blob: 1d31e3dd9e85ec3414fbec51ddf8e0b5777a00b1 [file] [log] [blame]
Chain of trust bindings
=======================
The device tree allows to describe the chain of trust with the help of
'cot' node which contain 'manifests' and 'images' as sub-nodes.
'manifests' and 'images' nodes contains number of sub-nodes (i.e. 'certificate'
and 'image' nodes) mentioning properties of the certificate and image respectively.
Also, device tree describes 'non-volatile-counters' node which contains number of
sub-nodes mentioning properties of all non-volatile-counters used in the chain of trust.
cot
------------------------------------------------------------------
This is root node which contains 'manifests' and 'images' as sub-nodes
Manifests and Certificate node bindings definition
----------------------------------------------------------------
- Manifests node
Description: Container of certificate nodes.
PROPERTIES
- compatible:
Usage: required
Value type: <string>
Definition: must be "arm, cert-descs"
- Certificate node
Description:
Describes certificate properties which are used
during the authentication process.
PROPERTIES
- root-certificate
Usage:
Required for the certificate with no parent.
In other words, certificates which are validated
using root of trust public key.
Value type: <boolean>
- image-id
Usage: Required for every certificate with unique id.
Value type: <u32>
- parent
Usage:
It refers to their parent image, which typically contains
information to authenticate the certificate.
This property is required for all non-root certificates.
This property is not required for root-certificates
as root-certificates are validated using root of trust
public key provided by platform.
Value type: <phandle>
- signing-key
Usage:
For non-root certificates, this property is used to refer
public key node present in parent certificate node and it is
required property for all non-root certificates which are
authenticated using public-key present in parent certificate.
This property is not required for all root-certificates. If
omitted, the root certificate will be validated using the
default platform ROTPK. If instead the root certificate needs
validating using a different ROTPK, the signing-key property
should provide a reference to the ROTPK node to use.
Value type: <phandle>
- antirollback-counter
Usage:
This property is used by all certificates which are
protected against rollback attacks using a non-volatile
counter and it is an optional property.
This property is used to refer one of the non-volatile
counter sub-node present in 'non-volatile counters' node.
Value type: <phandle>
SUBNODES
- Description:
Hash and public key information present in the certificate
are shown by these nodes.
- public key node
Description: Provide public key information in the certificate.
PROPERTIES
- oid
Usage:
This property provides the Object ID of public key
provided in the certificate which the help of which
public key information can be extracted.
Value type: <string>
- hash node
Description: Provide the hash information in the certificate.
PROPERTIES
- oid
Usage:
This property provides the Object ID of hash provided in
the certificate which the help of which hash information
can be extracted.
Value type: <string>
Example:
.. code:: c
cot {
manifests {
compatible = "arm, cert-descs”
trusted-key-cert: trusted-key-cert {
root-certificate;
image-id = <TRUSTED_KEY_CERT_ID>;
antirollback-counter = <&trusted_nv_ctr>;
trusted-world-pk: trusted-world-pk {
oid = TRUSTED_WORLD_PK_OID;
};
non-trusted-world-pk: non-trusted-world-pk {
oid = NON_TRUSTED_WORLD_PK_OID;
};
};
scp_fw_key_cert: scp_fw_key_cert {
image-id = <SCP_FW_KEY_CERT_ID>;
parent = <&trusted-key-cert>;
signing-key = <&trusted_world_pk>;
antirollback-counter = <&trusted_nv_ctr>;
scp_fw_content_pk: scp_fw_content_pk {
oid = SCP_FW_CONTENT_CERT_PK_OID;
};
};
.
.
.
next-certificate {
};
};
};
Images and Image node bindings definition
-----------------------------------------
- Images node
Description: Container of image nodes
PROPERTIES
- compatible:
Usage: required
Value type: <string>
Definition: must be "arm, img-descs"
- Image node
Description:
Describes image properties which will be used during
authentication process.
PROPERTIES
- image-id
Usage: Required for every image with unique id.
Value type: <u32>
- parent
Usage:
Required for every image to provide a reference to
its parent image, which contains the necessary information
to authenticate it.
Value type: <phandle>
- hash
Usage:
Required for all images which are validated using
hash method. This property is used to refer hash
node present in parent certificate node.
Value type: <phandle>
Note:
Currently, all images are validated using 'hash'
method. In future, there may be multiple methods can
be used to validate the image.
Example:
.. code:: c
cot {
images {
compatible = "arm, img-descs";
scp_bl2_image {
image-id = <SCP_BL2_IMAGE_ID>;
parent = <&scp_fw_content_cert>;
hash = <&scp_fw_hash>;
};
.
.
.
next-img {
};
};
};
non-volatile counter node binding definition
--------------------------------------------
- non-volatile counters node
Description: Contains properties for non-volatile counters.
PROPERTIES
- compatible:
Usage: required
Value type: <string>
Definition: must be "arm, non-volatile-counter"
- #address-cells
Usage: required
Value type: <u32>
Definition:
Must be set according to address size
of non-volatile counter register
- #size-cells
Usage: required
Value type: <u32>
Definition: must be set to 0
SUBNODE
- counters node
Description: Contains various non-volatile counters present in the platform.
PROPERTIES
- id
Usage: Required for every nv-counter with unique id.
Value type: <u32>
- reg
Usage:
Register base address of non-volatile counter and it is required
property.
Value type: <u32>
- oid
Usage:
This property provides the Object ID of non-volatile counter
provided in the certificate and it is required property.
Value type: <string>
Example:
Below is non-volatile counters example for ARM platform
.. code:: c
non_volatile_counters: non_volatile_counters {
compatible = "arm, non-volatile-counter";
#address-cells = <1>;
#size-cells = <0>;
trusted_nv_ctr: trusted_nv_ctr {
id = <TRUSTED_NV_CTR_ID>;
reg = <TFW_NVCTR_BASE>;
oid = TRUSTED_FW_NVCOUNTER_OID;
};
non_trusted_nv_ctr: non_trusted_nv_ctr {
id = <NON_TRUSTED_NV_CTR_ID>;
reg = <NTFW_CTR_BASE>;
oid = NON_TRUSTED_FW_NVCOUNTER_OID;
};
};
rot_keys node binding definition
---------------------------------
- rot_keys node
Description: Contains root-of-trust keys for the root certificates.
SUBNODES
- Description:
Root of trust key information present in the root certificates
are shown by these nodes.
- rot key node
Description: Provide ROT key information in the certificate.
PROPERTIES
- oid
Usage:
This property provides the Object ID of ROT key provided
in the certificate.
Value type: <string>
Example:
Below is rot_keys example for CCA platform
.. code:: c
rot_keys {
swd_rot_pk: swd_rot_pk {
oid = SWD_ROT_PK_OID;
};
prot_pk: prot_pk {
oid = PROT_PK_OID;
};
};
Future update to chain of trust binding
---------------------------------------
This binding document needs to be revisited to generalise some terminologies
which are currently specific to X.509 certificates for e.g. Object IDs.
*Copyright (c) 2020-2024, Arm Limited. All rights reserved.*