github
/
arm-trusted-firmware
mirror of https://github.com/ARM-software/arm-trusted-firmware.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

docs(arm): add ARM_ROTPK_LOCATION variant full key 

Updating documentation to reflect the new ARM_ROTPK_LOCATION variant of
the full ROTPK, as opposed to the hash of it.

Change-Id: I0f83c519bd607ef1270c7d30ee9bc55451ce4ae2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
pull/1992/head
laurenw-arm 2 years ago
parent
5f899286ea
commit
9b1dad8bb5
2 changed files with 15 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      docs/design/trusted-board-boot-build.rst
  2. 18
      docs/plat/arm/arm-build-options.rst

5
docs/design/trusted-board-boot-build.rst
View File

@ -42,7 +42,7 @@ images with support for these features:
are loaded from that path instead of the default OS path. Export this
variable if necessary.
In the case of Arm platforms, the location of the ROTPK hash must also be
In the case of Arm platforms, the location of the ROTPK must also be
specified at build time. The following locations are currently supported (see
``ARM_ROTPK_LOCATION`` build option):
@ -62,6 +62,9 @@ images with support for these features:
``plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin``. Enforce
generation of the new hash if ``ROT_KEY`` is specified.
- ``ARM_ROTPK_LOCATION=devel_full_dev_rsa_key``: use the key located in
``plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S``.
Example of command line using RSA development keys:
.. code:: shell

18
docs/plat/arm/arm-build-options.rst
View File

@ -49,7 +49,7 @@ Arm Platform Build Options
field of power-state parameter.
- ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the
location of the ROTPK hash returned by the function ``plat_get_rotpk_info()``
location of the ROTPK returned by the function ``plat_get_rotpk_info()``
for Arm platforms. Depending on the selected option, the proper private key
must be specified using the ``ROT_KEY`` option when building the Trusted
Firmware. This private key will be used by the certificate generation tool
@ -68,12 +68,16 @@ Arm Platform Build Options
``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To
use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as
``ROT_KEY`` when creating the certificates.
- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``. Specifies the
location of the ROTPK hash. Not expected to be a build option. This defaults to
``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified algorithm.
Providing ``ROT_KEY`` enforces generation of the hash from the ``ROT_KEY`` and
overwrites the default hash file.
- ``devel_full_dev_rsa_key`` : returns a development public key embedded in
the BL1 and BL2 binaries. This key has been obtained from the RSA public
key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``.
- ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding
``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not
expected to be a build option. This defaults to
``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified
algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the
``ROT_KEY`` and overwrites the default hash file.
- ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options:

Write Preview
Loading…
Cancel
Save