1*91f16700SchasingluluChain of trust bindings 2*91f16700Schasinglulu======================= 3*91f16700Schasinglulu 4*91f16700SchasingluluThe device tree allows to describe the chain of trust with the help of 5*91f16700Schasinglulu'cot' node which contain 'manifests' and 'images' as sub-nodes. 6*91f16700Schasinglulu'manifests' and 'images' nodes contains number of sub-nodes (i.e. 'certificate' 7*91f16700Schasingluluand 'image' nodes) mentioning properties of the certificate and image respectively. 8*91f16700Schasinglulu 9*91f16700SchasingluluAlso, device tree describes 'non-volatile-counters' node which contains number of 10*91f16700Schasinglulusub-nodes mentioning properties of all non-volatile-counters used in the chain of trust. 11*91f16700Schasinglulu 12*91f16700Schasinglulucot 13*91f16700Schasinglulu------------------------------------------------------------------ 14*91f16700SchasingluluThis is root node which contains 'manifests' and 'images' as sub-nodes 15*91f16700Schasinglulu 16*91f16700Schasinglulu 17*91f16700SchasingluluManifests and Certificate node bindings definition 18*91f16700Schasinglulu---------------------------------------------------------------- 19*91f16700Schasinglulu 20*91f16700Schasinglulu- Manifests node 21*91f16700Schasinglulu Description: Container of certificate nodes. 22*91f16700Schasinglulu 23*91f16700Schasinglulu PROPERTIES 24*91f16700Schasinglulu 25*91f16700Schasinglulu - compatible: 26*91f16700Schasinglulu Usage: required 27*91f16700Schasinglulu 28*91f16700Schasinglulu Value type: <string> 29*91f16700Schasinglulu 30*91f16700Schasinglulu Definition: must be "arm, cert-descs" 31*91f16700Schasinglulu 32*91f16700Schasinglulu- Certificate node 33*91f16700Schasinglulu Description: 34*91f16700Schasinglulu 35*91f16700Schasinglulu Describes certificate properties which are used 36*91f16700Schasinglulu during the authentication process. 37*91f16700Schasinglulu 38*91f16700Schasinglulu PROPERTIES 39*91f16700Schasinglulu 40*91f16700Schasinglulu - root-certificate 41*91f16700Schasinglulu Usage: 42*91f16700Schasinglulu 43*91f16700Schasinglulu Required for the certificate with no parent. 44*91f16700Schasinglulu In other words, certificates which are validated 45*91f16700Schasinglulu using root of trust public key. 46*91f16700Schasinglulu 47*91f16700Schasinglulu Value type: <boolean> 48*91f16700Schasinglulu 49*91f16700Schasinglulu - image-id 50*91f16700Schasinglulu Usage: Required for every certificate with unique id. 51*91f16700Schasinglulu 52*91f16700Schasinglulu Value type: <u32> 53*91f16700Schasinglulu 54*91f16700Schasinglulu - parent 55*91f16700Schasinglulu Usage: 56*91f16700Schasinglulu 57*91f16700Schasinglulu It refers to their parent image, which typically contains 58*91f16700Schasinglulu information to authenticate the certificate. 59*91f16700Schasinglulu This property is required for all non-root certificates. 60*91f16700Schasinglulu 61*91f16700Schasinglulu This property is not required for root-certificates 62*91f16700Schasinglulu as root-certificates are validated using root of trust 63*91f16700Schasinglulu public key provided by platform. 64*91f16700Schasinglulu 65*91f16700Schasinglulu Value type: <phandle> 66*91f16700Schasinglulu 67*91f16700Schasinglulu - signing-key 68*91f16700Schasinglulu Usage: 69*91f16700Schasinglulu 70*91f16700Schasinglulu This property is used to refer public key node present in 71*91f16700Schasinglulu parent certificate node and it is required property for all 72*91f16700Schasinglulu non-root certificates which are authenticated using public-key 73*91f16700Schasinglulu present in parent certificate. 74*91f16700Schasinglulu 75*91f16700Schasinglulu This property is not required for root-certificates 76*91f16700Schasinglulu as root-certificates are validated using root of trust 77*91f16700Schasinglulu public key provided by platform. 78*91f16700Schasinglulu 79*91f16700Schasinglulu Value type: <phandle> 80*91f16700Schasinglulu 81*91f16700Schasinglulu - antirollback-counter 82*91f16700Schasinglulu Usage: 83*91f16700Schasinglulu 84*91f16700Schasinglulu This property is used by all certificates which are 85*91f16700Schasinglulu protected against rollback attacks using a non-volatile 86*91f16700Schasinglulu counter and it is an optional property. 87*91f16700Schasinglulu 88*91f16700Schasinglulu This property is used to refer one of the non-volatile 89*91f16700Schasinglulu counter sub-node present in 'non-volatile counters' node. 90*91f16700Schasinglulu 91*91f16700Schasinglulu Value type: <phandle> 92*91f16700Schasinglulu 93*91f16700Schasinglulu 94*91f16700Schasinglulu SUBNODES 95*91f16700Schasinglulu - Description: 96*91f16700Schasinglulu 97*91f16700Schasinglulu Hash and public key information present in the certificate 98*91f16700Schasinglulu are shown by these nodes. 99*91f16700Schasinglulu 100*91f16700Schasinglulu - public key node 101*91f16700Schasinglulu Description: Provide public key information in the certificate. 102*91f16700Schasinglulu 103*91f16700Schasinglulu PROPERTIES 104*91f16700Schasinglulu 105*91f16700Schasinglulu - oid 106*91f16700Schasinglulu Usage: 107*91f16700Schasinglulu 108*91f16700Schasinglulu This property provides the Object ID of public key 109*91f16700Schasinglulu provided in the certificate which the help of which 110*91f16700Schasinglulu public key information can be extracted. 111*91f16700Schasinglulu 112*91f16700Schasinglulu Value type: <string> 113*91f16700Schasinglulu 114*91f16700Schasinglulu - hash node 115*91f16700Schasinglulu Description: Provide the hash information in the certificate. 116*91f16700Schasinglulu 117*91f16700Schasinglulu PROPERTIES 118*91f16700Schasinglulu 119*91f16700Schasinglulu - oid 120*91f16700Schasinglulu Usage: 121*91f16700Schasinglulu 122*91f16700Schasinglulu This property provides the Object ID of hash provided in 123*91f16700Schasinglulu the certificate which the help of which hash information 124*91f16700Schasinglulu can be extracted. 125*91f16700Schasinglulu 126*91f16700Schasinglulu Value type: <string> 127*91f16700Schasinglulu 128*91f16700SchasingluluExample: 129*91f16700Schasinglulu 130*91f16700Schasinglulu.. code:: c 131*91f16700Schasinglulu 132*91f16700Schasinglulu cot { 133*91f16700Schasinglulu manifests { 134*91f16700Schasinglulu compatible = "arm, cert-descs” 135*91f16700Schasinglulu 136*91f16700Schasinglulu trusted-key-cert: trusted-key-cert { 137*91f16700Schasinglulu root-certificate; 138*91f16700Schasinglulu image-id = <TRUSTED_KEY_CERT_ID>; 139*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 140*91f16700Schasinglulu 141*91f16700Schasinglulu trusted-world-pk: trusted-world-pk { 142*91f16700Schasinglulu oid = TRUSTED_WORLD_PK_OID; 143*91f16700Schasinglulu }; 144*91f16700Schasinglulu non-trusted-world-pk: non-trusted-world-pk { 145*91f16700Schasinglulu oid = NON_TRUSTED_WORLD_PK_OID; 146*91f16700Schasinglulu }; 147*91f16700Schasinglulu }; 148*91f16700Schasinglulu 149*91f16700Schasinglulu scp_fw_key_cert: scp_fw_key_cert { 150*91f16700Schasinglulu image-id = <SCP_FW_KEY_CERT_ID>; 151*91f16700Schasinglulu parent = <&trusted-key-cert>; 152*91f16700Schasinglulu signing-key = <&trusted_world_pk>; 153*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 154*91f16700Schasinglulu 155*91f16700Schasinglulu scp_fw_content_pk: scp_fw_content_pk { 156*91f16700Schasinglulu oid = SCP_FW_CONTENT_CERT_PK_OID; 157*91f16700Schasinglulu }; 158*91f16700Schasinglulu }; 159*91f16700Schasinglulu . 