175093b72SHarrison MutaiTrusted Boot Firmware Configuration bindings 275093b72SHarrison Mutai============================================ 375093b72SHarrison Mutai 475093b72SHarrison MutaiThis document defines the nodes and properties used to define the Trusted-Boot 575093b72SHarrison Mutaifirmware configuration. Platform owners are advised to define shared bindings 675093b72SHarrison Mutaihere. If a binding does not generalize, they should be documented 775093b72SHarrison Mutaialongside platform documentation. There is no guarantee of backward 875093b72SHarrison Mutaicompatibility with the nodes and properties outlined in this context. 975093b72SHarrison Mutai 1075093b72SHarrison MutaiIO FIP Handles 1175093b72SHarrison Mutai-------------- 1275093b72SHarrison Mutai 1375093b72SHarrison Mutai- compatible [mandatory] 1475093b72SHarrison Mutai - value type: <string> 1575093b72SHarrison Mutai - Should be the string ``"<plat>,io-fip-handle"``, where ``<plat>`` is the name of the 1675093b72SHarrison Mutai platform (i.e. ``"arm,io-fip-handle"``). 1775093b72SHarrison Mutai 1875093b72SHarrison Mutai- scp_bl2_uuid [mandatory] 1975093b72SHarrison Mutai - value type: <string> 2075093b72SHarrison Mutai - SCP Firmware SCP_BL2 UUID 2175093b72SHarrison Mutai 2275093b72SHarrison Mutai- bl31_uuid [mandatory] 2375093b72SHarrison Mutai - value type: <string> 2475093b72SHarrison Mutai - EL3 Runtime Firmware BL31 UUID 2575093b72SHarrison Mutai 2675093b72SHarrison Mutai- bl32_uuid [mandatory] 2775093b72SHarrison Mutai - value type: <string> 2875093b72SHarrison Mutai - Secure Payload BL32 (Trusted OS) UUID 2975093b72SHarrison Mutai 3075093b72SHarrison Mutai- bl32_extra1_uuid [mandatory] 3175093b72SHarrison Mutai - value type: <string> 3275093b72SHarrison Mutai - Secure Payload BL32_EXTRA1 (Trusted OS Extra1) UUID 3375093b72SHarrison Mutai 3475093b72SHarrison Mutai- bl32_extra2_uuid [mandatory] 3575093b72SHarrison Mutai - value type: <string> 3675093b72SHarrison Mutai - Secure Payload BL32_EXTRA2 (Trusted OS Extra2) UUID 3775093b72SHarrison Mutai 3875093b72SHarrison Mutai- bl33_uuid [mandatory] 3975093b72SHarrison Mutai - value type: <string> 4075093b72SHarrison Mutai - Non-Trusted Firmware BL33 UUID 4175093b72SHarrison Mutai 4275093b72SHarrison Mutai- hw_cfg_uuid [mandatory] 4375093b72SHarrison Mutai - value type: <string> 4475093b72SHarrison Mutai - HW_CONFIG (e.g. Kernel DT) UUID 4575093b72SHarrison Mutai 4675093b72SHarrison Mutai- soc_fw_cfg_uuid [mandatory] 4775093b72SHarrison Mutai - value type: <string> 4875093b72SHarrison Mutai - SOC Firmware Configuration SOC_FW_CONFIG UUID 4975093b72SHarrison Mutai 5075093b72SHarrison Mutai- tos_fw_cfg_uuid [mandatory] 5175093b72SHarrison Mutai - value type: <string> 5275093b72SHarrison Mutai - Trusted OS Firmware Configuration TOS_FW_CONFIG UUID 5375093b72SHarrison Mutai 5475093b72SHarrison Mutai- nt_fw_cfg_uuid [mandatory] 5575093b72SHarrison Mutai - value type: <string> 5675093b72SHarrison Mutai - Non-Trusted Firmware Configuration NT_FW_CONFIG UUID 5775093b72SHarrison Mutai 5875093b72SHarrison Mutai- cca_cert_uuid [optional] 5975093b72SHarrison Mutai - value type: <string> 6075093b72SHarrison Mutai - CCA Content Certificate UUID 6175093b72SHarrison Mutai 6275093b72SHarrison Mutai- core_swd_cert_uuid [optional] 6375093b72SHarrison Mutai - value type: <string> 6475093b72SHarrison Mutai - Core SWD Key Certificate UUID 6575093b72SHarrison Mutai 6675093b72SHarrison Mutai- plat_cert_uuid [optional] 6775093b72SHarrison Mutai - value type: <string> 6875093b72SHarrison Mutai - Core SWD Key Certificate UUID 6975093b72SHarrison Mutai 7075093b72SHarrison Mutai- t_key_cert_uuid [optional] 7175093b72SHarrison Mutai - value type: <string> 7275093b72SHarrison Mutai - Trusted Key Certificate UUID 7375093b72SHarrison Mutai 7475093b72SHarrison Mutai- scp_fw_key_uuid [optional] 7575093b72SHarrison Mutai - value type: <string> 7675093b72SHarrison Mutai - SCP Firmware Key UUID 7775093b72SHarrison Mutai 7875093b72SHarrison Mutai- soc_fw_key_uuid [optional] 7975093b72SHarrison Mutai - value type: <string> 8075093b72SHarrison Mutai - SOC