cot-binding.rst 9.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374
  1. Chain of trust bindings
  2. =======================
  3. The device tree allows to describe the chain of trust with the help of
  4. 'cot' node which contain 'manifests' and 'images' as sub-nodes.
  5. 'manifests' and 'images' nodes contains number of sub-nodes (i.e. 'certificate'
  6. and 'image' nodes) mentioning properties of the certificate and image respectively.
  7. Also, device tree describes 'non-volatile-counters' node which contains number of
  8. sub-nodes mentioning properties of all non-volatile-counters used in the chain of trust.
  9. cot
  10. ------------------------------------------------------------------
  11. This is root node which contains 'manifests' and 'images' as sub-nodes
  12. Manifests and Certificate node bindings definition
  13. ----------------------------------------------------------------
  14. - Manifests node
  15. Description: Container of certificate nodes.
  16. PROPERTIES
  17. - compatible:
  18. Usage: required
  19. Value type: <string>
  20. Definition: must be "arm, cert-descs"
  21. - Certificate node
  22. Description:
  23. Describes certificate properties which are used
  24. during the authentication process.
  25. PROPERTIES
  26. - root-certificate
  27. Usage:
  28. Required for the certificate with no parent.
  29. In other words, certificates which are validated
  30. using root of trust public key.
  31. Value type: <boolean>
  32. - image-id
  33. Usage: Required for every certificate with unique id.
  34. Value type: <u32>
  35. - parent
  36. Usage:
  37. It refers to their parent image, which typically contains
  38. information to authenticate the certificate.
  39. This property is required for all non-root certificates.
  40. This property is not required for root-certificates
  41. as root-certificates are validated using root of trust
  42. public key provided by platform.
  43. Value type: <phandle>
  44. - signing-key
  45. Usage:
  46. For non-root certificates, this property is used to refer
  47. public key node present in parent certificate node and it is
  48. required property for all non-root certificates which are
  49. authenticated using public-key present in parent certificate.
  50. This property is not required for all root-certificates. If
  51. omitted, the root certificate will be validated using the
  52. default platform ROTPK. If instead the root certificate needs
  53. validating using a different ROTPK, the signing-key property
  54. should provide a reference to the ROTPK node to use.
  55. Value type: <phandle>
  56. - antirollback-counter
  57. Usage:
  58. This property is used by all certificates which are
  59. protected against rollback attacks using a non-volatile
  60. counter and it is an optional property.
  61. This property is used to refer one of the non-volatile
  62. counter sub-node present in 'non-volatile counters' node.
  63. Value type: <phandle>
  64. SUBNODES
  65. - Description:
  66. Hash and public key information present in the certificate
  67. are shown by these nodes.
  68. - public key node
  69. Description: Provide public key information in the certificate.
  70. PROPERTIES
  71. - oid
  72. Usage:
  73. This property provides the Object ID of public key
  74. provided in the certificate with the help of which
  75. public key information can be extracted.
  76. Value type: <string>
  77. - hash node
  78. Description: Provide the hash information in the certificate.
  79. PROPERTIES
  80. - oid
  81. Usage:
  82. This property provides the Object ID of hash provided in
  83. the certificate with the help of which hash information
  84. can be extracted.
  85. Value type: <string>
  86. Example:
  87. .. code:: c
  88. cot {
  89. manifests {
  90. compatible = "arm, cert-descs”
  91. trusted-key-cert: trusted-key-cert {
  92. root-certificate;
  93. image-id = <TRUSTED_KEY_CERT_ID>;
  94. antirollback-counter = <&trusted_nv_ctr>;
  95. trusted-world-pk: trusted-world-pk {
  96. oid = TRUSTED_WORLD_PK_OID;
  97. };
  98. non-trusted-world-pk: non-trusted-world-pk {
  99. oid = NON_TRUSTED_WORLD_PK_OID;
  100. };
  101. };
  102. scp_fw_key_cert: scp_fw_key_cert {
  103. image-id = <SCP_FW_KEY_CERT_ID>;
  104. parent = <&trusted-key-cert>;
  105. signing-key = <&trusted_world_pk>;
  106. antirollback-counter = <&trusted_nv_ctr>;
  107. scp_fw_content_pk: scp_fw_content_pk {
  108. oid = SCP_FW_CONTENT_CERT_PK_OID;
  109. };
  110. };
  111. .
  112. .
  113. .
