docs/design/auth-framework.rst

224 #. Verify a digital signature.
238                             /* Bit string of the signature in DER format. */
306 the signature to the buffer (a platform specific public key) which
345 #. Digital signature
408    The digital signature will be represented by:
412        signature  ::=  BIT STRING
452    example, The signature of a data image could be appended to the data image
540         AUTH_PARAM_SIG,         /* The image signature */
541         AUTH_PARAM_SIG_ALG,     /* The image signature algorithm */
580      * Parameters for authentication by signature
767       -  ``sig``: the digital signature (obtained from current image)
768       -  ``alg``: the signature algorithm used (obtained from current image)
923 The Trusted Key certificate is authenticated by checking its digital signature
924 using the ROTPK. Four parameters are required to check a signature: the public
925 key, the algorithm, the signature and the data that has been signed. Therefore,
935    the signature from the certificate.
937    extract the signature algorithm from the certificate.
941 Once the signature has been checked and the certificate authenticated, the
948 parameter in the signature authentication method. The key is stored in the
951 The **BL31 Key certificate** is authenticated by checking its digital signature
954 by signature whose public key is the ``trusted_world_pk``. Once this certificate
959 The **BL31 certificate** is authenticated by checking its digital signature
1005 such as verifying a hash or a digital signature.
1026 …- Use mbedTLS to parse the ASN1 inputs, and then use the mbedTLS pk module to verify the signature.
1028 …     import it into the PSA key system and then use ``psa_verify_message`` to verify the signature.