Merge "docs(fconf): add TB_FW config bindings" into integration

2025-04-16 01:24:27 +00:00 · 2024-04-24 13:16:00 +02:00 · 2024-04-24 13:16:00 +02:00 · 4b0570c3c3
commit 4b0570c3c3
parent e88ce98812 75093b726d
2 changed files with 160 additions and 0 deletions
--- a/docs/components/fconf/index.rst
+++ b/docs/components/fconf/index.rst
@ -147,3 +147,4 @@ Properties binding information
  fconf_properties
  amu-bindings
  mpmm-bindings
+  tb_fw_bindings
--- a/docs/components/fconf/tb_fw_bindings.rst
+++ b/docs/components/fconf/tb_fw_bindings.rst
@ -0,0 +1,159 @@
+Trusted Boot Firmware Configuration bindings
+============================================
+
+This document defines the nodes and properties used to define the Trusted-Boot
+firmware configuration. Platform owners are advised to define shared bindings
+here. If a binding does not generalize, they should be documented
+alongside platform documentation. There is no guarantee of backward
+compatibility with the nodes and properties outlined in this context.
+
+Trusted Boot Firmware Configuration
+-----------------------------------
+
+- compatible [mandatory]
+   - value type: <string>
+   - Should be the string ``"<plat>,tb_fw"``, where ``<plat>`` is the name of the
+     platform (i.e. ``"arm,tb_fw"``).
+
+- disable_auth [mandatory]
+   - value type: <u32>
+   - Flag used to dynamically disable authentication for development purposes.
+     Has two possible values: 0 or 1. Setting the flag to 1 disables
+     authentication.
+
+- mbedtls_heap_addr [mandatory]
+   - value type: <u64>
+   - Base address of the dynamically allocated Mbed TLS heap. This is given as a placeholder.
+
+- mbedtls_heap_size [mandatory]
+   - value type: <u32>
+   - Size of the Mbed TLS heap.
+
+IO FIP Handles
+--------------
+
+- compatible [mandatory]
+   - value type: <string>
+   - Should be the string ``"<plat>,io-fip-handle"``, where ``<plat>`` is the name of the
+     platform (i.e. ``"arm,io-fip-handle"``).
+
+- scp_bl2_uuid [mandatory]
+   - value type: <string>
+   - SCP Firmware SCP_BL2 UUID
+
+- bl31_uuid [mandatory]
+   - value type: <string>
+   - EL3 Runtime Firmware BL31 UUID
+
+- bl32_uuid [mandatory]
+   - value type: <string>
+   - Secure Payload BL32 (Trusted OS) UUID
+
+- bl32_extra1_uuid [mandatory]
+   - value type: <string>
+   - Secure Payload BL32_EXTRA1 (Trusted OS Extra1) UUID
+
+- bl32_extra2_uuid [mandatory]
+   - value type: <string>
+   - Secure Payload BL32_EXTRA2 (Trusted OS Extra2) UUID
+
+- bl33_uuid [mandatory]
+   - value type: <string>
+   - Non-Trusted Firmware BL33 UUID
+
+- hw_cfg_uuid [mandatory]
+   - value type: <string>
+   - HW_CONFIG (e.g. Kernel DT) UUID
+
+- soc_fw_cfg_uuid [mandatory]
+   - value type: <string>
+   - SOC Firmware Configuration SOC_FW_CONFIG UUID
+
+- tos_fw_cfg_uuid [mandatory]
+   - value type: <string>
+   - Trusted OS Firmware Configuration TOS_FW_CONFIG UUID
+
+- nt_fw_cfg_uuid [mandatory]
+   - value type: <string>
+   - Non-Trusted Firmware Configuration NT_FW_CONFIG UUID
+
+- cca_cert_uuid [optional]
+   - value type: <string>
+   - CCA Content Certificate UUID
+
+- core_swd_cert_uuid [optional]
+   - value type: <string>
+   - Core SWD Key Certificate UUID
+
+- plat_cert_uuid [optional]
+   - value type: <string>
+   - Core SWD Key Certificate UUID
+
+- t_key_cert_uuid [optional]
+   - value type: <string>
+   - Trusted Key Certificate UUID
+
+- scp_fw_key_uuid [optional]
+   - value type: <string>
+   - SCP Firmware Key UUID
+
+- soc_fw_key_uuid [optional]
+   - value type: <string>
+   - SOC Firmware Key UUID
+
+- tos_fw_key_cert_uuid [optional]
+   - value type: <string>
+   - TOS Firmware Key UUID
+
+- nt_fw_key_cert_uuid [optional]
+   - value type: <string>
+   - Non-Trusted Firmware Key UUID
+
+- scp_fw_content_cert_uuid [optional]
+   - value type: <string>
+   - SCP Firmware Content Certificate UUID
+
+- soc_fw_content_cert_uuid [optional]
+   - value type: <string>
+   - SOC Firmware Content Certificate UUID
+
+- tos_fw_content_cert_uuid [optional]
+   - value type: <string>
+   - TOS Firmware Content Certificate UUID
+
+- nt_fw_content_cert_uuid [optional]
+   - value type: <string>
+   - Non-Trusted Firmware Content Certificate UUID
+
+- plat_sp_content_cert_uuid [optional]
+   - value type: <string>
+   - Platform Secure Partition Content Certificate UUID
+
+
+Secure Partitions
+-----------------
+
+- compatible [mandatory]
+   - value type: <string>
+   - Should be the string ``"<plat>,sp"``, where ``<plat>`` is the name of the
+     platform (i.e. ``"arm,sp"``).
+
+- uuid [mandatory]
+   - value type: <string>
+   - A string identifying the UUID of the service implemented by this partition.
+     The UUID format is described in RFC 4122.
+
+- load-address [mandatory]
+   - value type: <u32>
+   - Physical base address of the partition in memory. Absence of this field
+     indicates that the partition is position independent and can be loaded at
+     any address chosen at boot time.
+
+- owner [optional]
+   - value type: <string>
+   - A string property representing the name of the owner of the secure
+     partition, which may be the silicon or platform provider.
+
+--------------
+
+*Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.*