Hello all,
As you may know, the Trusted Board Boot (TBB) code relies on the platform to define a chain of trust (CoT). Today, the only example of CoT present in the code base is the one used on Arm platforms, which is described:
- in the TBBR specification [1]. - in the TF-A documentation [2] [3].
The entire TBBR CoT is built upon the root-of-trust public key (ROTPK), which is used to authenticate all subsequent firmware binaries and certificates, either directly or indirectly through some intermediate certificates.
The TBBR CoT is only one example of a possible certificate chain and key ownership model. It might not suit all platforms and market segments but the TBBR implementation in TF-A leaves some freedom for other CoTs.
Today, we are publishing some proof-of-concept code that shows one way the existing TBBR CoT may be modified in order to detach the BL33 image from the rest of the CoT. This effectively splits it into 2 CoTs:
- 1 CoT for all secure world images (BL2, BL31, BL32). - 1 CoT for the normal world bootloader (BL33).
If you are interested, please have a look at the related patch as well as the companion documentation:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2443 https://developer.trustedfirmware.org/w/tf_a/poc-multiple-signing-domains/
Note that at this stage, this is only prototype code and we do not plan to integrate it in the code base as is, because it does not implement what we would consider as a clean solution and uses a number of workarounds. We are considering cleaning this patch up and providing it as an alternate CoT on FVP platform in the future.
For now, the intent is to provide some material, which we can base a discussion on. We're hoping to gather feedback from interested parties on the suitability of this approach.
Regards, Sandrine
[1] https://developer.arm.com/docs/den0006/d/trusted-board-boot-requirements-cli... (see page 21)
[2] https://trustedfirmware-a.readthedocs.io/en/latest/design/trusted-board-boot...
[3] https://trustedfirmware-a.readthedocs.io/en/latest/design/auth-framework.htm...
tf-a@lists.trustedfirmware.org
-
Sandrine Bailleux