- 31 Jul, 2020 1 commit
-
-
Manish Pandey authored
Currently only single signing domain is supported for SP packages but there is plan to support dual signing domains if CoT is dualroot. SP_CONTENT_CERT_ID is the certificate file which is currently generated and signed with trusted world key which in-turn is derived from Silicon provider RoT key. To allow dual signing domain for SP packages, other certificate file will be derived from Platform owned RoT key. This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and does other related changes. Signed-off-by:Manish Pandey <manish.pandey2@arm.com> Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
-
- 24 Jun, 2020 1 commit
-
-
Louis Mayencourt authored
fw_config image is authenticated using secure boot framework by adding it into the single root and dual root chain of trust. The COT for fw_config image looks as below: +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Boot fw | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | fw_config hash |------>| fw_config | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:Louis Mayencourt <louis.mayencourt@arm.com> Signed-off-by:
Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I08fc8ee95c29a95bb140c807dd06e772474c7367
-
- 09 Jun, 2020 1 commit
-
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:
-
- 19 May, 2020 1 commit
-
-
Manish V Badarkhe authored
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c and tbbr_cot_bl2.c respectively. Common CoT used across BL1 and BL2 are moved to tbbr_cot_common.c. Signed-off-by:
-
- 24 Feb, 2020 1 commit
-
-
Sandrine Bailleux authored
This new chain of trust defines 2 independent signing domains: 1) One for the silicon firmware (BL1, BL2, BL31) and optionally the Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR CoT. 2) One for the Normal World Bootloader (BL33). It is rooted in a new key called Platform ROTPK, or PROTPK for short. In terms of certificates chain, - Signing domain 1) is similar to what TBBR advocates (see page 21 of the TBBR specification), except that the Non-Trusted World Public Key has been removed from the Trusted Key Certificate. - Signing domain 2) only contains the Non-Trusted World Content certificate, which provides the hash of the Non-Trusted World Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World Key certificate for simplicity. Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9 Signed-off-by:Sandrine Bailleux <sandrine.bailleux@arm.com>
-
