Hi Bin Wu,

Thanks for coming up with this question. As per the below signature verification code, you raised a valid point that signature gets verified before ROTPK hash verification.

1. Get ROTPK hash from the platform (Using platform implemented method e.g., HW register). 2. Extract ROTPK from the image itself. 3. Use ROTPK to verify the image signature. 4. Calculate the hash of ROTPK and compare it against the hash received in step[1].

But we can't see any concern as the system fails to boot anyways at step [4] if the ROTPK gets corrupted.

Regards Manish Badarkhe From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of 吴斌(郅隆) via TF-A tf-a@lists.trustedfirmware.org Date: Friday, 29 January 2021 at 07:55 To: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: [TF-A] PK hash verify after signature virified

Hi All,

I am studying tbbr module in ATF recenlty. I have a little confusion about the ROTPK hash verify flow.

In ATF current implementation, we will verify the signature first, then verify the ROTPK hash. But in my understanding, we should verify ROTPK first then verify signature.

So, what is the consideration that we use current flow in ATF?

Thanks for you patience

BRs， Bin Wu