8 Mar
2023
8 Mar
'23
11:27 a.m.
As far as ARM CCA is concerned, currently RSS supports only measured boot and delegated attestation (fetching DAK and CCA platform attestation token) interfaces. The Arm CCA Security Model 1.0 mentions that if a Realm wants to implement a persistent secure storage, the platform should deliver binding keys for local protection of persistent Realm assets.
Is there any ARM CCA specification that explains how this key should be derived? Are there any plans to implement such functionality in RSS?
Kind regards, Peter