From 9b1dad8bb5c1971b3feb6211503e671278145e17 Mon Sep 17 00:00:00 2001 From: laurenw-arm Date: Thu, 1 Dec 2022 16:54:50 -0600 Subject: [PATCH] docs(arm): add ARM_ROTPK_LOCATION variant full key Updating documentation to reflect the new ARM_ROTPK_LOCATION variant of the full ROTPK, as opposed to the hash of it. Change-Id: I0f83c519bd607ef1270c7d30ee9bc55451ce4ae2 Signed-off-by: Lauren Wehrmeister --- docs/design/trusted-board-boot-build.rst | 5 ++++- docs/plat/arm/arm-build-options.rst | 16 ++++++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/design/trusted-board-boot-build.rst b/docs/design/trusted-board-boot-build.rst index c3f3a2f53..caf367b66 100644 --- a/docs/design/trusted-board-boot-build.rst +++ b/docs/design/trusted-board-boot-build.rst @@ -42,7 +42,7 @@ images with support for these features: are loaded from that path instead of the default OS path. Export this variable if necessary. - In the case of Arm platforms, the location of the ROTPK hash must also be + In the case of Arm platforms, the location of the ROTPK must also be specified at build time. The following locations are currently supported (see ``ARM_ROTPK_LOCATION`` build option): @@ -62,6 +62,9 @@ images with support for these features: ``plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin``. Enforce generation of the new hash if ``ROT_KEY`` is specified. + - ``ARM_ROTPK_LOCATION=devel_full_dev_rsa_key``: use the key located in + ``plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S``. + Example of command line using RSA development keys: .. code:: shell diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst index 407c04bbb..68eb3ecd6 100644 --- a/docs/plat/arm/arm-build-options.rst +++ b/docs/plat/arm/arm-build-options.rst @@ -49,7 +49,7 @@ Arm Platform Build Options field of power-state parameter. - ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the - location of the ROTPK hash returned by the function ``plat_get_rotpk_info()`` + location of the ROTPK returned by the function ``plat_get_rotpk_info()`` for Arm platforms. Depending on the selected option, the proper private key must be specified using the ``ROT_KEY`` option when building the Trusted Firmware. This private key will be used by the certificate generation tool @@ -68,12 +68,16 @@ Arm Platform Build Options ``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as ``ROT_KEY`` when creating the certificates. + - ``devel_full_dev_rsa_key`` : returns a development public key embedded in + the BL1 and BL2 binaries. This key has been obtained from the RSA public + key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``. -- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``. Specifies the - location of the ROTPK hash. Not expected to be a build option. This defaults to - ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified algorithm. - Providing ``ROT_KEY`` enforces generation of the hash from the ``ROT_KEY`` and - overwrites the default hash file. +- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding + ``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not + expected to be a build option. This defaults to + ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified + algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the + ``ROT_KEY`` and overwrites the default hash file. - ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options: