trusted-board-boot.rst - OpenGrok cross reference for /arm-trusted-firmware-2.8.0/docs/design/trusted-board-boot.rst

Lines Matching refs:in
11 Arm DEN0006D. It should be used in conjunction with the
21 -  A SHA-256 hash of the Root of Trust Public Key (ROTPK). It is stored in the
26 -  The BL1 image, on the assumption that it resides in ROM so cannot be
29 The remaining components in the CoT are either certificates or boot loader
47 extension fields in the `X.509 v3`_ certificates.
59    secure world images (SCP_BL2, BL31 and BL32). The public part is stored in
60    one of the extension fields in the trusted world certificate.
65    non secure world image (BL33). The public part is stored in one of the
66    extension fields in the trusted world certificate.
72    in one of the extension fields in the corresponding key certificate.
74 The following images are included in the CoT:
191 BL1 and BL2 code, and in tool code on the host build machine. The feature is
192 enabled through use of specific build flags as described in
195 On the host machine, a tool generates the certificates, which are included in
196 the FIP along with the boot loader images. These certificates are loaded in
198 Authentication module included in TF-A.
201 described in the following sections.
206 The authentication framework included in TF-A provides support to implement
208 implement the boot requirements specified in the
211 More information about the authentication framework can be found in the
219 and keys as inputs (keys must be in PEM format) and generates the
220 certificates (in DER format) required to establish the CoT. New keys can be
221 generated by the tool in case they are not provided. The certificates are then
224 The certificates are also stored individually in the output build directory.
226 The tool resides in the ``tools/cert_create`` directory. It uses the OpenSSL SSL
228 library that is required is given in the :ref:`Prerequisites` document.
236 The authenticated encryption framework included in TF-A provides support to
239 R060_TBBR_FUNCTION as specified in the `Trusted Board Boot Requirements (TBBR)`_
250 The encrypted firmwares are also stored individually in the output build
253 The tool resides in the ``tools/encrypt_fw`` directory. It uses OpenSSL SSL
255 Instructions for building and using the tool can be found in the