docs(arm): add ARM_ROTPK_LOCATION variant full key

Updating documentation to reflect the new ARM_ROTPK_LOCATION variant of the full ROTPK, as opposed to the hash of it. Change-Id: I0f83c519bd607ef1270c7d30ee9bc55451ce4ae2 Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
2025-04-17 10:04:26 +00:00 · 2022-12-01 16:54:50 -06:00 · 2022-12-01 16:54:50 -06:00 · 9b1dad8bb5
commit 9b1dad8bb5
parent 5f899286ea
2 changed files with 14 additions and 7 deletions
--- a/docs/design/trusted-board-boot-build.rst
+++ b/docs/design/trusted-board-boot-build.rst
@ -42,7 +42,7 @@ images with support for these features:
   are loaded from that path instead of the default OS path. Export this
   variable if necessary.

-   In the case of Arm platforms, the location of the ROTPK hash must also be
+   In the case of Arm platforms, the location of the ROTPK must also be
   specified at build time. The following locations are currently supported (see
   ``ARM_ROTPK_LOCATION`` build option):

@ -62,6 +62,9 @@ images with support for these features:
      ``plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin``. Enforce
      generation of the new hash if ``ROT_KEY`` is specified.

+   -  ``ARM_ROTPK_LOCATION=devel_full_dev_rsa_key``: use the key located in
+      ``plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S``.
+
   Example of command line using RSA development keys:

   .. code:: shell
--- a/docs/plat/arm/arm-build-options.rst
+++ b/docs/plat/arm/arm-build-options.rst
@ -49,7 +49,7 @@ Arm Platform Build Options
   field of power-state parameter.

 -  ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the
-   location of the ROTPK hash returned by the function ``plat_get_rotpk_info()``
+   location of the ROTPK returned by the function ``plat_get_rotpk_info()``
   for Arm platforms. Depending on the selected option, the proper private key
   must be specified using the ``ROT_KEY`` option when building the Trusted
   Firmware. This private key will be used by the certificate generation tool
@ -68,12 +68,16 @@ Arm Platform Build Options
      ``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To
      use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as
      ``ROT_KEY`` when creating the certificates.
+   -  ``devel_full_dev_rsa_key`` : returns a development public key embedded in
+      the BL1 and BL2 binaries. This key has been obtained from the RSA public
+      key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``.

-  ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``. Specifies the
-   location of the ROTPK hash. Not expected to be a build option. This defaults to
-   ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified algorithm.
-   Providing ``ROT_KEY`` enforces generation of the hash from the ``ROT_KEY`` and
-   overwrites the default hash file.
+-  ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding
+   ``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not
+   expected to be a build option. This defaults to
+   ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified
+   algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the
+   ``ROT_KEY`` and overwrites the default hash file.

 -  ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options: