https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&feed=atom&action=history
TF-A BL2 Trusted Board Boot - Revision history
2024-03-28T21:47:23Z
Revision history for this page on the wiki
MediaWiki 1.31.16
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=91376&oldid=prev
Lionel Debieve at 09:12, 28 March 2023
2023-03-28T09:12:57Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 09:12, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l30" >Line 30:</td>
<td colspan="2" class="diff-lineno">Line 30:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Both certificates contain a non-volatile counter value that can be used for anti-rollback protection.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Both certificates contain a non-volatile counter value that can be used for anti-rollback protection.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>TF-A BL2 implements a default certificate chain to describe the PKI topology. It <del class="diffchange diffchange-inline">uses </del>the {{DocSource | domain=TF-A | path=components/fconf/index.html | text=firmware configuration framework}} to register into TF-A BL2 the chaining implementation based on</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>TF-A BL2 implements a default certificate chain to describe the PKI topology <ins class="diffchange diffchange-inline">defined in {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}</ins>. It <ins class="diffchange diffchange-inline">is used by </ins>the {{DocSource | domain=TF-A | path=components/fconf/index.html | text=firmware configuration framework}} to register into TF-A BL2 the chaining implementation based on <ins class="diffchange diffchange-inline">generic CoT DTSI file</ins>. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}. <ins class="diffchange diffchange-inline">STM32MPU platforms use a specific STM32MPU device tree </ins>{{<ins class="diffchange diffchange-inline">CodeSource </ins>| <ins class="diffchange diffchange-inline">TF</ins>-<ins class="diffchange diffchange-inline">A </ins>| <ins class="diffchange diffchange-inline">fdts</ins>/<ins class="diffchange diffchange-inline">stm32mp1-cot</ins>-<ins class="diffchange diffchange-inline">descriptors</ins>.<ins class="diffchange diffchange-inline">dtsi}} which described a specific topology for ST needs described in the following chapter</ins>. <ins class="diffchange diffchange-inline">Based </ins>on <ins class="diffchange diffchange-inline">this example, </ins>the <ins class="diffchange diffchange-inline">PKI topology can be customized by customers</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}</del>. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>{{<del class="diffchange diffchange-inline">ReviewsComments</del>|-<del class="diffchange diffchange-inline">- [[User:Etienne Carriere</del>|<del class="diffchange diffchange-inline">Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br </del>/<del class="diffchange diffchange-inline">> ''STM32MP'' that should be removed here?</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">'''</del>-<del class="diffchange diffchange-inline">''' ''</del>..<del class="diffchange diffchange-inline">.register into TF-A BL2 the chaining implementation based </del>on <del class="diffchange diffchange-inline">STM32MP device tree include /ref/.''</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">'''+''' ''...register into TF-A BL2 </del>the <del class="diffchange diffchange-inline">chaining implementation based on generic CoT DTSI file /ref/</del>.<del class="diffchange diffchange-inline">'' }}</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l101" >Line 101:</td>
<td colspan="2" class="diff-lineno">Line 95:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>On STM32MP1, [[TAMP_internal_peripheral|TAMP]] monotonic counter is used to store the backup value, which requires backup battery to maintain the content.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>On STM32MP1, [[TAMP_internal_peripheral|TAMP]] monotonic counter is used to store the backup value, which requires backup battery to maintain the content.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />For design where backup battery is not present, the anti-rollback mechanism cannot work because TAMP monotonic counter is reset as soon as VDD is switched off}}</del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>It is mandatory to align the same value between trusted and non-trusted value as only one counter is used as reference.<del class="diffchange diffchange-inline">{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />what ctm has to do here ? what does it imply? This is unclear.}}</del></div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>It is mandatory to align the same value between trusted and non-trusted value as only one counter is used as reference. This implies generating the certificate version number for each FIP image must match the common platform unique TAMP rollback counter. That is using the same argument value for options <ins class="diffchange diffchange-inline">[[#STM32_MPU_build_options|</ins>--tfw-nvctr<ins class="diffchange diffchange-inline">]] </ins>and <ins class="diffchange diffchange-inline">[[#STM32_MPU_build_options|</ins>--ntfw-nvctr<ins class="diffchange diffchange-inline">]] </ins>when generating the authenticated FIP image.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 12:13, 13 February 2023 (CET)<br /> </del>This implies <del class="diffchange diffchange-inline">one </del>generating the certificate version number for each FIP image must match the common platform unique TAMP rollback counter. That is using the same argument value for options <del class="diffchange diffchange-inline">''</del>--tfw-nvctr<del class="diffchange diffchange-inline">'' </del>and <del class="diffchange diffchange-inline">''</del>--ntfw-nvctr<del class="diffchange diffchange-inline">'' </del>when generating the authenticated FIP image<del class="diffchange diffchange-inline">, see section "5.6 STM32 MPU build options"</del>. <del class="diffchange diffchange-inline">}}</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== STM32 firmware encryption ===</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== STM32 firmware encryption ===</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90604:rev-91376 -->
