diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-06 20:52:49 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-06 20:52:49 +0000 |
| commit | 1d4a3be615bde2ff311fece1ab3225cb0a0cb65d (patch) | |
| tree | 76d9e0cabe45c1ed6d9ea87a5deb9c75c4345653 /docs/design/auth-framework.rst | |
| parent | 3397754200ec130e8c0ca9e25d47dd2db6350493 (diff) | |
| parent | 780068d4eec8e880d55d58eb348bee2d71580e83 (diff) | |
| download | platform_external_arm-trusted-firmware-1d4a3be615bde2ff311fece1ab3225cb0a0cb65d.tar.gz platform_external_arm-trusted-firmware-1d4a3be615bde2ff311fece1ab3225cb0a0cb65d.tar.bz2 platform_external_arm-trusted-firmware-1d4a3be615bde2ff311fece1ab3225cb0a0cb65d.zip | |
Merge '5f62213e684dbea03b5a2bb732405a03ccc1a815' into master am: 5dfd96a0b3 am: 780068d4ee
Change-Id: Ib5aa59c512fa91a23f84e24cc87b301d27e0e4e8
Diffstat (limited to 'docs/design/auth-framework.rst')
| -rw-r--r-- | docs/design/auth-framework.rst | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index da958b7c2..93f691b7b 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -637,9 +637,9 @@ all CoTs must present: The TBBR specifies the additional certificates that must accompany these images for a proper authentication. Details about the TBBR CoT may be found in the -`Trusted Board Boot`_ document. +:ref:`Trusted Board Boot` document. -Following the `Platform Porting Guide`_, a platform must provide unique +Following the :ref:`Porting Guide`, a platform must provide unique identifiers for all the images and certificates that will be loaded during the boot process. If a platform is using the TBBR as a reference for trusted boot, these identifiers can be obtained from ``include/common/tbbr/tbbr_img_def.h``. @@ -704,7 +704,7 @@ Each image descriptor must specify: In the ``tbbr_cot.c`` file, a set of buffers are allocated to store the parameters extracted from the certificates. In the case of the TBBR CoT, these parameters -are hashes and public keys. In DER format, an RSA-2048 public key requires 294 +are hashes and public keys. In DER format, an RSA-4096 public key requires 550 bytes, and a hash requires 51 bytes. Depending on the CoT and the authentication process, some of the buffers may be reused at different stages during the boot. @@ -946,12 +946,16 @@ three functions: int verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); -The mbedTLS library algorithm support is configured by the -``TF_MBEDTLS_KEY_ALG`` variable which can take in 3 values: `rsa`, `ecdsa` or -`rsa+ecdsa`. This variable allows the Makefile to include the corresponding -sources in the build for the various algorithms. Setting the variable to -`rsa+ecdsa` enables support for both rsa and ecdsa algorithms in the mbedTLS -library. +The mbedTLS library algorithm support is configured by both the +``TF_MBEDTLS_KEY_ALG`` and ``TF_MBEDTLS_KEY_SIZE`` variables. + +- ``TF_MBEDTLS_KEY_ALG`` can take in 3 values: `rsa`, `ecdsa` or `rsa+ecdsa`. + This variable allows the Makefile to include the corresponding sources in + the build for the various algorithms. Setting the variable to `rsa+ecdsa` + enables support for both rsa and ecdsa algorithms in the mbedTLS library. + +- ``TF_MBEDTLS_KEY_SIZE`` sets the supported RSA key size for TFA. Valid values + include 1024, 2048, 3072 and 4096. .. note:: If code size is a concern, the build option ``MBEDTLS_SHA256_SMALLER`` can @@ -963,6 +967,4 @@ library. *Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.* -.. _Trusted Board Boot: ./trusted-board-boot.rst -.. _Platform Porting Guide: ../getting_started/porting-guide.rst .. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a |