Hi,

In case of no further comment on the proposal I'm planning to merge it by Monday. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1453/

Tamas

-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Tamas Ban via TF-M Sent: 24 September 2019 10:22 To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Re: [TF-M] Design proposal for HW crypto key integration in TF-M secure boot

Hi,

The design proposal about the integration of TF-M secure bootloader (MCUBoot) with HW key(s) are close to finalize: https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1453/

If you are interested in the topic and have a comment / suggestion then please share it.

Tamas

From: Tamas Ban Sent: 03 July 2019 17:50 To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Design proposal for HW crypto key integration in TF-M secure boot

Hi all,

PSA Trusted Boot and Firmware Update specification requires the support of at least one immutable root of trust public key (ROTPK) for firmware verification. It is beneficial to be able to provision these keys during the factory life-cycle of the device independently from any software components. The current key handling solution in TF-M secure boot does not supports this key provisioning process. MCUBoot requires compile time built-in public key(s) for image verification.

The following design proposal addressing this issue: https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1453/

Feel free to add any comments you want on the review!

BR, Tamas