From ebbdbb1fd61635fb5ee61c89203384113bb09efb Mon Sep 17 00:00:00 2001
From: "Ying-Chun Liu (PaulLiu)" <paulliu@debian.org>
Date: Thu, 5 Jul 2018 14:55:21 +0800
Subject: [PATCH] docs: rpi3: add description for Trusted Board Boot

Add paragraph for how to enable Trusted Board Boot for rpi3

Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
---
 docs/plat/rpi3.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/plat/rpi3.rst b/docs/plat/rpi3.rst
index 245c5d06f..c8e2405cc 100644
--- a/docs/plat/rpi3.rst
+++ b/docs/plat/rpi3.rst
@@ -243,6 +243,16 @@ The following build options are supported:
   BL32_EXTRA1=tee-pager_v2.bin  BL32_EXTRA2=tee-pageable_v2.bin``
   to put the binaries into the FIP.
 
+- ``TRUSTED_BOARD_BOOT``: This port supports TBB. Set this option
+  ``TRUSTED_BOARD_BOOT=1`` to enable it. In order to use TBB, you might
+  want to set ``GENERATE_COT=1`` to let the contents of the FIP automatically
+  signed by the build process. The ROT key will be generated and output to
+  ``rot_key.pem`` in the build directory. It is able to set ROT_KEY to
+  your own key in PEM format.
+  Also in order to build, you need to clone mbedtls from
+  `here <https://github.com/ARMmbed/mbedtls>`__.
+  And set MBEDTLS_DIR to mbedtls source directory.
+
 The following is not currently supported:
 
 - AArch32 for TF-A itself.
-- 
GitLab