Chain of trust bindings ======================= The device tree allows to describe the chain of trust with the help of 'cot' node which contain 'manifests' and 'images' as sub-nodes. 'manifests' and 'images' nodes contains number of sub-nodes (i.e. 'certificate' and 'image' nodes) mentioning properties of the certificate and image respectively. Also, device tree describes 'non-volatile-counters' node which contains number of sub-nodes mentioning properties of all non-volatile-counters used in the chain of trust. cot ------------------------------------------------------------------ This is root node which contains 'manifests' and 'images' as sub-nodes Manifests and Certificate node bindings definition ---------------------------------------------------------------- - Manifests node Description: Container of certificate nodes. PROPERTIES - compatible: Usage: required Value type: Definition: must be "arm, cert-descs" - Certificate node Description: Describes certificate properties which are used during the authentication process. PROPERTIES - root-certificate Usage: Required for the certificate with no parent. In other words, certificates which are validated using root of trust public key. Value type: - image-id Usage: Required for every certificate with unique id. Value type: - parent Usage: It refers to their parent image, which typically contains information to authenticate the certificate. This property is required for all non-root certificates. This property is not required for root-certificates as root-certificates are validated using root of trust public key provided by platform. Value type: - signing-key Usage: For non-root certificates, this property is used to refer public key node present in parent certificate node and it is required property for all non-root certificates which are authenticated using public-key present in parent certificate. This property is not required for all root-certificates. If omitted, the root certificate will be validated using the default platform ROTPK. If instead the root certificate needs validating using a different ROTPK, the signing-key property should provide a reference to the ROTPK node to use. Value type: - antirollback-counter Usage: This property is used by all certificates which are protected against rollback attacks using a non-volatile counter and it is an optional property. This property is used to refer one of the non-volatile counter sub-node present in 'non-volatile counters' node. Value type: SUBNODES - Description: Hash and public key information present in the certificate are shown by these nodes. - public key node Description: Provide public key information in the certificate. PROPERTIES - oid Usage: This property provides the Object ID of public key provided in the certificate with the help of which public key information can be extracted. Value type: - hash node Description: Provide the hash information in the certificate. PROPERTIES - oid Usage: This property provides the Object ID of hash provided in the certificate with the help of which hash information can be extracted. Value type: Example: .. code:: c cot { manifests { compatible = "arm, cert-descs” trusted-key-cert: trusted-key-cert { root-certificate; image-id = ; antirollback-counter = <&trusted_nv_ctr>; trusted-world-pk: trusted-world-pk { oid = TRUSTED_WORLD_PK_OID; }; non-trusted-world-pk: non-trusted-world-pk { oid = NON_TRUSTED_WORLD_PK_OID; }; }; scp_fw_key_cert: scp_fw_key_cert { image-id = ; parent = <&trusted-key-cert>; signing-key = <&trusted_world_pk>; antirollback-counter = <&trusted_nv_ctr>; scp_fw_content_pk: scp_fw_content_pk { oid = SCP_FW_CONTENT_CERT_PK_OID; }; }; . . . next-certificate { }; }; }; Images and Image node bindings definition ----------------------------------------- - Images node Description: Container of image nodes PROPERTIES - compatible: Usage: required Value type: Definition: must be "arm, img-descs" - Image node Description: Describes image properties which will be used during authentication process. PROPERTIES - image-id Usage: Required for every image with unique id. Value type: - parent Usage: Required for every image to provide a reference to its parent image, which contains the necessary information to authenticate it. Value type: - hash Usage: Required for all images which are validated using hash method. This property is used to refer hash node present in parent certificate node. Value type: Note: Currently, all images are validated using 'hash' method. In future, there may be multiple methods can be used to validate the image. Example: .. code:: c cot { images { compatible = "arm, img-descs"; scp_bl2_image { image-id = ; parent = <&scp_fw_content_cert>; hash = <&scp_fw_hash>; }; . . . next-img { }; }; }; non-volatile counter node binding definition -------------------------------------------- - non-volatile counters node Description: Contains properties for non-volatile counters. PROPERTIES - compatible: Usage: required Value type: Definition: must be "arm, non-volatile-counter" - #address-cells Usage: required Value type: Definition: Must be set according to address size of non-volatile counter register - #size-cells Usage: required Value type: Definition: must be set to 0 SUBNODE - counters node Description: Contains various non-volatile counters present in the platform. PROPERTIES - id Usage: Required for every nv-counter with unique id. Value type: - reg Usage: Register base address of non-volatile counter and it is required property. Value type: - oid Usage: This property provides the Object ID of non-volatile counter provided in the certificate and it is required property. Value type: Example: Below is non-volatile counters example for ARM platform .. code:: c non_volatile_counters: non_volatile_counters { compatible = "arm, non-volatile-counter"; #address-cells = <1>; #size-cells = <0>; trusted_nv_ctr: trusted_nv_ctr { id = ; reg = ; oid = TRUSTED_FW_NVCOUNTER_OID; }; non_trusted_nv_ctr: non_trusted_nv_ctr { id = ; reg = ; oid = NON_TRUSTED_FW_NVCOUNTER_OID; }; }; rot_keys node binding definition --------------------------------- - rot_keys node Description: Contains root-of-trust keys for the root certificates. SUBNODES - Description: Root of trust key information present in the root certificates are shown by these nodes. - rot key node Description: Provide ROT key information in the certificate. PROPERTIES - oid Usage: This property provides the Object ID of ROT key provided in the certificate. Value type: Example: Below is rot_keys example for CCA platform .. code:: c rot_keys { swd_rot_pk: swd_rot_pk { oid = SWD_ROT_PK_OID; }; prot_pk: prot_pk { oid = PROT_PK_OID; }; }; Future update to chain of trust binding --------------------------------------- This binding document needs to be revisited to generalise some terminologies which are currently specific to X.509 certificates for e.g. Object IDs. *Copyright (c) 2020-2024, Arm Limited. All rights reserved.*