Hi Rares,
Thank you for your email.
You're right that the TBBR specification (DEN0006D) has been retired, and the default cert_create tool still supports it. However, this doesn't prevent platforms from implementing their own CoT in a customized manner while still using the tool. You can see how a few platforms in TF-A have implemented platform-defined certificates, keys, and extensions in [1] and [2].
Hope this helps.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/6124 [2]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17186
Thanks, Manish Badarkhe ________________________________ From: Rares Constantin via TF-A tf-a@lists.trustedfirmware.org Sent: 10 February 2025 08:42 To: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: [TF-A] TBBR: Question about the available Non Volatile Counters
Hi,
I have a question regarding the TBBR implementation for non-volatile counters in TF-A.
While looking through the code and documentation for Trusted Boot authentication options, it was not clear why there are only two non-volatile counters for the Trusted and Non-Trusted worlds (`TRUSTED_FW_NVCOUNTER` and `NON_TRUSTED_FW_NVCOUNTER`). This is true for the Arm DEN0006D specification, but it was retired and ARM DEN0072 is the current specification. Is there any specific reason why there isn't a counter for each authenticated image declared and created by `cert_create` or is the retired specification the only reason? This limits the non-volatile counter extensions for all certificates, meaning that the Trusted OS content certificate for example cannot be authenticated with another extension, unless I add a custom certificate with another non-volatile counter extension and a new command line option.
To quote the ARM DEN0072 TBBR specification [source: https://developer.arm.com/documentation/den0072/latest]: "It is recommended to implement as many version counters as there are images, where each image can use a separate counter without affecting other images. However, the number of rollback counters that can practically be supported is implementation dependent.".
Thank you! -- TF-A mailing list -- tf-a@lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org