Paul Beesley | fc9ee36 | 2019-03-07 15:47:15 +0000 | [diff] [blame] | 1 | Trusted Board Boot |
| 2 | ================== |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 3 | |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 4 | The `Trusted Board Boot` (TBB) feature prevents malicious firmware from running |
| 5 | on the platform by authenticating all firmware images up to and including the |
| 6 | normal world bootloader. It does this by establishing a `Chain of Trust` using |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 7 | Public-Key-Cryptography Standards (PKCS). |
| 8 | |
Sandrine Bailleux | 3091842 | 2019-04-24 10:41:24 +0200 | [diff] [blame] | 9 | This document describes the design of Trusted Firmware-A (TF-A) TBB, which is an |
| 10 | implementation of the `Trusted Board Boot Requirements (TBBR)`_ specification, |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 11 | Arm DEN0006D. It should be used in conjunction with the :ref:`Firmware Update |
| 12 | (FWU)` design document, which implements a specific aspect of the TBBR. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 13 | |
| 14 | Chain of Trust |
| 15 | -------------- |
| 16 | |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 17 | A Chain of Trust (CoT) starts with a set of implicitly trusted components, which |
| 18 | are used to establish trust in the next layer of components, and so on, in a |
| 19 | `chained` manner. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 20 | |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 21 | The chain of trust depends on several factors, including: |
| 22 | |
| 23 | - The set of firmware images in use on this platform. |
| 24 | Typically, most platforms share a common set of firmware images (BL1, BL2, |
| 25 | BL31, BL33) but extra platform-specific images might be required. |
| 26 | |
| 27 | - The key provisioning scheme: which keys need to programmed into the device |
| 28 | and at which stage during the platform's manufacturing lifecycle. |
| 29 | |
| 30 | - The key ownership model: who owns which key. |
| 31 | |
| 32 | As these vary across platforms, chains of trust also vary across |
| 33 | platforms. Although each platform is free to define its own CoT based on its |
| 34 | needs, TF-A provides a set of "default" CoTs fitting some typical trust models, |
| 35 | which platforms may reuse. The rest of this section presents general concepts |
| 36 | which apply to all these default CoTs. |
| 37 | |
| 38 | The implicitly trusted components forming the trust anchor are: |
| 39 | |
| 40 | - A Root of Trust Public Key (ROTPK), or a hash of it. |
| 41 | |
| 42 | On Arm development platforms, a SHA-256 hash of the ROTPK is stored in the |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 43 | trusted root-key storage registers. Alternatively, a development ROTPK might |
| 44 | be used and its hash embedded into the BL1 and BL2 images (only for |
| 45 | development purposes). |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 46 | |
| 47 | - The BL1 image, on the assumption that it resides in ROM so cannot be |
| 48 | tampered with. |
| 49 | |
| 50 | The remaining components in the CoT are either certificates or boot loader |
| 51 | images. The certificates follow the `X.509 v3`_ standard. This standard |
| 52 | enables adding custom extensions to the certificates, which are used to store |
| 53 | essential information to establish the CoT. |
| 54 | |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 55 | All certificates are self-signed. There is no need for a Certificate Authority |
| 56 | (CA) because the CoT is not established by verifying the validity of a |
| 57 | certificate's issuer but by the content of the certificate extensions. To sign |
| 58 | the certificates, different signature schemes are available, please refer to the |
| 59 | :ref:`Build Options` for more details. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 60 | |
| 61 | The certificates are categorised as "Key" and "Content" certificates. Key |
| 62 | certificates are used to verify public keys which have been used to sign content |
| 63 | certificates. Content certificates are used to store the hash of a boot loader |
| 64 | image. An image can be authenticated by calculating its hash and matching it |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 65 | with the hash extracted from the content certificate. Various hash algorithms |
| 66 | are supported to calculate all hashes, please refer to the :ref:`Build Options` |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 67 | for more details. The public keys and hashes are included as non-standard |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 68 | extension fields in the `X.509 v3`_ certificates. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 69 | |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 70 | The next sections now present specificities of each default CoT provided in |
| 71 | TF-A. |
| 72 | |
| 73 | Default CoT #1: TBBR |
| 74 | ~~~~~~~~~~~~~~~~~~~~ |
| 75 | |
| 76 | The `TBBR` CoT is named after the specification it follows to the letter. |
| 77 | |
| 78 | In the TBBR CoT, all firmware binaries and certificates are (directly or |
| 79 | indirectly) linked to the Root of Trust Public Key (ROTPK). Typically, the same |
| 80 | vendor owns the ROTPK, the Trusted key and the Non-Trusted Key. Thus, this vendor |