</table>
Lionel Debieve
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90604&oldid=prev
Etienne Carriere: /* Non-volatile counters */ add review comment
2023-02-13T11:19:52Z
<p><span dir="auto"><span class="autocomment">Non-volatile counters: </span> add review comment</span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 11:19, 13 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l103" >Line 103:</td>
<td colspan="2" class="diff-lineno">Line 103:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />For design where backup battery is not present, the anti-rollback mechanism cannot work because TAMP monotonic counter is reset as soon as VDD is switched off}}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />For design where backup battery is not present, the anti-rollback mechanism cannot work because TAMP monotonic counter is reset as soon as VDD is switched off}}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>It is mandatory to align the same value between trusted and non-trusted value as only one counter is used as reference.{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />what ctm has to do here ? what does it imply? This is unclear.}}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>It is mandatory to align the same value between trusted and non-trusted value as only one counter is used as reference.{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />what ctm has to do here ? what does it imply? This is unclear.}}</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 12:13, 13 February 2023 (CET)<br /> This implies one generating the certificate version number for each FIP image must match the common platform unique TAMP rollback counter. That is using the same argument value for options ''--tfw-nvctr'' and ''--ntfw-nvctr'' when generating the authenticated FIP image, see section "5.6 STM32 MPU build options". }}</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== STM32 firmware encryption ===</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== STM32 firmware encryption ===</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90490:rev-90604 -->
</table>
Etienne Carriere
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90490&oldid=prev
Etienne Carriere: /* Chain of Trust (CoT) */
2023-02-02T09:14:09Z
<p><span dir="auto"><span class="autocomment">Chain of Trust (CoT)</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 09:14, 2 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l35" >Line 35:</td>
<td colspan="2" class="diff-lineno">Line 35:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br /> ''STM32MP'' that should be removed here?</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br /> ''STM32MP'' that should be removed here?</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''-''' ''...register into TF-A BL2 the chaining implementation based on STM32MP device tree include /ref/.''</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''-''' ''...register into TF-A BL2 the chaining implementation based on STM32MP device tree include /ref/.''</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''+''' ''...register into TF-A BL2 the chaining implementation based on generic CoT DTSI file /ref/.'' }}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''+''' ''...register into TF-A BL2 the chaining implementation based on generic CoT DTSI file /ref/.'' }}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90489:rev-90490 -->
</table>
Etienne Carriere
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90489&oldid=prev
Etienne Carriere: /* Chain of Trust (CoT) */
2023-02-02T09:13:49Z
<p><span dir="auto"><span class="autocomment">Chain of Trust (CoT)</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 09:13, 2 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l34" >Line 34:</td>
<td colspan="2" class="diff-lineno">Line 34:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br /> ''STM32MP'' that should be removed here?</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br /> ''STM32MP'' that should be removed here?</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''-''' ''...register into TF-A BL2 the chaining implementation based on STM32MP device tree include <ins class="diffchange diffchange-inline">/</ins>ref<ins class="diffchange diffchange-inline">/</ins>.'<ins class="diffchange diffchange-inline">'</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>'''-''' ''...register into TF-A BL2 the chaining implementation based on STM32MP device tree include <del class="diffchange diffchange-inline"><</del>ref<del class="diffchange diffchange-inline">></del>.'</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''+''' ''...register into TF-A BL2 the chaining implementation based on generic CoT DTSI file <ins class="diffchange diffchange-inline">/</ins>ref<ins class="diffchange diffchange-inline">/</ins>.'' }}</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>'''+''' ''...register into TF-A BL2 the chaining implementation based on generic CoT DTSI file <del class="diffchange diffchange-inline"><</del>ref<del class="diffchange diffchange-inline">></del>.''</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90488:rev-90489 -->