160*91f16700Schasinglulu . 161*91f16700Schasinglulu . 162*91f16700Schasinglulu 163*91f16700Schasinglulu next-certificate { 164*91f16700Schasinglulu 165*91f16700Schasinglulu }; 166*91f16700Schasinglulu }; 167*91f16700Schasinglulu }; 168*91f16700Schasinglulu 169*91f16700SchasingluluImages and Image node bindings definition 170*91f16700Schasinglulu----------------------------------------- 171*91f16700Schasinglulu 172*91f16700Schasinglulu- Images node 173*91f16700Schasinglulu Description: Container of image nodes 174*91f16700Schasinglulu 175*91f16700Schasinglulu PROPERTIES 176*91f16700Schasinglulu 177*91f16700Schasinglulu - compatible: 178*91f16700Schasinglulu Usage: required 179*91f16700Schasinglulu 180*91f16700Schasinglulu Value type: <string> 181*91f16700Schasinglulu 182*91f16700Schasinglulu Definition: must be "arm, img-descs" 183*91f16700Schasinglulu 184*91f16700Schasinglulu- Image node 185*91f16700Schasinglulu Description: 186*91f16700Schasinglulu 187*91f16700Schasinglulu Describes image properties which will be used during 188*91f16700Schasinglulu authentication process. 189*91f16700Schasinglulu 190*91f16700Schasinglulu PROPERTIES 191*91f16700Schasinglulu 192*91f16700Schasinglulu - image-id 193*91f16700Schasinglulu Usage: Required for every image with unique id. 194*91f16700Schasinglulu 195*91f16700Schasinglulu Value type: <u32> 196*91f16700Schasinglulu 197*91f16700Schasinglulu - parent 198*91f16700Schasinglulu Usage: 199*91f16700Schasinglulu 200*91f16700Schasinglulu Required for every image to provide a reference to 201*91f16700Schasinglulu its parent image, which contains the necessary information 202*91f16700Schasinglulu to authenticate it. 203*91f16700Schasinglulu 204*91f16700Schasinglulu Value type: <phandle> 205*91f16700Schasinglulu 206*91f16700Schasinglulu - hash 207*91f16700Schasinglulu Usage: 208*91f16700Schasinglulu 209*91f16700Schasinglulu Required for all images which are validated using 210*91f16700Schasinglulu hash method. This property is used to refer hash 211*91f16700Schasinglulu node present in parent certificate node. 212*91f16700Schasinglulu 213*91f16700Schasinglulu Value type: <phandle> 214*91f16700Schasinglulu 215*91f16700Schasinglulu Note: 216*91f16700Schasinglulu 217*91f16700Schasinglulu Currently, all images are validated using 'hash' 218*91f16700Schasinglulu method. In future, there may be multiple methods can 219*91f16700Schasinglulu be used to validate the image. 220*91f16700Schasinglulu 221*91f16700SchasingluluExample: 222*91f16700Schasinglulu 223*91f16700Schasinglulu.. code:: c 224*91f16700Schasinglulu 225*91f16700Schasinglulu cot { 226*91f16700Schasinglulu images { 227*91f16700Schasinglulu compatible = "arm, img-descs"; 228*91f16700Schasinglulu 229*91f16700Schasinglulu scp_bl2_image { 230*91f16700Schasinglulu image-id = <SCP_BL2_IMAGE_ID>; 231*91f16700Schasinglulu parent = <&scp_fw_content_cert>; 232*91f16700Schasinglulu hash = <&scp_fw_hash>; 233*91f16700Schasinglulu }; 234*91f16700Schasinglulu 235*91f16700Schasinglulu . 236*91f16700Schasinglulu . 237*91f16700Schasinglulu . 238*91f16700Schasinglulu 239*91f16700Schasinglulu next-img { 240*91f16700Schasinglulu 241*91f16700Schasinglulu }; 242*91f16700Schasinglulu }; 243*91f16700Schasinglulu }; 244*91f16700Schasinglulu 245*91f16700Schasinglulunon-volatile counter node binding definition 246*91f16700Schasinglulu-------------------------------------------- 247*91f16700Schasinglulu 248*91f16700Schasinglulu- non-volatile counters node 249*91f16700Schasinglulu Description: Contains properties for non-volatile counters. 