• Juan Castillo's avatar
    TBB: add a platform specific function to validate the ROTPK · 6eadf762
    Juan Castillo authored
    This patch adds the function plat_match_rotpk() to the platform
    porting layer to provide a Root Of Trust Public key (ROTPK)
    verification mechanism. This function is called during the
    Trusted Board Boot process and receives a supposed valid copy
    of the ROTPK as a parameter, usually obtained from an external
    source (for instance, a certificate). It returns 0 (success) if
    that key matches the actual ROTPK stored in the system or any
    other value otherwise.
    
    The mechanism to access the actual ROTPK stored in the system
    is platform specific and should be implemented as part of this
    function. The format of the ROTPK is also platform specific
    (to save memory, some platforms might store a hash of the key
    instead of the whole key).
    
    TRUSTED_BOARD_BOOT build option has been added to allow the user
    to enable the Trusted Board Boot features. The implementation of
    the plat_match_rotpk() funtion is mandatory when Trusted Board
    Boot is enabled.
    
    For development purposes, FVP and Juno ports provide a dummy
    function that returns always success (valid key). A safe trusted
    boot implementation should provide a proper matching function.
    
    Documentation updated accordingly.
    
    Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
    6eadf762
porting-guide.md 61.5 KB