mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-15 00:54:22 +00:00
624c9a0b38
Changes all occurrences of "RSS" and "rss" in the documentation to "RSE" and "rse". Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: Ia42078f5faa1db331b1e5a35f01faeaf1afacb5f
39 lines
1.5 KiB
Text
39 lines
1.5 KiB
Text
@startuml
|
|
skinparam ParticipantPadding 10
|
|
skinparam BoxPadding 10
|
|
box AP
|
|
participant RMM
|
|
participant BL31
|
|
endbox
|
|
box RSE
|
|
participant DelegAttest
|
|
participant InitAttest
|
|
participant MeasuredBoot
|
|
participant Crypto
|
|
endbox
|
|
|
|
== RMM Boot phase ==
|
|
|
|
RMM -> BL31: get_realm_key(\n\t**hash_algo**, ...)
|
|
BL31 -> DelegAttest: get_delegated_key
|
|
DelegAttest -> MeasuredBoot: read_measurement
|
|
Rnote over DelegAttest: Compute input\n\ for key derivation\n\ (hash of measurements)
|
|
DelegAttest -> Crypto: derive_key
|
|
Rnote over DelegAttest: Compute public key\n\ hash with **hash_algo**.
|
|
Rnote over Crypto: Seed is provisioned\n\ in the factory.
|
|
DelegAttest --> BL31: get_delegated_key
|
|
BL31 --> RMM: get_realm_key
|
|
Rnote over RMM: Only private key\n\ is returned. Public\n\ key and its hash\n\ must be computed.\n\
|
|
Public key is included\n\ in the realm token.\n\ Its hash is the input\n\ for get_platform_token
|
|
RMM -> BL31: get_platform_token(\n\t**pub_key_hash**, ...)
|
|
BL31 -> DelegAttest: get_delegated_token
|
|
Rnote over DelegAttest: Check **pub_key_hash**\n\ against derived key.
|
|
DelegAttest -> InitAttest: get_initial_token
|
|
Rnote over InitAttest: Create the token including\n\ the **pub_key_hash** as the\n\ challenge claim
|
|
InitAttest -> MeasuredBoot: read_measurement
|
|
InitAttest -> Crypto: sign_token
|
|
InitAttest --> DelegAttest: get_initial_token
|
|
DelegAttest --> BL31: get_delegated_token
|
|
BL31 --> RMM: get_platform_token
|
|
Rnote over RMM: Platform token is\n\ cached. It is not\n\ changing within\n\ a power cycle.
|
|
@enduml
|