Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 195d8ecb7ae68c717ae4db7fad4395977808b1b2 / . / docs / components / cot-binding.rst
blob: 4f8c8b725faa16b2fd31c913fefb38ffefe0a059 [file] [log] [blame]
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]1Chain of trust bindings
2=======================
3
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]4The device tree allows to describe the chain of trust with the help of
5'cot' node which contain 'manifests' and 'images' as sub-nodes.
6'manifests' and 'images' nodes contains number of sub-nodes (i.e. 'certificate'
7and 'image' nodes) mentioning properties of the certificate and image respectively.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]8
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]9Also, device tree describes 'non-volatile-counters' node which contains number of
10sub-nodes mentioning properties of all non-volatile-counters used in the chain of trust.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]11
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]12cot
13------------------------------------------------------------------
14This is root node which contains 'manifests' and 'images' as sub-nodes
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]15
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]16
17Manifests and Certificate node bindings definition
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]18----------------------------------------------------------------
19
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]20- Manifests node
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]21 Description: Container of certificate nodes.
22
23 PROPERTIES
24
25 - compatible:
26 Usage: required
27
28 Value type: <string>
29
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]30 Definition: must be "arm, cert-descs"
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]31
32- Certificate node
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]33 Description:
34
35 Describes certificate properties which are used
36 during the authentication process.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]37
38 PROPERTIES
39
40 - root-certificate
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]41 Usage:
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]42
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]43 Required for the certificate with no parent.
44 In other words, certificates which are validated
45 using root of trust public key.
46
47 Value type: <boolean>
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]48
49 - image-id
50 Usage: Required for every certificate with unique id.
51
52 Value type: <u32>
53
54 - parent
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]55 Usage:
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]56
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]57 It refers to their parent image, which typically contains
58 information to authenticate the certificate.
59 This property is required for all non-root certificates.
60
61 This property is not required for root-certificates
62 as root-certificates are validated using root of trust
63 public key provided by platform.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]64
65 Value type: <phandle>
66
67 - signing-key
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]68 Usage:
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]69
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]70 This property is used to refer public key node present in
71 parent certificate node and it is required property for all
72 non-root certificates which are authenticated using public-key
73 present in parent certificate.
74
75 This property is not required for root-certificates
76 as root-certificates are validated using root of trust
77 public key provided by platform.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]78
79 Value type: <phandle>
80
81 - antirollback-counter
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]82 Usage:
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]83
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]84 This property is used by all certificates which are
85 protected against rollback attacks using a non-volatile
86 counter and it is an optional property.
87
88 This property is used to refer one of the non-volatile
89 counter sub-node present in 'non-volatile counters' node.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]90
91 Value type: <phandle>
92
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]93
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]94 SUBNODES
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]95 - Description:
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]96
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]97 Hash and public key information present in the certificate
98 are shown by these nodes.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]99
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]100 - public key node
101 Description: Provide public key information in the certificate.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]102
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]103 PROPERTIES
104
105 - oid
106 Usage:
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]107
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]108 This property provides the Object ID of public key
109 provided in the certificate which the help of which
110 public key information can be extracted.
111
112 Value type: <string>
113
114 - hash node
115 Description: Provide the hash information in the certificate.
116
117 PROPERTIES
118
119 - oid
120 Usage:
121
122 This property provides the Object ID of hash provided in
123 the certificate which the help of which hash information
124 can be extracted.
125
126 Value type: <string>
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]127
128Example:
129
130.. code:: c
131
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]132 cot {
133 manifests {
134 compatible = "arm, cert-descs”
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]135
136 trusted-key-cert: trusted-key-cert {
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]137 root-certificate;
138 image-id = <TRUSTED_KEY_CERT_ID>;
139 antirollback-counter = <&trusted_nv_counter>;
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]140
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]141 trusted-world-pk: trusted-world-pk {
142 oid = TRUSTED_WORLD_PK_OID;
143 };
144 non-trusted-world-pk: non-trusted-world-pk {
145 oid = NON_TRUSTED_WORLD_PK_OID;
146 };
147 };
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]148
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]149 scp_fw_key_cert: scp_fw_key_cert {
150 image-id = <SCP_FW_KEY_CERT_ID>;
151 parent = <&trusted-key-cert>;
152 signing-key = <&trusted_world_pk>;
153 antirollback-counter = <&trusted_nv_counter>;
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]154
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]155 scp_fw_content_pk: scp_fw_content_pk {
156 oid = SCP_FW_CONTENT_CERT_PK_OID;
157 };
158 };
159 .