Firmware Key UUID 8175093b72SHarrison Mutai 8275093b72SHarrison Mutai- tos_fw_key_cert_uuid [optional] 8375093b72SHarrison Mutai - value type: <string> 8475093b72SHarrison Mutai - TOS Firmware Key UUID 8575093b72SHarrison Mutai 8675093b72SHarrison Mutai- nt_fw_key_cert_uuid [optional] 8775093b72SHarrison Mutai - value type: <string> 8875093b72SHarrison Mutai - Non-Trusted Firmware Key UUID 8975093b72SHarrison Mutai 9075093b72SHarrison Mutai- scp_fw_content_cert_uuid [optional] 9175093b72SHarrison Mutai - value type: <string> 9275093b72SHarrison Mutai - SCP Firmware Content Certificate UUID 9375093b72SHarrison Mutai 9475093b72SHarrison Mutai- soc_fw_content_cert_uuid [optional] 9575093b72SHarrison Mutai - value type: <string> 9675093b72SHarrison Mutai - SOC Firmware Content Certificate UUID 9775093b72SHarrison Mutai 9875093b72SHarrison Mutai- tos_fw_content_cert_uuid [optional] 9975093b72SHarrison Mutai - value type: <string> 10075093b72SHarrison Mutai - TOS Firmware Content Certificate UUID 10175093b72SHarrison Mutai 10275093b72SHarrison Mutai- nt_fw_content_cert_uuid [optional] 10375093b72SHarrison Mutai - value type: <string> 10475093b72SHarrison Mutai - Non-Trusted Firmware Content Certificate UUID 10575093b72SHarrison Mutai 10675093b72SHarrison Mutai- plat_sp_content_cert_uuid [optional] 10775093b72SHarrison Mutai - value type: <string> 10875093b72SHarrison Mutai - Platform Secure Partition Content Certificate UUID 10975093b72SHarrison Mutai 11075093b72SHarrison Mutai 11175093b72SHarrison MutaiSecure Partitions 11275093b72SHarrison Mutai----------------- 11375093b72SHarrison Mutai 11475093b72SHarrison Mutai- compatible [mandatory] 11575093b72SHarrison Mutai - value type: <string> 11675093b72SHarrison Mutai - Should be the string ``"<plat>,sp"``, where ``<plat>`` is the name of the 11775093b72SHarrison Mutai platform (i.e. ``"arm,sp"``). 11875093b72SHarrison Mutai 11975093b72SHarrison Mutai- uuid [mandatory] 12075093b72SHarrison Mutai - value type: <string> 12175093b72SHarrison Mutai - A string identifying the UUID of the service implemented by this partition. 12275093b72SHarrison Mutai The UUID format is described in RFC 4122. 12375093b72SHarrison Mutai 12475093b72SHarrison Mutai- load-address [mandatory] 12575093b72SHarrison Mutai - value type: <u32> 12675093b72SHarrison Mutai - Physical base address of the partition in memory. Absence of this field 12775093b72SHarrison Mutai indicates that the partition is position independent and can be loaded at 12875093b72SHarrison Mutai any address chosen at boot time. 12975093b72SHarrison Mutai 13075093b72SHarrison Mutai- owner [optional] 13175093b72SHarrison Mutai - value type: <string> 13275093b72SHarrison Mutai - A string property representing the name of the owner of the secure 13375093b72SHarrison Mutai partition, which may be the silicon or platform provider. 13475093b72SHarrison Mutai 135388cb2f4SHarrison MutaiChain of Trust Descriptors 136388cb2f4SHarrison Mutai-------------------------- 137388cb2f4SHarrison Mutai 138388cb2f4SHarrison MutaiIf a structure includes a Chain of Trust (CoT) for secure authentication and 139*854d199bSGovindraj Rajaverification, it must conform to the bindings described in the :ref:`Chain of Trust 140*854d199bSGovindraj RajaBindings` document. Specifically, the CoT should be represented using a ``cot`` 141388cb2f4SHarrison Mutainode containing ``manifests`` and ``images`` sub-nodes, with certificates, 142388cb2f4SHarrison Mutaiimages, and non-volatile counters defined as per the specifications therein. 143388cb2f4SHarrison MutaiThis ensures compatibility with the authentication framework and supports 144388cb2f4SHarrison Mutaifeatures such as certificate hierarchies, rollback protection, and root-of-trust 145388cb2f4SHarrison Mutaikey integration. For full details on required properties and node structure, 146*854d199bSGovindraj Rajarefer to the :ref:`Chain of Trust Bindings` document. 147388cb2f4SHarrison Mutai 14875093b72SHarrison Mutai-------------- 14975093b72SHarrison Mutai 150388cb2f4SHarrison Mutai*Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.* 151