Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-15 17:14:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs(psa): doc AP/RSS interfaces for NV ctrs/ROTPK

Browse source 
Adding documentation for AP/RSS interfaces for NV counters and ROTPK

Change-Id: I38745bcc5d53317bab07bb81f11f9ba4551a224f
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
This commit is contained in:
laurenw-arm 2023-06-30 17:03:03 -05:00
parent 37366af8d4
commit 5b00658867
1 changed files with 55 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
docs/design_documents/rss.rst
View file

@ -134,12 +134,10 @@ RSS provides the following runtime services:
- ``Delegated attestation``: Query the platform attestation token and derive a - ``Delegated attestation``: Query the platform attestation token and derive a
delegated attestation key. More info on the delegated attestation service delegated attestation key. More info on the delegated attestation service
in RSS can be found in the ``delegated_attestation_integration_guide`` [4]_ . in RSS can be found in the ``delegated_attestation_integration_guide`` [4]_ .
- ``OTP assets management``: RSS provides access for AP to assets in OTP. - ``OTP assets management``: Public keys used by AP during the trusted boot
These are keys for image signature verification and non-volatile counters process can be requested from RSS. Furthermore, AP can request RSS to
for anti-rollback protection. Only RSS has direct access to the OTP. Public increase a non-volatile counter. Please refer to the
keys used by AP during the trusted boot process can be requested from RSS. ``RSS key management`` [5]_ document for more details.
Furthermore, AP can request RSS to increase a non-volatile counter. Please
refer to the ``RSS key management`` [5]_ document for more details.
Runtime service API Runtime service API
^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^
@ -595,6 +593,57 @@ JSON format:
"CCA_PLATFORM_VERIFICATION_SERVICE": "www.trustedfirmware.org" "CCA_PLATFORM_VERIFICATION_SERVICE": "www.trustedfirmware.org"
} }
RSS OTP Assets Management
-------------------------
RSS provides access for AP to assets in OTP, which include keys for image
signature verification and non-volatile counters for anti-rollback protection.
Non-Volatile Counter API
^^^^^^^^^^^^^^^^^^^^^^^^
AP/RSS interface for retrieving and incrementing non-volatile counters API is
as follows.
Defined here:
- ``include/lib/psa/rss_platform_api.h``
.. code-block:: c
psa_status_t rss_platform_nv_counter_increment(uint32_t counter_id)
psa_status_t rss_platform_nv_counter_read(uint32_t counter_id,
uint32_t size, uint8_t *val)
Through this service, we can read/increment any of the 3 non-volatile
counters used on an Arm CCA platform:
- ``Non-volatile counter for CCA firmware (BL2, BL31, RMM).``
- ``Non-volatile counter for secure firmware.``
- ``Non-volatile counter for non-secure firmware.``
Public Key API
^^^^^^^^^^^^^^
AP/RSS interface for reading the ROTPK is as follows.
Defined here:
- ``include/lib/psa/rss_platform_api.h``
.. code-block:: c
psa_status_t rss_platform_key_read(enum rss_key_id_builtin_t key,
uint8_t *data, size_t data_size, size_t *data_length)
Through this service, we can read any of the 3 ROTPKs used on an
Arm CCA platform:
- ``ROTPK for CCA firmware (BL2, BL31, RMM).``
- ``ROTPK for secure firmware.``
- ``ROTPK for non-secure firmware.``
References References
---------- ----------