRUSTED_FW_NVCOUNTER_EXT,
+	TRUSTED_BOOT_FW_HASH_EXT,
+	TRUSTED_WORLD_PK_EXT,
+	NON_TRUSTED_WORLD_PK_EXT,
+	SCP_FW_CONTENT_CERT_PK_EXT,
+	SCP_FW_HASH_EXT,
+	SOC_FW_CONTENT_CERT_PK_EXT,
+	SOC_AP_FW_HASH_EXT,
+	TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
+	TRUSTED_OS_FW_HASH_EXT,
+	NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
+	NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+	SCP_FWU_CFG_HASH_EXT,
+	AP_FWU_CFG_HASH_EXT,
+	FWU_HASH_EXT
 };
 
 #endif /* TBB_EXT_H_ */
diff --git a/tools/cert_create/include/tbbr/tbb_key.h b/tools/cert_create/include/tbbr/tbb_key.h
index 15903094..0becf3f5 100644
--- a/tools/cert_create/include/tbbr/tbb_key.h
+++ b/tools/cert_create/include/tbbr/tbb_key.h
@@ -40,10 +40,10 @@ enum {
 	ROT_KEY,
 	TRUSTED_WORLD_KEY,
 	NON_TRUSTED_WORLD_KEY,
-	BL30_KEY,
-	BL31_KEY,
-	BL32_KEY,
-	BL33_KEY
+	SCP_FW_CONTENT_CERT_KEY,
+	SOC_FW_CONTENT_CERT_KEY,
+	TRUSTED_OS_FW_CONTENT_CERT_KEY,
+	NON_TRUSTED_FW_CONTENT_CERT_KEY
 };
 
 #endif /* TBB_KEY_H_ */
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index de15ef6f..6d11a277 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -91,16 +91,16 @@ enum {
 	BL32_ID,
 	BL33_ID,
 	/* Certificate file names (outputs) */
-	BL2_CERT_ID,
+	TRUSTED_BOOT_FW_CERT_ID,
 	TRUSTED_KEY_CERT_ID,
-	BL30_KEY_CERT_ID,
-	BL30_CERT_ID,
-	BL31_KEY_CERT_ID,
-	BL31_CERT_ID,
-	BL32_KEY_CERT_ID,
-	BL32_CERT_ID,
-	BL33_KEY_CERT_ID,
-	BL33_CERT_ID,
+	SCP_FW_KEY_CERT_ID,
+	SCP_FW_CONTENT_CERT_ID,
+	SOC_FW_KEY_CERT_ID,
+	SOC_FW_CONTENT_CERT_ID,
+	TRUSTED_OS_FW_KEY_CERT_ID,
+	TRUSTED_OS_FW_CONTENT_CERT_ID,
+	NON_TRUSTED_FW_KEY_CERT_ID,
+	NON_TRUSTED_FW_CONTENT_CERT_ID,
 	/* Key file names (input/output) */
 	ROT_KEY_ID,
 	TRUSTED_WORLD_KEY_ID,
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 59a1cd9c..20be59f7 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -40,15 +40,15 @@
  * field points to itself.
  */
 static cert_t tbb_certs[] = {
-	[BL2_CERT] = {
-		.id = BL2_CERT,
-		.opt = "bl2-cert",
+	[TRUSTED_BOOT_FW_CERT] = {
+		.id = TRUSTED_BOOT_FW_CERT,
+		.opt = "tb-fw-cert",
 		.fn = NULL,
-		.cn = "BL2 Certificate",
+		.cn = "Trusted Boot FW Certificate",
 		.key = ROT_KEY,
-		.issuer = BL2_CERT,
+		.issuer = TRUSTED_BOOT_FW_CERT,
 		.ext = {
-			BL2_HASH_EXT
+			TRUSTED_BOOT_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
@@ -60,104 +60,104 @@ static cert_t tbb_certs[] = {
 		.key = ROT_KEY,
 		.issuer = TRUSTED_KEY_CERT,
 		.ext = {
-			TZ_WORLD_PK_EXT,
-			NTZ_WORLD_PK_EXT
+			TRUSTED_WORLD_PK_EXT,
+			NON_TRUSTED_WORLD_PK_EXT
 		},
 		.num_ext = 2
 	},
-	[BL30_KEY_CERT] = {
-		.id = BL30_KEY_CERT,
-		.opt = "bl30-key-cert",
+	[SCP_FW_KEY_CERT] = {
+		.id = SCP_FW_KEY_CERT,
+		.opt = "scp-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-0 Key Certificate",
+		.cn = "SCP Firmware Key Certificate",
 		.key = TRUSTED_WORLD_KEY,
-		.issuer = BL30_KEY_CERT,
+		.issuer = SCP_FW_KEY_CERT,
 		.ext = {
-			BL30_CONTENT_CERT_PK_EXT
+			SCP_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL30_CERT] = {
-		.id = BL30_CERT,
-		.opt = "bl30-cert",
+	[SCP_FW_CONTENT_CERT] = {
+		.id = SCP_FW_CONTENT_CERT,
+		.opt = "scp-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-0 Content Certificate",
