diff options
author | danh-arm <dan.handley@arm.com> | 2016-06-08 16:06:43 +0100 |
---|---|---|
committer | danh-arm <dan.handley@arm.com> | 2016-06-08 16:06:43 +0100 |
commit | ae43c9493d2c6a2a878f3cee0c240c69fe88f130 (patch) | |
tree | 4b6bbc493d577feea0358b8b181c4e7299759472 /docs | |
parent | 174baeed26db653dd59fdcad227e85567dddc045 (diff) | |
parent | 04943d33cf379868a1dfa3971c2c2250526f0670 (diff) |
Merge pull request #642 from soby-mathew/sm/override_rotpk
Allow dynamic overriding of ROTPK verification
Diffstat (limited to 'docs')
-rw-r--r-- | docs/porting-guide.md | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/docs/porting-guide.md b/docs/porting-guide.md index 8b72e758..759761e3 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -631,10 +631,19 @@ In case the function returns a hash of the key: digest OCTET STRING } -The function returns 0 on success. Any other value means the ROTPK could not be -retrieved from the platform. The function also reports extra information related -to the ROTPK in the flags parameter. - +The function returns 0 on success. Any other value is treated as error by the +Trusted Board Boot. The function also reports extra information related +to the ROTPK in the flags parameter: + + ROTPK_IS_HASH : Indicates that the ROTPK returned by the platform is a + hash. + ROTPK_NOT_DEPLOYED : This allows the platform to skip certificate ROTPK + verification while the platform ROTPK is not deployed. + When this flag is set, the function does not need to + return a platform ROTPK, and the authentication + framework uses the ROTPK in the certificate without + verifying it against the platform value. This flag + must not be used in a deployed production environment. ### Function: plat_get_nv_ctr() |