trusted-board-boot.rst - OpenGrok cross reference for /trusted-firmware-a-latest/docs/design/trusted-board-boot.rst

Lines Matching refs:in
11 Arm DEN0006D. It should be used in conjunction with the
21 -  A SHA-256 hash of the Root of Trust Public Key (ROTPK). It is stored in the
26 -  The BL1 image, on the assumption that it resides in ROM so cannot be
29 The remaining components in the CoT are either certificates or boot loader
47 extension fields in the `X.509 v3`_ certificates.
59    secure world images (SCP_BL2, BL31 and BL32). The public part is stored in
60    one of the extension fields in the trusted world certificate.
65    non secure world image (BL33). The public part is stored in one of the
66    extension fields in the trusted world certificate.
72    in one of the extension fields in the corresponding key certificate.
74 The following images are included in the CoT:
191 BL1 and BL2 code, and in tool code on the host build machine. The feature is
192 enabled through use of specific build flags as described in
195 On the host machine, a tool generates the certificates, which are included in
196 the FIP along with the boot loader images. These certificates are loaded in
198 Authentication module included in TF-A.
201 described in the following sections.
206 The authentication framework included in TF-A provides support to implement
208 implement the boot requirements specified in the
211 More information about the authentication framework can be found in the
219 and keys as inputs and generates the certificates (in DER format) required to
220 establish the CoT. The input keys must either be a file in PEM format or a
221 PKCS11 URI in case a HSM is used. New keys can be generated by the tool in
225 The certificates are also stored individually in the output build directory.
227 The tool resides in the ``tools/cert_create`` directory. It uses the OpenSSL SSL
229 library that is required is given in the :ref:`Prerequisites` document.
237 The authenticated encryption framework included in TF-A provides support to
240 R060_TBBR_FUNCTION as specified in the `Trusted Board Boot Requirements (TBBR)`_
251 The encrypted firmwares are also stored individually in the output build
254 The tool resides in the ``tools/encrypt_fw`` directory. It uses OpenSSL SSL
256 Instructions for building and using the tool can be found in the