Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 3e992d6e5823bfe6da9b1e3792ef4ee20a2c0e13^! / . / docs / design / trusted-board-boot.rst
commit3e992d6e5823bfe6da9b1e3792ef4ee20a2c0e13[log] [tgz]
authorSandrine Bailleux <sandrine.bailleux@arm.com>Fri Feb 09 13:41:09 2024 +0100
committerManish V Badarkhe <Manish.Badarkhe@arm.com>Mon Feb 26 12:39:06 2024 +0000
treeb12b8a969008e572ca6805cb58929e1aa5d6dfb2
parente1fab90afd9468c4b7f98bdbb1f4682ea26617be [diff] [blame]
docs(auth): align TBBR CoT names to match the code

Update the section describing the TBBR chain of trust to use the same
terminology as in the code and the specification.

Also refresh the description of some of the certificates to include the
pieces of data they contain today. When this document was originally
written, TF-A did not support configuration files, which is why none of
the certificates included any configuration file hash at that time.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia85f88c933abd8d8d6727252a7d41fb9f0ce4287

diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index 10fb7fb..f10d2e7 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst

@@ -84,20 +84,20 @@
 
 -  **Root of trust key**
 
-   The private part of this key is used to sign the BL2 content certificate and
-   the trusted key certificate. The public part is the ROTPK.
+   The private part of this key is used to sign the trusted boot firmware
+   certificate and the trusted key certificate. The public part is the ROTPK.
 
 -  **Trusted world key**
 
    The private part is used to sign the key certificates corresponding to the
    secure world images (SCP_BL2, BL31 and BL32). The public part is stored in
-   one of the extension fields in the trusted world certificate.
+   one of the extension fields in the trusted key certificate.
 
 -  **Non-trusted world key**
 
    The private part is used to sign the key certificate corresponding to the
-   non secure world image (BL33). The public part is stored in one of the
-   extension fields in the trusted world certificate.
+   non-secure world image (BL33). The public part is stored in one of the
+   extension fields in the trusted key certificate.
 
 -  **BL3X keys**
 
@@ -116,10 +116,11 @@
 
 The following certificates are used to authenticate the images.
 
--  **BL2 content certificate**
+-  **Trusted boot firmware certificate**
 
-   It is self-signed with the private part of the ROT key. It contains a hash
-   of the BL2 image.
+   It is self-signed with the private part of the ROT key. It contains a hash of
+   the BL2 image and hashes of various firmware configuration files
+   (TB_FW_CONFIG, HW_CONFIG, FW_CONFIG).
 
 -  **Trusted key certificate**
 
@@ -127,45 +128,48 @@
    public part of the trusted world key and the public part of the non-trusted
    world key.
 
--  **SCP_BL2 key certificate**
+-  **SCP firmware key certificate**
 
    It is self-signed with the trusted world key. It contains the public part of
    the SCP_BL2 key.
 
--  **SCP_BL2 content certificate**
+-  **SCP firmware content certificate**
 
    It is self-signed with the SCP_BL2 key. It contains a hash of the SCP_BL2
    image.
 
--  **BL31 key certificate**
+-  **SoC firmware key certificate**
 
    It is self-signed with the trusted world key. It contains the public part of
    the BL31 key.
 
--  **BL31 content certificate**
+-  **SoC firmware content certificate**
 
-   It is self-signed with the BL31 key. It contains a hash of the BL31 image.
+   It is self-signed with the BL31 key. It contains hashes of the BL31 image and
+   its configuration file (SOC_FW_CONFIG).
 
--  **BL32 key certificate**
+-  **Trusted OS key certificate**
 
    It is self-signed with the trusted world key. It contains the public part of
    the BL32 key.
 
--  **BL32 content certificate**
+-  **Trusted OS content certificate**
 
-   It is self-signed with the BL32 key. It contains a hash of the BL32 image.
+   It is self-signed with the BL32 key. It contains hashes of the BL32 image(s)
+   and its configuration file(s) (TOS_FW_CONFIG).
 
--  **BL33 key certificate**
+-  **Non-trusted firmware key certificate**
 
    It is self-signed with the non-trusted world key. It contains the public
    part of the BL33 key.
 
--  **BL33 content certificate**
+-  **Non-trusted firmware content certificate**
 
-   It is self-signed with the BL33 key. It contains a hash of the BL33 image.
+   It is self-signed with the BL33 key. It contains hashes of the BL33 image and
+   its configuration file (NT_FW_CONFIG).
 
-The SCP_BL2 and BL32 certificates are optional, but they must be present if the
-corresponding SCP_BL2 or BL32 images are present.
+The SCP firmware and Trusted OS certificates are optional, but they must be
+present if the corresponding SCP_BL2 or BL32 images are present.
 
 The following diagram summarizes the part of the TBBR CoT enforced by BL2. Some
 images (SCP, debug certificates, secure partitions, configuration files) are not