| 81 | is involved in signing every BL3x Key Certificate. |
| 82 | |
| 83 | The keys used to establish this CoT are: |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 84 | |
| 85 | - **Root of trust key** |
| 86 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 87 | The private part of this key is used to sign the trusted boot firmware |
| 88 | certificate and the trusted key certificate. The public part is the ROTPK. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 89 | |
| 90 | - **Trusted world key** |
| 91 | |
| 92 | The private part is used to sign the key certificates corresponding to the |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 93 | secure world images (SCP_BL2, BL31 and BL32). The public part is stored in |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 94 | one of the extension fields in the trusted key certificate. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 95 | |
| 96 | - **Non-trusted world key** |
| 97 | |
| 98 | The private part is used to sign the key certificate corresponding to the |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 99 | non-secure world image (BL33). The public part is stored in one of the |
| 100 | extension fields in the trusted key certificate. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 101 | |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 102 | - **BL3X keys** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 103 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 104 | For each of SCP_BL2, BL31, BL32 and BL33, the private part is used to |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 105 | sign the content certificate for the BL3X image. The public part is stored |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 106 | in one of the extension fields in the corresponding key certificate. |
| 107 | |
| 108 | The following images are included in the CoT: |
| 109 | |
| 110 | - BL1 |
| 111 | - BL2 |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 112 | - SCP_BL2 (optional) |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 113 | - BL31 |
| 114 | - BL33 |
| 115 | - BL32 (optional) |
| 116 | |
| 117 | The following certificates are used to authenticate the images. |
| 118 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 119 | - **Trusted boot firmware certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 120 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 121 | It is self-signed with the private part of the ROT key. It contains a hash of |
| 122 | the BL2 image and hashes of various firmware configuration files |
| 123 | (TB_FW_CONFIG, HW_CONFIG, FW_CONFIG). |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 124 | |
| 125 | - **Trusted key certificate** |
| 126 | |
| 127 | It is self-signed with the private part of the ROT key. It contains the |
| 128 | public part of the trusted world key and the public part of the non-trusted |
| 129 | world key. |
| 130 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 131 | - **SCP firmware key certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 132 | |
| 133 | It is self-signed with the trusted world key. It contains the public part of |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 134 | the SCP_BL2 key. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 135 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 136 | - **SCP firmware content certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 137 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 138 | It is self-signed with the SCP_BL2 key. It contains a hash of the SCP_BL2 |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 139 | image. |
| 140 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 141 | - **SoC firmware key certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 142 | |
| 143 | It is self-signed with the trusted world key. It contains the public part of |
| 144 | the BL31 key. |
| 145 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 146 | - **SoC firmware content certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 147 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 148 | It is self-signed with the BL31 key. It contains hashes of the BL31 image and |
| 149 | its configuration file (SOC_FW_CONFIG). |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 150 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 151 | - **Trusted OS key certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 152 | |
| 153 | It is self-signed with the trusted world key. It contains the public part of |
| 154 | the BL32 key. |
| 155 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 156 | - **Trusted OS content certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 157 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 158 | It is self-signed with the BL32 key. It contains hashes of the BL32 image(s) |
| 159 | and its configuration file(s) (TOS_FW_CONFIG). |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 160 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 161 | - **Non-trusted firmware key certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 162 | |
| 163 | It is self-signed with the non-trusted world key. It contains the public |
| 164 | part of the BL33 key. |
| 165 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 166 | - **Non-trusted firmware content certificate** |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 167 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 168 | It is self-signed with the BL33 key. It contains hashes of the BL33 image and |
