123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374 |
- Chain of trust bindings
- =======================
- The device tree allows to describe the chain of trust with the help of
- 'cot' node which contain 'manifests' and 'images' as sub-nodes.
- 'manifests' and 'images' nodes contains number of sub-nodes (i.e. 'certificate'
- and 'image' nodes) mentioning properties of the certificate and image respectively.
- Also, device tree describes 'non-volatile-counters' node which contains number of
- sub-nodes mentioning properties of all non-volatile-counters used in the chain of trust.
- cot
- ------------------------------------------------------------------
- This is root node which contains 'manifests' and 'images' as sub-nodes
- Manifests and Certificate node bindings definition
- ----------------------------------------------------------------
- - Manifests node
- Description: Container of certificate nodes.
- PROPERTIES
- - compatible:
- Usage: required
- Value type: <string>
- Definition: must be "arm, cert-descs"
- - Certificate node
- Description:
- Describes certificate properties which are used
- during the authentication process.
- PROPERTIES
- - root-certificate
- Usage:
- Required for the certificate with no parent.
- In other words, certificates which are validated
- using root of trust public key.
- Value type: <boolean>
- - image-id
- Usage: Required for every certificate with unique id.
- Value type: <u32>
- - parent
- Usage:
- It refers to their parent image, which typically contains
- information to authenticate the certificate.
- This property is required for all non-root certificates.
- This property is not required for root-certificates
- as root-certificates are validated using root of trust
- public key provided by platform.
- Value type: <phandle>
- - signing-key
- Usage:
- For non-root certificates, this property is used to refer
- public key node present in parent certificate node and it is
- required property for all non-root certificates which are
- authenticated using public-key present in parent certificate.
- This property is not required for all root-certificates. If
- omitted, the root certificate will be validated using the
- default platform ROTPK. If instead the root certificate needs
- validating using a different ROTPK, the signing-key property
- should provide a reference to the ROTPK node to use.
- Value type: <phandle>
- - antirollback-counter
- Usage:
- This property is used by all certificates which are
- protected against rollback attacks using a non-volatile
- counter and it is an optional property.
- This property is used to refer one of the non-volatile
- counter sub-node present in 'non-volatile counters' node.
- Value type: <phandle>
- SUBNODES
- - Description:
- Hash and public key information present in the certificate
- are shown by these nodes.
- - public key node
- Description: Provide public key information in the certificate.
- PROPERTIES
- - oid
- Usage:
- This property provides the Object ID of public key
- provided in the certificate with the help of which
- public key information can be extracted.
- Value type: <string>
- - hash node
- Description: Provide the hash information in the certificate.
- PROPERTIES
- - oid
- Usage:
- This property provides the Object ID of hash provided in
- the certificate with the help of which hash information
- can be extracted.
- Value type: <string>
- Example:
- .. code:: c
- cot {
- manifests {
- compatible = "arm, cert-descs”
- trusted-key-cert: trusted-key-cert {
- root-certificate;
- image-id = <TRUSTED_KEY_CERT_ID>;
- antirollback-counter = <&trusted_nv_ctr>;
- trusted-world-pk: trusted-world-pk {
- oid = TRUSTED_WORLD_PK_OID;
- };
- non-trusted-world-pk: non-trusted-world-pk {
- oid = NON_TRUSTED_WORLD_PK_OID;
- };
- };
- scp_fw_key_cert: scp_fw_key_cert {
- image-id = <SCP_FW_KEY_CERT_ID>;
- parent = <&trusted-key-cert>;
- signing-key = <&trusted_world_pk>;
- antirollback-counter = <&trusted_nv_ctr>;
- scp_fw_content_pk: scp_fw_content_pk {
- oid = SCP_FW_CONTENT_CERT_PK_OID;
- };
- };
- .
- .
- .
- next-certificate {
- };
- };
- };
- Images and Image node bindings definition
- -----------------------------------------
- - Images node
- Description: Container of image nodes
- PROPERTIES
- - compatible:
- Usage: required
- Value type: <string>
- Definition: must be "arm, img-descs"
- - Image node
- Description:
- Describes image properties which will be used during
- authentication process.
- PROPERTIES
- - image-id
- Usage: Required for every image with unique id.
- Value type: <u32>
- - parent
- Usage:
- Required for every image to provide a reference to
- its parent image, which contains the necessary information
- to authenticate it.
- Value type: <phandle>
- - hash
- Usage:
- Required for all images which are validated using
- hash method. This property is used to refer hash
- node present in parent certificate node.
- Value type: <phandle>
- Note:
- Currently, all images are validated using 'hash'
- method. In future, there may be multiple methods can
- be used to validate the image.
- Example:
- .. code:: c
- cot {
- images {
- compatible = "arm, img-descs";
- scp_bl2_image {
- image-id = <SCP_BL2_IMAGE_ID>;
- parent = <&scp_fw_content_cert>;
- hash = <&scp_fw_hash>;
- };
- .
- .
- .
- next-img {
- };
- };
- };
- non-volatile counter node binding definition
- --------------------------------------------
- - non-volatile counters node
- Description: Contains properties for non-volatile counters.
- PROPERTIES
- - compatible:
- Usage: required
- Value type: <string>
- Definition: must be "arm, non-volatile-counter"
- - #address-cells
- Usage: required
- Value type: <u32>
- Definition:
- Must be set according to address size
- of non-volatile counter register
- - #size-cells
- Usage: required
- Value type: <u32>
- Definition: must be set to 0
- SUBNODE
- - counters node
- Description: Contains various non-volatile counters present in the platform.
- PROPERTIES
- - id
- Usage: Required for every nv-counter with unique id.
- Value type: <u32>
- - reg
- Usage:
- Register base address of non-volatile counter and it is required
- property.
- Value type: <u32>
- - oid
- Usage:
- This property provides the Object ID of non-volatile counter
- provided in the certificate and it is required property.
- Value type: <string>
- Example:
- Below is non-volatile counters example for ARM platform
- .. code:: c
- non_volatile_counters: non_volatile_counters {
- compatible = "arm, non-volatile-counter";
- #address-cells = <1>;
- #size-cells = <0>;
- trusted_nv_ctr: trusted_nv_ctr {
- id = <TRUSTED_NV_CTR_ID>;
- reg = <TFW_NVCTR_BASE>;
- oid = TRUSTED_FW_NVCOUNTER_OID;
- };
- non_trusted_nv_ctr: non_trusted_nv_ctr {
- id = <NON_TRUSTED_NV_CTR_ID>;
- reg = <NTFW_CTR_BASE>;
- oid = NON_TRUSTED_FW_NVCOUNTER_OID;
- };
- };
- rot_keys node binding definition
- ---------------------------------
- - rot_keys node
- Description: Contains root-of-trust keys for the root certificates.
- SUBNODES
- - Description:
- Root of trust key information present in the root certificates
- are shown by these nodes.
- - rot key node
- Description: Provide ROT key information in the certificate.
- PROPERTIES
- - oid
- Usage:
- This property provides the Object ID of ROT key provided
- in the certificate.
- Value type: <string>
- Example:
- Below is rot_keys example for CCA platform
- .. code:: c
- rot_keys {
- swd_rot_pk: swd_rot_pk {
- oid = SWD_ROT_PK_OID;
- };
- prot_pk: prot_pk {
- oid = PROT_PK_OID;
- };
- };
- Future update to chain of trust binding
- ---------------------------------------
- This binding document needs to be revisited to generalise some terminologies
- which are currently specific to X.509 certificates for e.g. Object IDs.
- *Copyright (c) 2020-2024, Arm Limited. All rights reserved.*
|