160 .
161 .
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]162
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]163 next-certificate {
164
165 };
166 };
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]167 };
168
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]169Images and Image node bindings definition
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]170-----------------------------------------
171
172- Images node
173 Description: Container of image nodes
174
175 PROPERTIES
176
177 - compatible:
178 Usage: required
179
180 Value type: <string>
181
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]182 Definition: must be "arm, img-descs"
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]183
184- Image node
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]185 Description:
186
187 Describes image properties which will be used during
188 authentication process.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]189
190 PROPERTIES
191
192 - image-id
193 Usage: Required for every image with unique id.
194
195 Value type: <u32>
196
197 - parent
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]198 Usage:
199
200 Required for every image to provide a reference to
201 its parent image, which contains the necessary information
202 to authenticate it.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]203
204 Value type: <phandle>
205
206 - hash
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]207 Usage:
208
209 Required for all images which are validated using
210 hash method. This property is used to refer hash
211 node present in parent certificate node.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]212
213 Value type: <phandle>
214
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]215 Note:
216
217 Currently, all images are validated using 'hash'
218 method. In future, there may be multiple methods can
219 be used to validate the image.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]220
221Example:
222
223.. code:: c
224
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]225 cot {
226 images {
227 compatible = "arm, img-descs";
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]228
229 scp_bl2_image {
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]230 image-id = <SCP_BL2_IMAGE_ID>;
231 parent = <&scp_fw_content_cert>;
232 hash = <&scp_fw_hash>;
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]233 };
234
235 .
236 .
237 .
238
239 next-img {
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]240
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]241 };
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]242 };
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]243 };
244
245non-volatile counter node binding definition
246--------------------------------------------
247
248- non-volatile counters node
249 Description: Contains properties for non-volatile counters.
250
251 PROPERTIES
252
253 - compatible:
254 Usage: required
255
256 Value type: <string>
257
258 Definition: must be "arm, non-volatile-counter"
259
260 - #address-cells
261 Usage: required
262
263 Value type: <u32>
264
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]265 Definition:
266
267 Must be set according to address size
268 of non-volatile counter register
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]269
270 - #size-cells
271 Usage: required
272
273 Value type: <u32>
274
275 Definition: must be set to 0
276
277 SUBNODE
278 - counters node
279 Description: Contains various non-volatile counters present in the platform.
280
281 PROPERTIES
Manish V Badarkhe195d8ec2020-08-23 09:46:06 +0100[diff] [blame^]282 - id
283 Usage: Required for every nv-counter with unique id.
284
285 Value type: <u32>
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]286
287 - reg
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]288 Usage:
289
290 Register base address of non-volatile counter and it is required
291 property.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]292
293 Value type: <u32>
294
295 - oid
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]296 Usage:
297
298 This property provides the Object ID of non-volatile counter
299 provided in the certificate and it is required property.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]300
301 Value type: <string>
302
303Example:
304Below is non-volatile counters example for ARM platform
305
306.. code:: c
307
Manish V Badarkhe195d8ec2020-08-23 09:46:06 +0100[diff] [blame^]308 non_volatile_counters: non_volatile_counters {
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]309 compatible = "arm, non-volatile-counter";
310 #address-cells = <1>;
311 #size-cells = <0>;
312
Manish V Badarkhe195d8ec2020-08-23 09:46:06 +0100[diff] [blame^]313 trusted-nv-counter: trusted_nv_counter {
314 id = <TRUSTED_NV_CTR_ID>;
315 reg = <TFW_NVCTR_BASE>;
316 oid = TRUSTED_FW_NVCOUNTER_OID;
317 };
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]318
Manish V Badarkhe195d8ec2020-08-23 09:46:06 +0100[diff] [blame^]319 non_trusted_nv_counter: non_trusted_nv_counter {
320 id = <NON_TRUSTED_NV_CTR_ID>;
321 reg = <NTFW_CTR_BASE>;
322 oid = NON_TRUSTED_FW_NVCOUNTER_OID;
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]323 };
324 };
325
326Future update to chain of trust binding
327---------------------------------------
328
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]329This binding document needs to be revisited to generalise some terminologies
330which are currently specific to X.509 certificates for e.g. Object IDs.
Manish V Badarkhef3299202020-06-23 10:30:42 +0100[diff] [blame]331
Manish V Badarkhe41dd13a2020-06-30 04:04:05 +0100[diff] [blame]332*Copyright (c) 2020, Arm Limited. All rights reserved.*