docs(fconf): update bindings for multi-RoT CoTs

Update CoT binding documentation to add the signing-key property as optional in root-certificates and add rot_keys node Change-Id: I1d1fbc0394275520cfa43213d5b7006e51990fdd Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
2025-04-15 17:14:21 +00:00 · 2024-01-09 20:40:23 -06:00 · 2024-01-09 20:40:23 -06:00 · 0de9a12c89
commit 0de9a12c89
parent 04ac0b3c27
1 changed files with 50 additions and 8 deletions
--- a/docs/components/cot-binding.rst
+++ b/docs/components/cot-binding.rst
@ -67,14 +67,16 @@ Manifests and Certificate node bindings definition
        - signing-key
                Usage:
-                This property is used to refer public key node present in
+                For non-root certificates, this property is used to refer
-                parent certificate node and it is required property for all
+                public key node present in parent certificate node and it is
-                non-root certificates which are authenticated using public-key
+                required property for all non-root certificates which are
-                present in parent certificate.
+                authenticated using public-key present in parent certificate.
-                This property is not required for root-certificates
+                This property is not required for all root-certificates. If
-                as root-certificates are validated using root of trust
+                omitted, the root certificate will be validated using the
-                public key provided by platform.
+                default platform ROTPK. If instead the root certificate needs
                validating using a different ROTPK, the signing-key property
                should provide a reference to the ROTPK node to use.
                Value type: <phandle>
@ -323,10 +325,50 @@ Below is non-volatile counters example for ARM platform
        };
   };
 rot_keys node binding definition
 ---------------------------------
 - rot_keys node
        Description: Contains root-of-trust keys for the root certificates.
        SUBNODES
            - Description:
              Root of trust key information present in the root certificates
              are shown by these nodes.
            - rot key node
                  Description: Provide ROT key information in the certificate.
                  PROPERTIES
                  - oid
                     Usage:
                     This property provides the Object ID of ROT key provided
                     in the certificate.
                     Value type: <string>
 Example:
 Below is rot_keys example for CCA platform
 .. code:: c
   rot_keys {
        swd_rot_pk: swd_rot_pk {
           oid = SWD_ROT_PK_OID;
        };
        prot_pk: prot_pk {
           oid = PROT_PK_OID;
        };
   };
 Future update to chain of trust binding
 ---------------------------------------
 This binding document needs to be revisited to generalise some terminologies
 which are currently specific to X.509 certificates for e.g. Object IDs.
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2024, Arm Limited. All rights reserved.*