Hi Xin,

I my opion, it should base on product lifecyle phase.
In development phase, the SW engineer can use dev ROT keys & certificates. ATF have tools to generate them.
In deployment stage, use KMI to manage keys&certificates are more better.


BRs,Ben


Xin.Xu--- via TF-A<tf-a@lists.trustedfirmware.org> 在2022-10-19 周三 23:56写道:

product ROT private key is controlled by KMI team.

our plan is
(1) SW build engineer builds  tf-a with a temporary development ROT key, save all other generated keys
(2) remove fip image and all certificates built, send build images and generated keys to KMI team
(3) KMI team uses cert_create to re-generate all certificates with product ROTK
(4) KMI team sends all images, certificates, ROTPK hash to SW build engineer
(5)  SW build engineer uses fiptool to generate final fip image

my question: is there a better way to deal with this situation? (SW build engineer doesn't have control of ROT key)

Thanks

-Xin
--
TF-A mailing list -- tf-a@lists.trustedfirmware.org
To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org