250*91f16700Schasinglulu 251*91f16700Schasinglulu PROPERTIES 252*91f16700Schasinglulu 253*91f16700Schasinglulu - compatible: 254*91f16700Schasinglulu Usage: required 255*91f16700Schasinglulu 256*91f16700Schasinglulu Value type: <string> 257*91f16700Schasinglulu 258*91f16700Schasinglulu Definition: must be "arm, non-volatile-counter" 259*91f16700Schasinglulu 260*91f16700Schasinglulu - #address-cells 261*91f16700Schasinglulu Usage: required 262*91f16700Schasinglulu 263*91f16700Schasinglulu Value type: <u32> 264*91f16700Schasinglulu 265*91f16700Schasinglulu Definition: 266*91f16700Schasinglulu 267*91f16700Schasinglulu Must be set according to address size 268*91f16700Schasinglulu of non-volatile counter register 269*91f16700Schasinglulu 270*91f16700Schasinglulu - #size-cells 271*91f16700Schasinglulu Usage: required 272*91f16700Schasinglulu 273*91f16700Schasinglulu Value type: <u32> 274*91f16700Schasinglulu 275*91f16700Schasinglulu Definition: must be set to 0 276*91f16700Schasinglulu 277*91f16700Schasinglulu SUBNODE 278*91f16700Schasinglulu - counters node 279*91f16700Schasinglulu Description: Contains various non-volatile counters present in the platform. 280*91f16700Schasinglulu 281*91f16700Schasinglulu PROPERTIES 282*91f16700Schasinglulu - id 283*91f16700Schasinglulu Usage: Required for every nv-counter with unique id. 284*91f16700Schasinglulu 285*91f16700Schasinglulu Value type: <u32> 286*91f16700Schasinglulu 287*91f16700Schasinglulu - reg 288*91f16700Schasinglulu Usage: 289*91f16700Schasinglulu 290*91f16700Schasinglulu Register base address of non-volatile counter and it is required 291*91f16700Schasinglulu property. 292*91f16700Schasinglulu 293*91f16700Schasinglulu Value type: <u32> 294*91f16700Schasinglulu 295*91f16700Schasinglulu - oid 296*91f16700Schasinglulu Usage: 297*91f16700Schasinglulu 298*91f16700Schasinglulu This property provides the Object ID of non-volatile counter 299*91f16700Schasinglulu provided in the certificate and it is required property. 300*91f16700Schasinglulu 301*91f16700Schasinglulu Value type: <string> 302*91f16700Schasinglulu 303*91f16700SchasingluluExample: 304*91f16700SchasingluluBelow is non-volatile counters example for ARM platform 305*91f16700Schasinglulu 306*91f16700Schasinglulu.. code:: c 307*91f16700Schasinglulu 308*91f16700Schasinglulu non_volatile_counters: non_volatile_counters { 309*91f16700Schasinglulu compatible = "arm, non-volatile-counter"; 310*91f16700Schasinglulu #address-cells = <1>; 311*91f16700Schasinglulu #size-cells = <0>; 312*91f16700Schasinglulu 313*91f16700Schasinglulu trusted-nv-counter: trusted_nv_counter { 314*91f16700Schasinglulu id = <TRUSTED_NV_CTR_ID>; 315*91f16700Schasinglulu reg = <TFW_NVCTR_BASE>; 316*91f16700Schasinglulu oid = TRUSTED_FW_NVCOUNTER_OID; 317*91f16700Schasinglulu }; 318*91f16700Schasinglulu 319*91f16700Schasinglulu non_trusted_nv_counter: non_trusted_nv_counter { 320*91f16700Schasinglulu id = <NON_TRUSTED_NV_CTR_ID>; 321*91f16700Schasinglulu reg = <NTFW_CTR_BASE>; 322*91f16700Schasinglulu oid = NON_TRUSTED_FW_NVCOUNTER_OID; 323*91f16700Schasinglulu }; 324*91f16700Schasinglulu }; 325*91f16700Schasinglulu 326*91f16700SchasingluluFuture update to chain of trust binding 327*91f16700Schasinglulu--------------------------------------- 328*91f16700Schasinglulu 329*91f16700SchasingluluThis binding document needs to be revisited to generalise some terminologies 330*91f16700Schasingluluwhich are currently specific to X.509 certificates for e.g. Object IDs. 331*91f16700Schasinglulu 332*91f16700Schasinglulu*Copyright (c) 2020, Arm Limited. All rights reserved.* 333