| 169 | its configuration file (NT_FW_CONFIG). |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 170 | |
Sandrine Bailleux | 3e992d6 | 2024-02-09 13:41:09 +0100 | [diff] [blame] | 171 | The SCP firmware and Trusted OS certificates are optional, but they must be |
| 172 | present if the corresponding SCP_BL2 or BL32 images are present. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 173 | |
Sandrine Bailleux | b890440 | 2024-02-02 15:21:29 +0100 | [diff] [blame] | 174 | The following diagram summarizes the part of the TBBR CoT enforced by BL2. Some |
| 175 | images (SCP, debug certificates, secure partitions, configuration files) are not |
| 176 | shown here for conciseness: |
| 177 | |
| 178 | .. image:: ../resources/diagrams/cot-tbbr.jpg |
| 179 | |
| 180 | Default CoT #2: Dualroot |
| 181 | ~~~~~~~~~~~~~~~~~~~~~~~~ |
| 182 | |
| 183 | The `dualroot` CoT is targeted at systems where the Normal World firmware is |
| 184 | owned by a different entity than the Secure World Firmware, and those 2 entities |
| 185 | do not wish to share any keys or have any dependency between each other when it |
| 186 | comes to signing their respective images. It establishes 2 separate signing |
| 187 | domains, each with its own Root of Trust key. In that sense, this CoT has 2 |
| 188 | roots of trust, hence the `dualroot` name. |
| 189 | |
| 190 | Although the dualroot CoT reuses some of the TBBR CoT components and concepts, |
| 191 | it differs on the BL33 image's chain of trust, which is rooted into a new key, |
| 192 | called `Platform ROTPK`, or `PROTPK` for short. |
| 193 | |
| 194 | The following diagram summarizes the part of the dualroot CoT enforced by |
| 195 | BL2. Some images (SCP, debug certificates, secure partitions, configuration |
| 196 | files) are not shown here for conciseness: |
| 197 | |
| 198 | .. image:: ../resources/diagrams/cot-dualroot.jpg |
| 199 | |
| 200 | Default CoT #3: CCA |
| 201 | ~~~~~~~~~~~~~~~~~~~ |
| 202 | |
| 203 | This CoT is targeted at Arm CCA systems. The Arm CCA security model recommends |
| 204 | making supply chains for the Arm CCA firmware, the secure world firmware and the |
| 205 | platform owner firmware, independent. Hence, this CoT has 3 roots of trust, one |
| 206 | for each supply chain. |
| 207 | |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 208 | Trusted Board Boot Sequence |
| 209 | --------------------------- |
| 210 | |
| 211 | The CoT is verified through the following sequence of steps. The system panics |
| 212 | if any of the steps fail. |
| 213 | |
| 214 | - BL1 loads and verifies the BL2 content certificate. The issuer public key is |
| 215 | read from the verified certificate. A hash of that key is calculated and |
| 216 | compared with the hash of the ROTPK read from the trusted root-key storage |
| 217 | registers. If they match, the BL2 hash is read from the certificate. |
| 218 | |
Paul Beesley | ba3ed40 | 2019-03-13 16:20:44 +0000 | [diff] [blame] | 219 | .. note:: |
| 220 | The matching operation is platform specific and is currently |
| 221 | unimplemented on the Arm development platforms. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 222 | |
| 223 | - BL1 loads the BL2 image. Its hash is calculated and compared with the hash |
| 224 | read from the certificate. Control is transferred to the BL2 image if all |
| 225 | the comparisons succeed. |
| 226 | |
| 227 | - BL2 loads and verifies the trusted key certificate. The issuer public key is |
| 228 | read from the verified certificate. A hash of that key is calculated and |
| 229 | compared with the hash of the ROTPK read from the trusted root-key storage |
| 230 | registers. If the comparison succeeds, BL2 reads and saves the trusted and |
| 231 | non-trusted world public keys from the verified certificate. |
| 232 | |
Sandrine Bailleux | 15530dd | 2019-02-08 15:26:36 +0100 | [diff] [blame] | 233 | The next two steps are executed for each of the SCP_BL2, BL31 & BL32 images. |
| 234 | The steps for the optional SCP_BL2 and BL32 images are skipped if these images |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 235 | are not present. |
| 236 | |
| 237 | - BL2 loads and verifies the BL3x key certificate. The certificate signature |
| 238 | is verified using the trusted world public key. If the signature |
| 239 | verification succeeds, BL2 reads and saves the BL3x public key from the |
| 240 | certificate. |
| 241 | |
| 242 | - BL2 loads and verifies the BL3x content certificate. The signature is |
| 243 | verified using the BL3x public key. If the signature verification succeeds, |
| 244 | BL2 reads and saves the BL3x image hash from the certificate. |
| 245 | |
| 246 | The next two steps are executed only for the BL33 image. |
| 247 | |
| 248 | - BL2 loads and verifies the BL33 key certificate. If the signature |
| 249 | verification succeeds, BL2 reads and saves the BL33 public key from the |
| 250 | certificate. |
| 251 | |
| 252 | - BL2 loads and verifies the BL33 content certificate. If the signature |
| 253 | verification succeeds, BL2 reads and saves the BL33 image hash from the |
| 254 | certificate. |
| 255 | |
| 256 | The next step is executed for all the boot loader images. |
| 257 | |
| 258 | - BL2 calculates the hash of each image. It compares it with the hash obtained |