</table>
Etienne Carriere
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90488&oldid=prev
Etienne Carriere: /* Chain of Trust (CoT) */ update comment
2023-02-02T09:12:11Z
<p><span dir="auto"><span class="autocomment">Chain of Trust (CoT): </span> update comment</span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 09:12, 2 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l33" >Line 33:</td>
<td colspan="2" class="diff-lineno">Line 33:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br /> <del class="diffchange diffchange-inline">Wrong DTSI ref above: </del>''<del class="diffchange diffchange-inline">fdts/cot_descriptors.dtsi</del>''<del class="diffchange diffchange-inline">. It </del>should be '''<del class="diffchange diffchange-inline">''stm32mp1</del>-<del class="diffchange diffchange-inline">cot-descriptors.dtsi</del>'''''  </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 10:00, 2 February 2023 (CET)<br /> ''<ins class="diffchange diffchange-inline">STM32MP</ins>'' <ins class="diffchange diffchange-inline">that </ins>should be <ins class="diffchange diffchange-inline">removed here?</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">''"</del>STM32MP device tree include .<del class="diffchange diffchange-inline">.."</del>'' <del class="diffchange diffchange-inline">could be rephrased </del>''<del class="diffchange diffchange-inline">"STM32MP </del>DTSI file .<del class="diffchange diffchange-inline">.."</del>'' }}</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''-''' ''<ins class="diffchange diffchange-inline">...register into TF-A BL2 the chaining implementation based on </ins>STM32MP device tree include <ins class="diffchange diffchange-inline"><ref></ins>.<ins class="diffchange diffchange-inline">'</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">'''+'</ins>'' ''<ins class="diffchange diffchange-inline">...register into TF-A BL2 the chaining implementation based on generic CoT </ins>DTSI file <ins class="diffchange diffchange-inline"><ref></ins>.''</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90487:rev-90488 -->
</table>
Etienne Carriere
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90487&oldid=prev
Etienne Carriere: /* Chain of Trust (CoT) */
2023-02-02T09:04:53Z
<p><span dir="auto"><span class="autocomment">Chain of Trust (CoT)</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 09:04, 2 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l33" >Line 33:</td>
<td colspan="2" class="diff-lineno">Line 33:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) <del class="diffchange diffchange-inline">14</del>:<del class="diffchange diffchange-inline">20</del>, <del class="diffchange diffchange-inline">20 January </del>2023 (CET)<br /> Wrong DTSI ref above: ''fdts/cot_descriptors.dtsi''. It should be '''''stm32mp1-cot-descriptors.dtsi'''''  </div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) <ins class="diffchange diffchange-inline">10</ins>:<ins class="diffchange diffchange-inline">00</ins>, <ins class="diffchange diffchange-inline">2 February </ins>2023 (CET)<br /> Wrong DTSI ref above: ''fdts/cot_descriptors.dtsi''. It should be '''''stm32mp1-cot-descriptors.dtsi'''''  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>''"STM32MP device tree include ..."'' could be rephrased ''"STM32MP DTSI file ..."'' }}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>''"STM32MP device tree include ..."'' could be rephrased ''"STM32MP DTSI file ..."'' }}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90486:rev-90487 -->
</table>
Etienne Carriere
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90486&oldid=prev
Etienne Carriere: /* Chain of Trust (CoT) */ comment: bad ref
2023-02-02T09:03:58Z
<p><span dir="auto"><span class="autocomment">Chain of Trust (CoT): </span> comment: bad ref</span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 09:03, 2 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l32" >Line 32:</td>
<td colspan="2" class="diff-lineno">Line 32:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>TF-A BL2 implements a default certificate chain to describe the PKI topology. It uses the {{DocSource | domain=TF-A | path=components/fconf/index.html | text=firmware configuration framework}} to register into TF-A BL2 the chaining implementation based on</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>TF-A BL2 implements a default certificate chain to describe the PKI topology. It uses the {{DocSource | domain=TF-A | path=components/fconf/index.html | text=firmware configuration framework}} to register into TF-A BL2 the chaining implementation based on</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>STM32MP device tree include {{CodeSource | TF-A | fdts/cot_descriptors.dtsi}}. It describes the chain of trust following the specified {{DocSource | domain=TF-A | path=components/cot-binding.html | text=bindings}}.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{{ReviewsComments|-- [[User:Etienne Carriere|Etienne Carriere]] ([[User talk:Etienne Carriere|talk]]) 14:20, 20 January 2023 (CET)<br /> Wrong DTSI ref above: ''fdts/cot_descriptors.dtsi''. It should be '''''stm32mp1-cot-descriptors.dtsi''''' </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">''"STM32MP device tree include ..."'' could be rephrased ''"STM32MP DTSI file ..."'' }}</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Once generated, all the certificates are part of the [[How_to_configure_TF-A_FIP|FIP]], which are updatable independently.</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90096:rev-90486 -->