-		.key = BL30_KEY,
-		.issuer = BL30_CERT,
+		.cn = "SCP Firmware Content Certificate",
+		.key = SCP_FW_CONTENT_CERT_KEY,
+		.issuer = SCP_FW_CONTENT_CERT,
 		.ext = {
-			BL30_HASH_EXT
+			SCP_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
-	[BL31_KEY_CERT] = {
-		.id = BL31_KEY_CERT,
-		.opt = "bl31-key-cert",
+	[SOC_FW_KEY_CERT] = {
+		.id = SOC_FW_KEY_CERT,
+		.opt = "soc-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-1 Key Certificate",
+		.cn = "SoC Firmware Key Certificate",
 		.key = TRUSTED_WORLD_KEY,
-		.issuer = BL31_KEY_CERT,
+		.issuer = SOC_FW_KEY_CERT,
 		.ext = {
-			BL31_CONTENT_CERT_PK_EXT
+			SOC_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL31_CERT] = {
-		.id = BL31_CERT,
-		.opt = "bl31-cert",
+	[SOC_FW_CONTENT_CERT] = {
+		.id = SOC_FW_CONTENT_CERT,
+		.opt = "soc-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-1 Content Certificate",
-		.key = BL31_KEY,
-		.issuer = BL31_CERT,
+		.cn = "SoC Firmware Content Certificate",
+		.key = SOC_FW_CONTENT_CERT_KEY,
+		.issuer = SOC_FW_CONTENT_CERT,
 		.ext = {
-			BL31_HASH_EXT
+			SOC_AP_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
-	[BL32_KEY_CERT] = {
-		.id = BL32_KEY_CERT,
-		.opt = "bl32-key-cert",
+	[TRUSTED_OS_FW_KEY_CERT] = {
+		.id = TRUSTED_OS_FW_KEY_CERT,
+		.opt = "tos-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-2 Key Certificate",
+		.cn = "Trusted OS Firmware Key Certificate",
 		.key = TRUSTED_WORLD_KEY,
-		.issuer = BL32_KEY_CERT,
+		.issuer = TRUSTED_OS_FW_KEY_CERT,
 		.ext = {
-			BL32_CONTENT_CERT_PK_EXT
+			TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL32_CERT] = {
-		.id = BL32_CERT,
-		.opt = "bl32-cert",
+	[TRUSTED_OS_FW_CONTENT_CERT] = {
+		.id = TRUSTED_OS_FW_CONTENT_CERT,
+		.opt = "tos-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-2 Content Certificate",
-		.key = BL32_KEY,
-		.issuer = BL32_CERT,
+		.cn = "Trusted OS Firmware Content Certificate",
+		.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
 		.ext = {
-			BL32_HASH_EXT
+			TRUSTED_OS_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
-	[BL33_KEY_CERT] = {
-		.id = BL33_KEY_CERT,
-		.opt = "bl33-key-cert",
+	[NON_TRUSTED_FW_KEY_CERT] = {
+		.id = NON_TRUSTED_FW_KEY_CERT,
+		.opt = "nt-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-3 Key Certificate",
+		.cn = "Non-Trusted Firmware Key Certificate",
 		.key = NON_TRUSTED_WORLD_KEY,
-		.issuer = BL33_KEY_CERT,
+		.issuer = NON_TRUSTED_FW_KEY_CERT,
 		.ext = {
-			BL33_CONTENT_CERT_PK_EXT
+			NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL33_CERT] = {
-		.id = BL33_CERT,
-		.opt = "bl33-cert",
+	[NON_TRUSTED_FW_CONTENT_CERT] = {
+		.id = NON_TRUSTED_FW_CONTENT_CERT,
+		.opt = "nt-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-3 Content Certificate",
-		.key = BL33_KEY,
-		.issuer = BL33_CERT,
+		.cn = "Non-Trusted Firmware Content Certificate",
+		.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
 		.ext = {
-			BL33_HASH_EXT
+			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
 		},
 		.num_ext = 1
 	},
@@ -169,9 +169,9 @@ static cert_t tbb_certs[] = {
 		.key = ROT_KEY,
 		.issuer = FWU_CERT,
 		.ext = {
-			SCP_BL2U_HASH_EXT,
-			BL2U_HASH_EXT,
-			NS_BL2U_HASH_EXT
