Lines Matching refs:key
27 - The key provisioning scheme: which keys need to programmed into the device
30 - The key ownership model: who owns which key.
44 trusted root-key storage registers. Alternatively, a development ROTPK might
81 vendor owns the ROTPK, the Trusted key and the Non-Trusted Key. Thus, this vendor
86 - **Root of trust key**
88 The private part of this key is used to sign the trusted boot firmware
89 certificate and the trusted key certificate. The public part is the ROTPK.
91 - **Trusted world key**
93 The private part is used to sign the key certificates corresponding to the
95 one of the extension fields in the trusted key certificate.
97 - **Non-trusted world key**
99 The private part is used to sign the key certificate corresponding to the
101 extension fields in the trusted key certificate.
107 in one of the extension fields in the corresponding key certificate.
122 It is self-signed with the private part of the ROT key. It contains a hash of
126 - **Trusted key certificate**
128 It is self-signed with the private part of the ROT key. It contains the
129 public part of the trusted world key and the public part of the non-trusted
130 world key.
132 - **SCP firmware key certificate**
134 It is self-signed with the trusted world key. It contains the public part of
135 the SCP_BL2 key.
139 It is self-signed with the SCP_BL2 key. It contains a hash of the SCP_BL2
142 - **SoC firmware key certificate**
144 It is self-signed with the trusted world key. It contains the public part of
145 the BL31 key.
149 It is self-signed with the BL31 key. It contains hashes of the BL31 image and
152 - **Trusted OS key certificate**
154 It is self-signed with the trusted world key. It contains the public part of
155 the BL32 key.
159 It is self-signed with the BL32 key. It contains hashes of the BL32 image(s)
162 - **Non-trusted firmware key certificate**
164 It is self-signed with the non-trusted world key. It contains the public
165 part of the BL33 key.
169 It is self-signed with the BL33 key. It contains hashes of the BL33 image and
188 domains, each with its own Root of Trust key. In that sense, this CoT has 2
192 it differs on the BL33 image's chain of trust, which is rooted into a new key,
215 - BL1 loads and verifies the BL2 content certificate. The issuer public key is
216 read from the verified certificate. A hash of that key is calculated and
217 compared with the hash of the ROTPK read from the trusted root-key storage
228 - BL2 loads and verifies the trusted key certificate. The issuer public key is
229 read from the verified certificate. A hash of that key is calculated and
230 compared with the hash of the ROTPK read from the trusted root-key storage
238 - BL2 loads and verifies the BL3x key certificate. The certificate signature
239 is verified using the trusted world public key. If the signature
240 verification succeeds, BL2 reads and saves the BL3x public key from the
244 verified using the BL3x public key. If the signature verification succeeds,
249 - BL2 loads and verifies the BL33 key certificate. If the signature
250 verification succeeds, BL2 reads and saves the BL33 public key from the