aboutsummaryrefslogtreecommitdiff
path: root/docs/resources/diagrams/plantuml/fip-secure-partitions.puml
blob: 9457e326aad45c8fe4204482c27e8edf818bb25c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/'
 ' Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
 '
 ' SPDX-License-Identifier: BSD-3-Clause
 '/

@startuml

folder SP_vendor_1 {
 artifact sp_binary_1
 artifact sp_manifest_1 [
 sp_manifest_1
 ===
 UUID = xxx
 load_address = 0xaaa
 owner = "Sip"
 ...
 ]
}

folder SP_vendor_2 {
 artifact sp_binary_2
 artifact sp_manifest_2 [
 sp_manifest_2
 ===
 UUID = yyy
 load_address = 0xbbb
 owner = "Plat"
 ]
}

artifact tb_fw_config.dts [
 tb_fw_config.dts
 ----
 secure-partitions
 ===
 spkg_1 UUID
 spkg_1 load_address
 ---
 spkg_2 UUID
 spkg_2 load_address
 ---
 ...
 ===
 ...<rest of the nodes>
]

artifact config.json [
 SP_LAYOUT.json
 ===
 path to sp_binary_1
 path to sp_manifest_1
 ---
 path to sp_binary_2
 path to sp_manifest_2
 ---
 ...
]

control sp_mk_generator

artifact sp_gen [
 sp_gen.mk
 ===
 FDT_SOURCE = ...
 SPTOOL_ARGS = ...
 FIP_ARGS = ...
 CRT_ARGS = ...
]

control dtc
control sptool

artifact tb_fw_config.dtb

artifact spkg_1 [
 sp1.pkg
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
]

artifact spkg_2 [
 sp2.pkg
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
]

artifact signed_tb_fw_config.dtb [
 tb_fw_config.dtb (signed)
]

artifact signed_spkg_1 [
 sp1.pkg (signed)
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
 ---
 <i>signature</I>
]

artifact signed_spkg_2 [
 sp2.pkg (signed)
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
 ---
 <i>signature</I>
]

control crttool
control fiptool

artifact fip [
 fip.bin
 ===
 tb_fw_config.dtb (signed)
 ---
 ...
 ---
 sp1.pkg  (signed & SiP owned)
 ---
 sp2.pkg  (signed & Platform owned)
 ---
 ...
]

config.json .up.> SP_vendor_1
config.json .up.> SP_vendor_2
config.json --> sp_mk_generator
sp_mk_generator --> sp_gen
sp_gen --> fiptool
sp_gen --> cert_create
sp_gen --> sptool

sptool --> spkg_1
sptool --> spkg_2

spkg_1 --> cert_create
spkg_2 --> cert_create
cert_create --> signed_spkg_1
cert_create --> signed_spkg_2

tb_fw_config.dts --> dtc
dtc --> tb_fw_config.dtb
tb_fw_config.dtb --> cert_create
cert_create --> signed_tb_fw_config.dtb

signed_tb_fw_config.dtb --> fiptool
signed_spkg_1 -down-> fiptool
signed_spkg_2 -down-> fiptool
fiptool -down-> fip

@enduml