+			SCP_FWU_CFG_HASH_EXT,
+			AP_FWU_CFG_HASH_EXT,
+			FWU_HASH_EXT
 		},
 		.num_ext = 3
 	}
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index b0af6f1a..1400fbfd 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -42,133 +42,133 @@
 #define NORMAL_WORLD_NVCTR_VALUE	0
 
 static ext_t tbb_ext[] = {
-	[TZ_FW_NVCOUNTER_EXT] = {
-		.oid = TZ_FW_NVCOUNTER_OID,
+	[TRUSTED_FW_NVCOUNTER_EXT] = {
+		.oid = TRUSTED_FW_NVCOUNTER_OID,
 		.sn = "TrustedWorldNVCounter",
 		.ln = "Trusted World Non-Volatile counter",
 		.asn1_type = V_ASN1_INTEGER,
 		.type = EXT_TYPE_NVCOUNTER,
 		.data.nvcounter = TRUSTED_WORLD_NVCTR_VALUE
 	},
-	[NTZ_FW_NVCOUNTER_EXT] = {
-		.oid = NTZ_FW_NVCOUNTER_OID,
+	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
+		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
 		.sn = "NormalWorldNVCounter",
 		.ln = "Normal World Non-Volatile counter",
 		.asn1_type = V_ASN1_INTEGER,
 		.type = EXT_TYPE_NVCOUNTER,
 		.data.nvcounter = NORMAL_WORLD_NVCTR_VALUE
 	},
-	[BL2_HASH_EXT] = {
-		.oid = BL2_HASH_OID,
-		.opt = "bl2",
+	[TRUSTED_BOOT_FW_HASH_EXT] = {
+		.oid = TRUSTED_BOOT_FW_HASH_OID,
+		.opt = "tb-fw",
 		.sn = "TrustedBootFirmwareHash",
-		.ln = "Trusted Boot Firmware (BL2) hash (SHA256)",
+		.ln = "Trusted Boot Firmware hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
-	[TZ_WORLD_PK_EXT] = {
-		.oid = TZ_WORLD_PK_OID,
+	[TRUSTED_WORLD_PK_EXT] = {
+		.oid = TRUSTED_WORLD_PK_OID,
 		.sn = "TrustedWorldPublicKey",
 		.ln = "Trusted World Public Key",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_PKEY,
 		.data.key = TRUSTED_WORLD_KEY
 	},
-	[NTZ_WORLD_PK_EXT] = {
-		.oid = NTZ_WORLD_PK_OID,
+	[NON_TRUSTED_WORLD_PK_EXT] = {
+		.oid = NON_TRUSTED_WORLD_PK_OID,
 		.sn = "NonTrustedWorldPublicKey",
 		.ln = "Non-Trusted World Public Key",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_PKEY,
 		.data.key = NON_TRUSTED_WORLD_KEY
 	},
-	[BL30_CONTENT_CERT_PK_EXT] = {
-		.oid = BL30_CONTENT_CERT_PK_OID,
+	[SCP_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = SCP_FW_CONTENT_CERT_PK_OID,
 		.sn = "SCPFirmwareContentCertPK",
 		.ln = "SCP Firmware content certificate public key",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_PKEY,
-		.data.key = BL30_KEY
+		.data.key = SCP_FW_CONTENT_CERT_KEY
 	},
-	[BL30_HASH_EXT] = {
-		.oid = BL30_HASH_OID,
-		.opt = "bl30",
+	[SCP_FW_HASH_EXT] = {
+		.oid = SCP_FW_HASH_OID,
+		.opt = "scp-fw",
 		.sn = "SCPFirmwareHash",
-		.ln = "SCP Firmware (BL30) hash (SHA256)",
+		.ln = "SCP Firmware hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
-	[BL31_CONTENT_CERT_PK_EXT] = {
-		.oid = BL31_CONTENT_CERT_PK_OID,
+	[SOC_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = SOC_FW_CONTENT_CERT_PK_OID,
 		.sn = "SoCFirmwareContentCertPK",
 		.ln = "SoC Firmware content certificate public key",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_PKEY,
-		.data.key = BL31_KEY
+		.data.key = SOC_FW_CONTENT_CERT_KEY
 	},
-	[BL31_HASH_EXT] = {
-		.oid = BL31_HASH_OID,
-		.opt = "bl31",
+	[SOC_AP_FW_HASH_EXT] = {
+		.oid = SOC_AP_FW_HASH_OID,
+		.opt = "soc-fw",
 		.sn = "SoCAPFirmwareHash",
-		.ln = "SoC AP Firmware (BL31) hash (SHA256)",
+		.ln = "SoC AP Firmware hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
