mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-25 22:35:42 +00:00
56b741d3e4
This chain of trust is targeted at Arm CCA solutions and defines 3 independent signing domains: 1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1] refers to the CCA signing domain as the provider of CCA components running on the CCA platform. The CCA signing domain might be independent from other signing domains providing other firmware blobs. The CCA platform is a collective term used to identify all hardware and firmware components involved in delivering the CCA security guarantee. Hence, all hardware and firmware components on a CCA enabled system that a Realm is required to trust. In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and associated configuration files. The CCA signing domain is rooted in the Silicon ROTPK, just as in the TBBR CoT. 2) Non-CCA Secure World signing domain. This includes SPMC (and associated configuration file) as the expected BL32 image as well as SiP-owned secure partitions. It is rooted in a new SiP-owned key called Secure World ROTPK, or SWD_ROTPK for short. 3) Platform owner signing domain. This includes BL33 (and associated configuration file) and the platform owner's secure partitions. It is rooted in the Platform ROTPK, or PROTPK. [1] https://developer.arm.com/documentation/DEN0096/A_a Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I6ffef3f53d710e6a2072fb4374401249122a2805
28 lines
820 B
C
28 lines
820 B
C
/*
|
|
* Copyright (c) 2022, Arm Limited. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef CCA_OID_H
|
|
#define CCA_OID_H
|
|
|
|
/* Reuse the Object IDs defined by TBBR for certificate extensions. */
|
|
#include "tbbr_oid.h"
|
|
|
|
/*
|
|
* Assign arbitrary Object ID values that do not conflict with any of the
|
|
* TBBR reserved OIDs.
|
|
*/
|
|
/* Platform root-of-trust public key */
|
|
#define PROT_PK_OID "1.3.6.1.4.1.4128.2100.1102"
|
|
/* Secure World root-of-trust public key */
|
|
#define SWD_ROT_PK_OID "1.3.6.1.4.1.4128.2100.1103"
|
|
/* Core Secure World public key */
|
|
#define CORE_SWD_PK_OID "1.3.6.1.4.1.4128.2100.1104"
|
|
/* Platform public key */
|
|
#define PLAT_PK_OID "1.3.6.1.4.1.4128.2100.1105"
|
|
/* Realm Monitor Manager (RMM) Hash */
|
|
#define RMM_HASH_OID "1.3.6.1.4.1.4128.2100.1106"
|
|
|
|
#endif /* CCA_OID_H */
|