xref: /rk3399_ARM-atf/docs/resources/diagrams/plantuml/rse_attestation_flow.puml (revision a5a5947a283331f5d99ef4be80393c01826d10dd) 
1*a5a5947aSTamas Ban@startuml
2*a5a5947aSTamas Banskinparam ParticipantPadding 10
3*a5a5947aSTamas Banskinparam BoxPadding 10
4*a5a5947aSTamas Banbox AP
5*a5a5947aSTamas Banparticipant RMM
6*a5a5947aSTamas Banparticipant BL31
7*a5a5947aSTamas Banendbox
8*a5a5947aSTamas Banbox RSS
9*a5a5947aSTamas Banparticipant DelegAttest
10*a5a5947aSTamas Banparticipant InitAttest
11*a5a5947aSTamas Banparticipant MeasuredBoot
12*a5a5947aSTamas Banparticipant Crypto
13*a5a5947aSTamas Banendbox
14*a5a5947aSTamas Ban
15*a5a5947aSTamas Ban== RMM Boot phase ==
16*a5a5947aSTamas Ban
17*a5a5947aSTamas BanRMM -> BL31: get_realm_key(\n\t**hash_algo**, ...)
18*a5a5947aSTamas BanBL31 -> DelegAttest: get_delegated_key
19*a5a5947aSTamas BanDelegAttest -> MeasuredBoot: read_measurement
20*a5a5947aSTamas BanRnote over DelegAttest: Compute input\n\ for key derivation\n\ (hash of measurements)
21*a5a5947aSTamas BanDelegAttest -> Crypto: derive_key
22*a5a5947aSTamas BanRnote over DelegAttest: Compute public key\n\ hash with **hash_algo**.
23*a5a5947aSTamas BanRnote over Crypto: Seed is provisioned\n\ in the factory.
24*a5a5947aSTamas BanDelegAttest --> BL31: get_delegated_key
25*a5a5947aSTamas BanBL31 --> RMM: get_realm_key
26*a5a5947aSTamas BanRnote over RMM: Only private key\n\ is returned. Public\n\ key and its hash\n\ must be computed.\n\
27*a5a5947aSTamas BanPublic key is included\n\ in the realm token.\n\ Its hash is the input\n\ for get_platform_token
28*a5a5947aSTamas BanRMM -> BL31: get_platform_token(\n\t**pub_key_hash**, ...)
29*a5a5947aSTamas BanBL31 -> DelegAttest: get_delegated_token
30*a5a5947aSTamas BanRnote over DelegAttest: Check **pub_key_hash**\n\ against derived key.
31*a5a5947aSTamas BanDelegAttest -> InitAttest: get_initial_token
32*a5a5947aSTamas BanRnote over InitAttest: Create the token including\n\ the **pub_key_hash** as the\n\ challenge claim
33*a5a5947aSTamas BanInitAttest -> MeasuredBoot: read_measurement
34*a5a5947aSTamas BanInitAttest -> Crypto: sign_token
35*a5a5947aSTamas BanInitAttest --> DelegAttest:  get_initial_token
36*a5a5947aSTamas BanDelegAttest --> BL31: get_delegated_token
37*a5a5947aSTamas BanBL31 --> RMM: get_platform_token
38*a5a5947aSTamas BanRnote over RMM: Platform token is\n\ cached. It is not\n\ changing within\n\ a power cycle.
39*a5a5947aSTamas Ban@enduml
40