-	[BL32_CONTENT_CERT_PK_EXT] = {
-		.oid = BL32_CONTENT_CERT_PK_OID,
+	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
 		.sn = "TrustedOSFirmwareContentCertPK",
 		.ln = "Trusted OS Firmware content certificate public key",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_PKEY,
-		.data.key = BL32_KEY
+		.data.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
 	},
-	[BL32_HASH_EXT] = {
-		.oid = BL32_HASH_OID,
-		.opt = "bl32",
+	[TRUSTED_OS_FW_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_HASH_OID,
+		.opt = "tos-fw",
 		.sn = "TrustedOSHash",
-		.ln = "Trusted OS (BL32) hash (SHA256)",
+		.ln = "Trusted OS hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
-	[BL33_CONTENT_CERT_PK_EXT] = {
-		.oid = BL33_CONTENT_CERT_PK_OID,
+	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
 		.sn = "NonTrustedFirmwareContentCertPK",
 		.ln = "Non-Trusted Firmware content certificate public key",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_PKEY,
-		.data.key = BL33_KEY
+		.data.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
 	},
-	[BL33_HASH_EXT] = {
-		.oid = BL33_HASH_OID,
-		.opt = "bl33",
+	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
+		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
+		.opt = "nt-fw",
 		.sn = "NonTrustedWorldBootloaderHash",
-		.ln = "Non-Trusted World (BL33) hash (SHA256)",
+		.ln = "Non-Trusted World hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
-	[SCP_BL2U_HASH_EXT] = {
-		.oid = SCP_BL2U_HASH_OID,
-		.opt = "scp_bl2u",
+	[SCP_FWU_CFG_HASH_EXT] = {
+		.oid = SCP_FWU_CFG_HASH_OID,
+		.opt = "scp-fwu-cfg",
 		.sn = "SCPFWUpdateConfig",
-		.ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)",
+		.ln = "SCP Firmware Update Config hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH,
 		.optional = 1
 	},
-	[BL2U_HASH_EXT] = {
-		.oid = BL2U_HASH_OID,
-		.opt = "bl2u",
+	[AP_FWU_CFG_HASH_EXT] = {
+		.oid = AP_FWU_CFG_HASH_OID,
+		.opt = "ap-fwu-cfg",
 		.sn = "APFWUpdateConfig",
-		.ln = "AP Firmware Update Config (BL2U) hash (SHA256)",
+		.ln = "AP Firmware Update Config hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH,
 		.optional = 1
 	},
-	[NS_BL2U_HASH_EXT] = {
-		.oid = NS_BL2U_HASH_OID,
-		.opt = "ns_bl2u",
+	[FWU_HASH_EXT] = {
+		.oid = FWU_HASH_OID,
+		.opt = "fwu",
 		.sn = "FWUpdaterHash",
-		.ln = "Firmware Updater (NS_BL2U) hash (SHA256)",
+		.ln = "Firmware Updater hash (SHA256)",
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH,
 		.optional = 1
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c
index eaaf1ff1..089425a9 100644
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -51,25 +51,25 @@ static key_t tbb_keys[] = {
 		.opt = "non-trusted-world-key",
 		.desc = "Non Trusted World key"
 	},
-	[BL30_KEY] = {
-		.id = BL30_KEY,
-		.opt = "bl30-key",
-		.desc = "BL30 key"
+	[SCP_FW_CONTENT_CERT_KEY] = {
+		.id = SCP_FW_CONTENT_CERT_KEY,
+		.opt = "scp-fw-key",
+		.desc = "SCP Firmware Content Certificate key"
 	},
-	[BL31_KEY] = {
-		.id = BL31_KEY,
-		.opt = "bl31-key",
-		.desc = "BL31 key"
+	[SOC_FW_CONTENT_CERT_KEY] = {
+		.id = SOC_FW_CONTENT_CERT_KEY,
+		.opt = "soc-fw-key",
+		.desc = "SoC Firmware Content Certificate key"