  114. next-certificate {
  115. };
  116. };
  117. };
  118. Images and Image node bindings definition
  119. -----------------------------------------
  120. - Images node
  121. Description: Container of image nodes
  122. PROPERTIES
  123. - compatible:
  124. Usage: required
  125. Value type: <string>
  126. Definition: must be "arm, img-descs"
  127. - Image node
  128. Description:
  129. Describes image properties which will be used during
  130. authentication process.
  131. PROPERTIES
  132. - image-id
  133. Usage: Required for every image with unique id.
  134. Value type: <u32>
  135. - parent
  136. Usage:
  137. Required for every image to provide a reference to
  138. its parent image, which contains the necessary information
  139. to authenticate it.
  140. Value type: <phandle>
  141. - hash
  142. Usage:
  143. Required for all images which are validated using
  144. hash method. This property is used to refer hash
  145. node present in parent certificate node.
  146. Value type: <phandle>
  147. Note:
  148. Currently, all images are validated using 'hash'
  149. method. In future, there may be multiple methods can
  150. be used to validate the image.
  151. Example:
  152. .. code:: c
  153. cot {
  154. images {
  155. compatible = "arm, img-descs";
  156. scp_bl2_image {
  157. image-id = <SCP_BL2_IMAGE_ID>;
  158. parent = <&scp_fw_content_cert>;
  159. hash = <&scp_fw_hash>;
  160. };
  161. .
  162. .
  163. .
  164. next-img {
  165. };
  166. };
  167. };
  168. non-volatile counter node binding definition
  169. --------------------------------------------
  170. - non-volatile counters node
  171. Description: Contains properties for non-volatile counters.
  172. PROPERTIES
  173. - compatible:
  174. Usage: required
  175. Value type: <string>
  176. Definition: must be "arm, non-volatile-counter"
  177. - #address-cells
  178. Usage: required
  179. Value type: <u32>
  180. Definition:
  181. Must be set according to address size
  182. of non-volatile counter register
  183. - #size-cells
  184. Usage: required
  185. Value type: <u32>
  186. Definition: must be set to 0
  187. SUBNODE
  188. - counters node
  189. Description: Contains various non-volatile counters present in the platform.
  190. PROPERTIES
  191. - id
  192. Usage: Required for every nv-counter with unique id.
  193. Value type: <u32>
  194. - reg
  195. Usage:
  196. Register base address of non-volatile counter and it is required
  197. property.
  198. Value type: <u32>
  199. - oid
  200. Usage:
  201. This property provides the Object ID of non-volatile counter
  202. provided in the certificate and it is required property.
  203. Value type: <string>
  204. Example:
  205. Below is non-volatile counters example for ARM platform
  206. .. code:: c
  207. non_volatile_counters: non_volatile_counters {
  208. compatible = "arm, non-volatile-counter";
  209. #address-cells = <1>;
  210. #size-cells = <0>;
  211. trusted_nv_ctr: trusted_nv_ctr {
  212. id = <TRUSTED_NV_CTR_ID>;
  213. reg = <TFW_NVCTR_BASE>;
  214. oid = TRUSTED_FW_NVCOUNTER_OID;
  215. };
  216. non_trusted_nv_ctr: non_trusted_nv_ctr {
  217. id = <NON_TRUSTED_NV_CTR_ID>;
  218. reg = <NTFW_CTR_BASE>;
  219. oid = NON_TRUSTED_FW_NVCOUNTER_OID;
  220. };
  221. };
  222. rot_keys node binding definition
  223. ---------------------------------
  224. - rot_keys node
  225. Description: Contains root-of-trust keys for the root certificates.
  226. SUBNODES
  227. - Description:
  228. Root of trust key information present in the root certificates
  229. are shown by these nodes.
  230. - rot key node
  231. Description: Provide ROT key information in the certificate.
  232. PROPERTIES
  233. - oid
  234. Usage:
  235. This property provides the Object ID of ROT key provided
  236. in the certificate.
  237. Value type: <string>
  238. Example:
  239. Below is rot_keys example for CCA platform
  240. .. code:: c
  241. rot_keys {
  242. swd_rot_pk: swd_rot_pk {
  243. oid = SWD_ROT_PK_OID;
  244. };
  245. prot_pk: prot_pk {
  246. oid = PROT_PK_OID;
  247. };
  248. };
  249. Future update to chain of trust binding
  250. ---------------------------------------
  251. This binding document needs to be revisited to generalise some terminologies
  252. which are currently specific to X.509 certificates for e.g. Object IDs.
  253. *Copyright (c) 2020-2024, Arm Limited. All rights reserved.*