Hi,
I have a question regarding the TBBR implementation for non-volatile counters in TF-A.
While looking through the code and documentation for Trusted Boot authentication options, it was not clear why there are only two non-volatile counters for the Trusted and Non-Trusted worlds (`TRUSTED_FW_NVCOUNTER` and `NON_TRUSTED_FW_NVCOUNTER`). This is true for the Arm DEN0006D specification, but it was retired and ARM DEN0072 is the current specification. Is there any specific reason why there isn't a counter for each authenticated image declared and created by `cert_create` or is the retired specification the only reason? This limits the non-volatile counter extensions for all certificates, meaning that the Trusted OS content certificate for example cannot be authenticated with another extension, unless I add a custom certificate with another non-volatile counter extension and a new command line option.
To quote the ARM DEN0072 TBBR specification [source: https://developer.arm.com/documentation/den0072/latest]: "It is recommended to implement as many version counters as there are images, where each image can use a separate counter without affecting other images. However, the number of rollback counters that can practically be supported is implementation dependent.".
Thank you!