 	},
-	[BL32_KEY] = {
-		.id = BL32_KEY,
-		.opt = "bl32-key",
-		.desc = "BL32 key"
+	[TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
+		.id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+		.opt = "tos-fw-key",
+		.desc = "Trusted OS Firmware Content Certificate key"
 	},
-	[BL33_KEY] = {
-		.id = BL33_KEY,
-		.opt = "bl33-key",
-		.desc = "BL33 key"
+	[NON_TRUSTED_FW_CONTENT_CERT_KEY] = {
+		.id = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+		.opt = "nt-fw-key",
+		.desc = "Non Trusted Firmware Content Certificate key"
 	}
 };
 
diff --git a/tools/fip_create/fip_create.c b/tools/fip_create/fip_create.c
index 57131840..ef533c7e 100644
--- a/tools/fip_create/fip_create.c
+++ b/tools/fip_create/fip_create.c
@@ -78,25 +78,25 @@ static entry_lookup_list_t toc_entry_lookup_list[] = {
 	  "rot-cert", NULL, FLAG_FILENAME },
 	{ "Trusted key certificate", UUID_TRUSTED_KEY_CERT,
 	  "trusted-key-cert", NULL, FLAG_FILENAME},
-	{ "SCP Firmware BL3-0 key certificate", UUID_SCP_FIRMWARE_BL30_KEY_CERT,
-	  "bl30-key-cert", NULL, FLAG_FILENAME},
-	{ "EL3 Runtime Firmware BL3-1 key certificate", UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT,
-	  "bl31-key-cert", NULL, FLAG_FILENAME},
-	{ "Secure Payload BL3-2 (Trusted OS) key certificate", UUID_SECURE_PAYLOAD_BL32_KEY_CERT,
-	  "bl32-key-cert", NULL, FLAG_FILENAME},
-	{ "Non-Trusted Firmware BL3-3 key certificate", UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT,
-	  "bl33-key-cert", NULL, FLAG_FILENAME},
+	{ "SCP Firmware key certificate", UUID_SCP_FW_KEY_CERT,
+	  "scp-fw-key-cert", NULL, FLAG_FILENAME},
+	{ "SoC Firmware key certificate", UUID_SOC_FW_KEY_CERT,
+	  "soc-fw-key-cert", NULL, FLAG_FILENAME},
+	{ "Trusted OS Firmware key certificate", UUID_TRUSTED_OS_FW_KEY_CERT,
+	  "tos-fw-key-cert", NULL, FLAG_FILENAME},
+	{ "Non-Trusted Firmware key certificate", UUID_NON_TRUSTED_FW_KEY_CERT,
+	  "nt-fw-key-cert", NULL, FLAG_FILENAME},
 	/* Content certificates */
-	{ "Trusted Boot Firmware BL2 certificate", UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT,
-	  "bl2-cert", NULL, FLAG_FILENAME },
-	{ "SCP Firmware BL3-0 certificate", UUID_SCP_FIRMWARE_BL30_CERT,
-	  "bl30-cert", NULL, FLAG_FILENAME},
-	{ "EL3 Runtime Firmware BL3-1 certificate", UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT,
-	  "bl31-cert", NULL, FLAG_FILENAME},
-	{ "Secure Payload BL3-2 (Trusted OS) certificate", UUID_SECURE_PAYLOAD_BL32_CERT,
-	  "bl32-cert", NULL, FLAG_FILENAME},
-	{ "Non-Trusted Firmware BL3-3 certificate", UUID_NON_TRUSTED_FIRMWARE_BL33_CERT,
-	  "bl33-cert", NULL, FLAG_FILENAME},
+	{ "Trusted Boot Firmware BL2 certificate", UUID_TRUSTED_BOOT_FW_CERT,
+	  "tb-fw-cert", NULL, FLAG_FILENAME },
+	{ "SCP Firmware content certificate", UUID_SCP_FW_CONTENT_CERT,
+	  "scp-fw-cert", NULL, FLAG_FILENAME},
+	{ "SoC Firmware content certificate", UUID_SOC_FW_CONTENT_CERT,
+	  "soc-fw-cert", NULL, FLAG_FILENAME},
+	{ "Trusted OS Firmware content certificate", UUID_TRUSTED_OS_FW_CONTENT_CERT,
+	  "tos-fw-cert", NULL, FLAG_FILENAME},
+	{ "Non-Trusted Firmware content certificate", UUID_NON_TRUSTED_FW_CONTENT_CERT,
+	  "nt-fw-cert", NULL, FLAG_FILENAME},
 	{ NULL, {0}, 0 }
 };