| Harrison Mutai | da33921 | 2024-04-11 14:44:13 +0000 | [diff] [blame] | 1 | Trusted Boot Firmware Configuration bindings |
| 2 | ============================================ |
| 3 | |
| 4 | This document defines the nodes and properties used to define the Trusted-Boot |
| 5 | firmware configuration. Platform owners are advised to define shared bindings |
| 6 | here. If a binding does not generalize, they should be documented |
| 7 | alongside platform documentation. There is no guarantee of backward |
| 8 | compatibility with the nodes and properties outlined in this context. |
| 9 | |
| 10 | Trusted Boot Firmware Configuration |
| 11 | ----------------------------------- |
| 12 | |
| 13 | - compatible [mandatory] |
| 14 | - value type: <string> |
| 15 | - Should be the string ``"<plat>,tb_fw"``, where ``<plat>`` is the name of the |
| 16 | platform (i.e. ``"arm,tb_fw"``). |
| 17 | |
| 18 | - disable_auth [mandatory] |
| 19 | - value type: <u32> |
| 20 | - Flag used to dynamically disable authentication for development purposes. |
| 21 | Has two possible values: 0 or 1. Setting the flag to 1 disables |
| 22 | authentication. |
| 23 | |
| 24 | - mbedtls_heap_addr [mandatory] |
| 25 | - value type: <u64> |
| 26 | - Base address of the dynamically allocated Mbed TLS heap. This is given as a placeholder. |
| 27 | |
| 28 | - mbedtls_heap_size [mandatory] |
| 29 | - value type: <u32> |
| 30 | - Size of the Mbed TLS heap. |
| 31 | |
| 32 | IO FIP Handles |
| 33 | -------------- |
| 34 | |
| 35 | - compatible [mandatory] |
| 36 | - value type: <string> |
| 37 | - Should be the string ``"<plat>,io-fip-handle"``, where ``<plat>`` is the name of the |
| 38 | platform (i.e. ``"arm,io-fip-handle"``). |
| 39 | |
| 40 | - scp_bl2_uuid [mandatory] |
| 41 | - value type: <string> |
| 42 | - SCP Firmware SCP_BL2 UUID |
| 43 | |
| 44 | - bl31_uuid [mandatory] |
| 45 | - value type: <string> |
| 46 | - EL3 Runtime Firmware BL31 UUID |
| 47 | |
| 48 | - bl32_uuid [mandatory] |
| 49 | - value type: <string> |
| 50 | - Secure Payload BL32 (Trusted OS) UUID |
| 51 | |
| 52 | - bl32_extra1_uuid [mandatory] |
| 53 | - value type: <string> |
| 54 | - Secure Payload BL32_EXTRA1 (Trusted OS Extra1) UUID |
| 55 | |
| 56 | - bl32_extra2_uuid [mandatory] |
| 57 | - value type: <string> |
| 58 | - Secure Payload BL32_EXTRA2 (Trusted OS Extra2) UUID |
| 59 | |
| 60 | - bl33_uuid [mandatory] |
| 61 | - value type: <string> |
| 62 | - Non-Trusted Firmware BL33 UUID |
| 63 | |
| 64 | - hw_cfg_uuid [mandatory] |
| 65 | - value type: <string> |
| 66 | - HW_CONFIG (e.g. Kernel DT) UUID |
| 67 | |
| 68 | - soc_fw_cfg_uuid [mandatory] |
| 69 | - value type: <string> |
| 70 | - SOC Firmware Configuration SOC_FW_CONFIG UUID |
| 71 | |
| 72 | - tos_fw_cfg_uuid [mandatory] |
| 73 | - value type: <string> |
| 74 | - Trusted OS Firmware Configuration TOS_FW_CONFIG UUID |
| 75 | |
| 76 | - nt_fw_cfg_uuid [mandatory] |
| 77 | - value type: <string> |
| 78 | - Non-Trusted Firmware Configuration NT_FW_CONFIG UUID |
| 79 | |
| 80 | - cca_cert_uuid [optional] |
| 81 | - value type: <string> |
| 82 | - CCA Content Certificate UUID |
| 83 | |
| 84 | - core_swd_cert_uuid [optional] |
| 85 | - value type: <string> |
| 86 | - Core SWD Key Certificate UUID |
| 87 | |
| 88 | - plat_cert_uuid [optional] |
| 89 | - value type: <string> |
| 90 | - Core SWD Key Certificate UUID |
| 91 | |
| 92 | - t_key_cert_uuid [optional] |
| 93 | - value type: <string> |
| 94 | - Trusted Key Certificate UUID |
| 95 | |
| 96 | - scp_fw_key_uuid [optional] |
| 97 | - value type: <string> |
| 98 | - SCP Firmware Key UUID |
| 99 | |
| 100 | - soc_fw_key_uuid [optional] |
| 101 | - value type: <string> |
| 102 | - SOC Firmware Key UUID |
| 103 | |
| 104 | - tos_fw_key_cert_uuid [optional] |
| 105 | - value type: <string> |
| 106 | - TOS Firmware Key UUID |
| 107 | |
| 108 | - nt_fw_key_cert_uuid [optional] |
| 109 | - value type: <string> |
| 110 | - Non-Trusted Firmware Key UUID |
| 111 | |
| 112 | - scp_fw_content_cert_uuid [optional] |
| 113 | - value type: <string> |
| 114 | - SCP Firmware Content Certificate UUID |
| 115 | |
| 116 | - soc_fw_content_cert_uuid [optional] |
| 117 | - value type: <string> |
| 118 | - SOC Firmware Content Certificate UUID |
| 119 | |
| 120 | - tos_fw_content_cert_uuid [optional] |
| 121 | - value type: <string> |
| 122 | - TOS Firmware Content Certificate UUID |
| 123 | |
| 124 | - nt_fw_content_cert_uuid [optional] |
| 125 | - value type: <string> |
| 126 | - Non-Trusted Firmware Content Certificate UUID |
| 127 | |
| 128 | - plat_sp_content_cert_uuid [optional] |
| 129 | - value type: <string> |
| 130 | - Platform Secure Partition Content Certificate UUID |
| 131 | |
| 132 | |
| 133 | Secure Partitions |
| 134 | ----------------- |
| 135 | |
| 136 | - compatible [mandatory] |
| 137 | - value type: <string> |
| 138 | - Should be the string ``"<plat>,sp"``, where ``<plat>`` is the name of the |
| 139 | platform (i.e. ``"arm,sp"``). |
| 140 | |
| 141 | - uuid [mandatory] |
| 142 | - value type: <string> |
| 143 | - A string identifying the UUID of the service implemented by this partition. |
| 144 | The UUID format is described in RFC 4122. |
| 145 | |
| 146 | - load-address [mandatory] |
| 147 | - value type: <u32> |
| 148 | - Physical base address of the partition in memory. Absence of this field |
| 149 | indicates that the partition is position independent and can be loaded at |
| 150 | any address chosen at boot time. |
| 151 | |
| 152 | - owner [optional] |
| 153 | - value type: <string> |
| 154 | - A string property representing the name of the owner of the secure |
| 155 | partition, which may be the silicon or platform provider. |
| 156 | |
| 157 | -------------- |
| 158 | |
| 159 | *Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.* |