| 259 | from the corresponding content certificate. The image authentication succeeds |
| 260 | if the hashes match. |
| 261 | |
| 262 | The Trusted Board Boot implementation spans both generic and platform-specific |
| 263 | BL1 and BL2 code, and in tool code on the host build machine. The feature is |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 264 | enabled through use of specific build flags as described in |
| 265 | :ref:`Build Options`. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 266 | |
| 267 | On the host machine, a tool generates the certificates, which are included in |
| 268 | the FIP along with the boot loader images. These certificates are loaded in |
| 269 | Trusted SRAM using the IO storage framework. They are then verified by an |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 270 | Authentication module included in TF-A. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 271 | |
| 272 | The mechanism used for generating the FIP and the Authentication module are |
| 273 | described in the following sections. |
| 274 | |
| 275 | Authentication Framework |
| 276 | ------------------------ |
| 277 | |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 278 | The authentication framework included in TF-A provides support to implement |
| 279 | the desired trusted boot sequence. Arm platforms use this framework to |
Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 280 | implement the boot requirements specified in the |
| 281 | `Trusted Board Boot Requirements (TBBR)`_ document. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 282 | |
| 283 | More information about the authentication framework can be found in the |
Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 284 | :ref:`Authentication Framework & Chain of Trust` document. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 285 | |
| 286 | Certificate Generation Tool |
| 287 | --------------------------- |
| 288 | |
| 289 | The ``cert_create`` tool is built and runs on the host machine as part of the |
Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 290 | TF-A build process when ``GENERATE_COT=1``. It takes the boot loader images |
Robin van der Gracht | 06b5cdb | 2023-09-12 11:16:23 +0200 | [diff] [blame] | 291 | and keys as inputs and generates the certificates (in DER format) required to |
| 292 | establish the CoT. The input keys must either be a file in PEM format or a |
| 293 | PKCS11 URI in case a HSM is used. New keys can be generated by the tool in |
| 294 | case they are not provided. The certificates are then passed as inputs to |
| 295 | the ``fiptool`` utility for creating the FIP. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 296 | |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 297 | The certificates are also stored individually in the output build directory. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 298 | |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 299 | The tool resides in the ``tools/cert_create`` directory. It uses the OpenSSL SSL |
| 300 | library version to generate the X.509 certificates. The specific version of the |
| 301 | library that is required is given in the :ref:`Prerequisites` document. |
| 302 | |
| 303 | Instructions for building and using the tool can be found at |
| 304 | :ref:`tools_build_cert_create`. |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 305 | |
Sumit Garg | c0c369c | 2019-11-15 18:47:53 +0530 | [diff] [blame] | 306 | Authenticated Encryption Framework |
| 307 | ---------------------------------- |
| 308 | |
| 309 | The authenticated encryption framework included in TF-A provides support to |
| 310 | implement the optional firmware encryption feature. This feature can be |
| 311 | optionally enabled on platforms to implement the optional requirement: |
| 312 | R060_TBBR_FUNCTION as specified in the `Trusted Board Boot Requirements (TBBR)`_ |
| 313 | document. |
| 314 | |
Sumit Garg | c0c369c | 2019-11-15 18:47:53 +0530 | [diff] [blame] | 315 | Firmware Encryption Tool |
| 316 | ------------------------ |
| 317 | |
| 318 | The ``encrypt_fw`` tool is built and runs on the host machine as part of the |
| 319 | TF-A build process when ``DECRYPTION_SUPPORT != none``. It takes the plain |
| 320 | firmware image as input and generates the encrypted firmware image which can |
| 321 | then be passed as input to the ``fiptool`` utility for creating the FIP. |
| 322 | |
| 323 | The encrypted firmwares are also stored individually in the output build |
| 324 | directory. |
| 325 | |
| 326 | The tool resides in the ``tools/encrypt_fw`` directory. It uses OpenSSL SSL |
| 327 | library version 1.0.1 or later to do authenticated encryption operation. |
| 328 | Instructions for building and using the tool can be found in the |
| 329 | :ref:`tools_build_enctool`. |
| 330 | |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 331 | -------------- |
| 332 | |
Sandrine Bailleux | 54b47dc | 2020-03-03 13:00:10 +0100 | [diff] [blame] | 333 | *Copyright (c) 2015-2020, Arm Limited and Contributors. All rights reserved.* |
Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 334 | |
Paul Beesley | 2437ddc | 2019-02-08 16:43:05 +0000 | [diff] [blame] | 335 | .. _X.509 v3: https://tools.ietf.org/rfc/rfc5280.txt |
Sandrine Bailleux | f238417 | 2024-02-02 11:16:12 +0100 | [diff] [blame] | 336 | .. _Trusted Board Boot Requirements (TBBR): https://developer.arm.com/docs/den0006/latest |