feat(tc): add DPE backend to the measured boot framework
The client platform relies on the DICE attestation
scheme. RSS provides the DICE Protection Environment
(DPE) service. TF-A measured boot framework supports
multiple backends. A given platform always enables
the corresponding backend which is required by the
attestation scheme.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Idc3360d0d7216e4859e99b5db3d377407e0aeee5
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index a8b40ad..f817da0 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -706,6 +706,13 @@
This option defaults to 0.
+- ``DICE_PROTECTION_ENVIRONMENT``: Boolean flag to specify the measured boot
+ backend when ``MEASURED_BOOT`` is enabled. The default value is ``0``. When
+ set to ``1`` then measurements and additional metadata collected during the
+ measured boot process are sent to the DICE Protection Environment for storage
+ and processing. A certificate chain, which represents the boot state of the
+ device, can be queried from the DPE.
+
- ``MARCH_DIRECTIVE``: used to pass a -march option from the platform build
options to the compiler. An example usage: