docs(arm): update docs to reflect rotpk key changes
The hashing algorithm for the rotpk is now HASH_ALG,
not always sha-256. The public development keys are
no longer in the repository and are now generated at
run-time, updates the documentation to reflect this.
Change-Id: Ic336f7aca858e9b6a1af6d6e6dc5f4aa428da179
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst
index afbb157..a086a98 100644
--- a/docs/plat/arm/arm-build-options.rst
+++ b/docs/plat/arm/arm-build-options.rst
@@ -65,25 +65,26 @@
- ``regs`` : return the ROTPK hash stored in the Trusted root-key storage
registers.
- ``devel_rsa`` : return a development public key hash embedded in the BL1
- and BL2 binaries. This hash has been obtained from the RSA public key
- ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``. To use
- this option, ``arm_rotprivk_rsa.pem`` must be specified as ``ROT_KEY``
- when creating the certificates.
+ and BL2 binaries. This hash corresponds to the development private key
+ ``plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem``.
+ The hashing algorithm is selected by ``HASH_ALG``; sha256 is used if
+ ``HASH_ALG`` is not specified. A different RSA key can be specified by setting
+ ``ROT_KEY``, there are 3k and 4k RSA keys in ``plat/arm/board/common/rotpk/``.
- ``devel_ecdsa`` : return a development public key hash embedded in the BL1
- and BL2 binaries. This hash has been obtained from the ECDSA public key
- ``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To
- use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as
- ``ROT_KEY`` when creating the certificates.
- - ``devel_full_dev_rsa_key`` : returns a development public key embedded in
- the BL1 and BL2 binaries. This key has been obtained from the RSA public
- key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``.
-
-- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding
- ``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not
- expected to be a build option. This defaults to
- ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified
- algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the
- ``ROT_KEY`` and overwrites the default hash file.
+ and BL2 binaries. This hash corresponds to the development private key
+ ``plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem`` unless a different key
+ is specified with ``ROT_KEY``, such as the 384 bit key in the same directory.
+ he hashing algorithm is selected by ``HASH_ALG``; sha256 is used if ``HASH_ALG``
+ is not specified.
+ - ``devel_full_dev_rsa_key`` : return a development public key embedded in
+ the BL1 and BL2 binaries. This key corresponds to the RSA private
+ key ``plat/arm/board/common/rotpk/arm_rotprivk.pem`` by default, but can
+ be changed by setting ``ROT_KEY``, there are 3k and 4k RSA keys in
+ ``plat/arm/board/common/rotpk/``.
+ - ``devel_full_dev_ecdsa_key`` : return a development public key embedded in
+ the BL1 and BL2 binaries. This key corresponds to the EC private key
+ ``plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem``, unless a different
+ ECDSA key is specified by ``ROT_KEY``, such as the 384 bit key in the same directory.
- ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options: