doc: add description of "owner" field in SP layout file.
Change-Id: Iedaa83ed546eb2476849a8d53f6e05b847a48b23
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index c58cd08..9a65e64 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -283,18 +283,25 @@
paths to the SP binary image and associated DTS partition manifest file.
The latter is going through the dtc compiler to generate the dtb fed into
the SP package.
+This file also specifies the owner of the SP, which is an optional field and
+identifies the signing domain in case of dualroot CoT.
+The possible owner of an SP could either be Silicon Provider or Platform, and
+the corresponding "owner" field value could either be "SiP" or "Plat".
+In absence of "owner" field, it defaults to "SiP".
.. code:: shell
{
"tee1" : {
"image": "tee1.bin",
- "pm": "tee1.dts"
+ "pm": "tee1.dts",
+ "owner": "SiP"
},
"tee2" : {
"image": "tee2.bin",
- "pm": "tee2.dts"
+ "pm": "tee2.dts",
+ "owner": "Plat"
}
}
@@ -376,8 +383,9 @@
The multiple-signing domain feature (in current state dual signing domain) allows
the use of two root keys namely S-ROTPK and NS-ROTPK (see `[8]`_):
-- SPMC(BL32), SPMC manifest, SPs may be signed by the SiP using the S-ROTPK.
+- SPMC (BL32) and SPMC manifest are signed by the SiP using the S-ROTPK.
- BL33 may be signed by the OEM using NS-ROTPK.
+- An SP may be signed either by SiP (using S-ROTPK) or by OEM (using NS-ROTPK).
Longer term multiple signing domain will allow additional signing keys, e.g.
if SPs originate from different parties.