Introduce a new "dualroot" chain of trust

Fork: 0

LuminaSensum / arm-trusted-firmware

Browse code Introduce a new "dualroot" chain of trust This new chain of trust defines 2 independent signing domains: 1) One for the silicon firmware (BL1, BL2, BL31) and optionally the Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR CoT. 2) One for the Normal World Bootloader (BL33). It is rooted in a new key called Platform ROTPK, or PROTPK for short. In terms of certificates chain, - Signing domain 1) is similar to what TBBR advocates (see page 21 of the TBBR specification), except that the Non-Trusted World Public Key has been removed from the Trusted Key Certificate. - Signing domain 2) only contains the Non-Trusted World Content certificate, which provides the hash of the Non-Trusted World Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World Key certificate for simplicity. Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> WIP_v2.3-LS master v2.4-LS v2.3-rc2 v2.3-rc1 v2.3-rc0 v2.3
1 parent 2f39c55 commit 5ab8b7170e2ba6649cc856778a517c0c686c653a Sandrine Bailleux authored on 6 Feb 2020

Browse code

This new chain of trust defines 2 independent signing domains:

1) One for the silicon firmware (BL1, BL2, BL31) and optionally the
   Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR
   CoT.

2) One for the Normal World Bootloader (BL33). It is rooted in a new key
   called Platform ROTPK, or PROTPK for short.

In terms of certificates chain,

- Signing domain 1) is similar to what TBBR advocates (see page 21 of
  the TBBR specification), except that the Non-Trusted World Public Key
  has been removed from the Trusted Key Certificate.

- Signing domain 2) only contains the Non-Trusted World Content
  certificate, which provides the hash of the Non-Trusted World
  Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World
  Key certificate for simplicity.

Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

WIP_v2.3-LS master v2.4-LS v2.3-rc2 v2.3-rc1 v2.3-rc0 v2.3

1 parent 2f39c55 commit 5ab8b7170e2ba6649cc856778a517c0c686c653a

Sandrine Bailleux authored on 6 Feb 2020

Patch

Unified Split

Showing 2 changed files

Ignore Space Show notes View drivers/auth/dualroot/cot.c 0 → 100644

Ignore Space Show notes View include/tools_share/dualroot_oid.h 0 → 100644

Show line notes below