</table>
Etienne Carriere
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90096&oldid=prev
Emmanuel Combette: /* Non-volatile counters */
2023-01-03T15:14:50Z
<p><span dir="auto"><span class="autocomment">Non-volatile counters</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 15:14, 3 January 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l96" >Line 96:</td>
<td colspan="2" class="diff-lineno">Line 96:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>On STM32MP1, [[TAMP_internal_peripheral|TAMP]] monotonic counter is used to store the backup value, which requires backup battery to maintain the content.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>On STM32MP1, [[TAMP_internal_peripheral|TAMP]] monotonic counter is used to store the backup value, which requires backup battery to maintain the content.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>It is mandatory to align the same value between trusted and non-trusted value as only one counter is used as reference.</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />For design where backup battery is not present, the anti-rollback mechanism cannot work because TAMP monotonic counter is reset as soon as VDD is switched off}}</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>It is mandatory to align the same value between trusted and non-trusted value as only one counter is used as reference.<ins class="diffchange diffchange-inline">{{ReviewsComments|-- [[User:Emmanuel Combette|Emmanuel Combette]] ([[User talk:Emmanuel Combette|talk]]) 16:14, 3 January 2023 (CET)<br />what ctm has to do here ? what does it imply? This is unclear.}}</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== STM32 firmware encryption ===</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== STM32 firmware encryption ===</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-90095:rev-90096 -->
</table>
Emmanuel Combette
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=90095&oldid=prev
Lionel Debieve: typo correction
2023-01-03T12:48:49Z
<p>typo correction</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 12:48, 3 January 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l92" >Line 92:</td>
<td colspan="2" class="diff-lineno">Line 92:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Each certificate embeds a non-volatile counter value that is checked to control anti-rollback mechanism.<br></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Each certificate embeds a non-volatile counter value that is checked to control anti-rollback mechanism.<br></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>There are two non-volatile counters:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>There are two non-volatile counters:</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">- </del>Trusted non-volatile counter</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>Trusted non-volatile counter</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">- </del>Non trusted volatile counter</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>Non trusted <ins class="diffchange diffchange-inline">non-</ins>volatile counter</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>On STM32MP1, [[TAMP_internal_peripheral|TAMP]] monotonic counter is used to store the backup value, which requires backup battery to maintain the content.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>On STM32MP1, [[TAMP_internal_peripheral|TAMP]] monotonic counter is used to store the backup value, which requires backup battery to maintain the content.</div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-89839:rev-90095 -->
</table>
Lionel Debieve
https://wiki.st.com/stm32mpu/index.php?title=TF-A_BL2_Trusted_Board_Boot&diff=89839&oldid=prev
Jean Christophe Trotin at 10:42, 24 November 2022
2022-11-24T10:42:59Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 10:42, 24 November 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l52" >Line 52:</td>
<td colspan="2" class="diff-lineno">Line 52:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== STM32 MPU implementation==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== STM32 MPU implementation==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== CoT ===</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== CoT ===</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>STM32 MPU is based on the standard Arm<sup>&reg;</sup>TBBR PKI implementation. STM32MPU defines a specific {{CodeSource | TF-A | fdts/stm32mp1-cot-descriptors.<del class="diffchange diffchange-inline">dts</del>}} in the TF-A BL2 device tree board file.</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>STM32 MPU is based on the standard Arm<sup>&reg;</sup>TBBR PKI implementation. STM32MPU defines a specific {{CodeSource | TF-A | fdts/stm32mp1-cot-descriptors.<ins class="diffchange diffchange-inline">dtsi</ins>}} in the TF-A BL2 device tree board file.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><div class="res-img"></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><div class="res-img"></div></td></tr>
<!-- diff cache key sfr_64a7c8501f1d:diff::1.12:old-89217:rev-89839 -->
</table>
Jean Christophe Trotin