commit d02a56e550a2c9303860c8b9f0265670a2e992fc
author laurenw-arm <lauren.wehrmeister@arm.com> Tue Jan 09 20:40:23 2024 -0600
committer laurenw-arm <lauren.wehrmeister@arm.com> Thu Jan 18 13:53:27 2024 -0600
tree 167adbef0c693a0a578d2172df2f6f2f35dac3f7
parent 02e09252ee24c5fe47825b544dcf5a1a53f62434

docs(fconf): update bindings for multi-RoT CoTs

Update CoT binding documentation to add the signing-key property
as optional in root-certificates and add rot_keys node

Change-Id: I1d1fbc0394275520cfa43213d5b7006e51990fdd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

docs/components/cot-binding.rst

diff --git a/docs/components/cot-binding.rst b/docs/components/cot-binding.rst
index 4f8c8b7..702bb56 100644
--- a/docs/components/cot-binding.rst
+++ b/docs/components/cot-binding.rst
@@ -67,14 +67,16 @@
         - signing-key
                 Usage:
 
-                This property is used to refer public key node present in
-                parent certificate node and it is required property for all
-                non-root certificates which are authenticated using public-key
-                present in parent certificate.
+                For non-root certificates, this property is used to refer
+                public key node present in parent certificate node and it is
+                required property for all non-root certificates which are
+                authenticated using public-key present in parent certificate.
 
-                This property is not required for root-certificates
-                as root-certificates are validated using root of trust
-                public key provided by platform.
+                This property is not required for all root-certificates. If
+                omitted, the root certificate will be validated using the
+                default platform ROTPK. If instead the root certificate needs
+                validating using a different ROTPK, the signing-key property
+                should provide a reference to the ROTPK node to use.
 
                 Value type: <phandle>
 
@@ -323,10 +325,50 @@
         };
    };
 
+rot_keys node binding definition
+---------------------------------
+
+- rot_keys node
+        Description: Contains root-of-trust keys for the root certificates.
+
+        SUBNODES
+            - Description:
+
+              Root of trust key information present in the root certificates
+              are shown by these nodes.
+
+            - rot key node
+                  Description: Provide ROT key information in the certificate.
+
+                  PROPERTIES
+
+                  - oid
+                     Usage:
+
+                     This property provides the Object ID of ROT key provided
+                     in the certificate.
+
+                     Value type: <string>
+
+Example:
+Below is rot_keys example for CCA platform
+
+.. code:: c
+
+   rot_keys {
+        swd_rot_pk: swd_rot_pk {
+           oid = SWD_ROT_PK_OID;
+        };
+
+        prot_pk: prot_pk {
+           oid = PROT_PK_OID;
+        };
+   };
+
 Future update to chain of trust binding
 ---------------------------------------
 
 This binding document needs to be revisited to generalise some terminologies
 which are currently specific to X.509 certificates for e.g. Object IDs.
 
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2024, Arm Limited. All rights reserved.*