Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 02e09252ee24c5fe47825b544dcf5a1a53f62434
commit02e09252ee24c5fe47825b544dcf5a1a53f62434[log] [tgz]
authorlaurenw-arm <lauren.wehrmeister@arm.com>Tue Jan 09 20:38:10 2024 -0600
committerlaurenw-arm <lauren.wehrmeister@arm.com>Thu Jan 18 13:18:09 2024 -0600
tree8232af5f793a1b94bfd9826226d5fbf840c06f00
parenta6e15d069b68a15b2d2946d48e11c80ada9456f6 [diff]
feat(fconf): support signing-key in root cert node

Until now we have only supported describing chain of trusts through the
CoT DTB with a single ROTPK so the signing key for root certificates was
implicit. Therefore signing key was not a supported property in the
root certificates node.

Now we want to extend that to describe CoTs with mulitiple roots of
trust so we need a way to specify for each root certificate with which
ROTPK it should be verified. For that, we reuse the 'signing-key'
property already in use for the non-root certificates, but we make it
optional for root certificates in single-RoT CoTs and for root
certificates signed with the default ROTPK in multi-RoT CoTs.

Change-Id: I41eb6579e8f1d01eaf10480fe5e224d2eed9c736
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
1 file changed
tree: 8232af5f793a1b94bfd9826226d5fbf840c06f00
  1. .husky/
  2. bl1/
  3. bl2/
  4. bl2u/
  5. bl31/
  6. bl32/
  7. common/
  8. docs/
  9. drivers/
  10. fdts/
  11. include/
  12. lib/
  13. licenses/
  14. make_helpers/
  15. plat/
  16. services/
  17. tools/
  18. .checkpatch.conf
  19. .commitlintrc.js
  20. .cz.json
  21. .editorconfig
  22. .gitignore
  23. .gitreview
  24. .nvmrc
  25. .readthedocs.yaml
  26. .versionrc.js
  27. changelog.yaml
  28. dco.txt
  29. license.rst
  30. Makefile
  31. package-lock.json
  32. package.json
  33. poetry.lock
  34. pyproject.toml
  35. readme.rst