commit 388cb2f4e81ef48588d7af3a1498506c8d49d30a
author Harrison Mutai <harrison.mutai@arm.com> Thu May 29 15:05:55 2025 +0000
committer Harrison Mutai <harrison.mutai@arm.com> Fri May 30 13:37:52 2025 +0000
tree 34d11f0f6c5730f43be265c18f7bbc5964ed0197
parent ddb4aee54626a052d0dedcc9c60593bda5489088

docs(fconf): streamline TB_FW_CONFIG bindings

This change simplifies the documentation for TB_FW_CONFIG by removing
outdated or platform-specific bindings and introducing a clear section
referencing the standardized Chain of Trust (CoT) bindings.

Change-Id: I3f3f96ed333a57153bde929fa35863655c30e8ed
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

docs/components/fconf/tb_fw_bindings.rst

diff --git a/docs/components/fconf/tb_fw_bindings.rst b/docs/components/fconf/tb_fw_bindings.rst
index aee3b8d..2a06085 100644
--- a/docs/components/fconf/tb_fw_bindings.rst
+++ b/docs/components/fconf/tb_fw_bindings.rst
@@ -7,28 +7,6 @@
 alongside platform documentation. There is no guarantee of backward
 compatibility with the nodes and properties outlined in this context.
 
-Trusted Boot Firmware Configuration
------------------------------------
-
-- compatible [mandatory]
-   - value type: <string>
-   - Should be the string ``"<plat>,tb_fw"``, where ``<plat>`` is the name of the
-     platform (i.e. ``"arm,tb_fw"``).
-
-- disable_auth [mandatory]
-   - value type: <u32>
-   - Flag used to dynamically disable authentication for development purposes.
-     Has two possible values: 0 or 1. Setting the flag to 1 disables
-     authentication.
-
-- mbedtls_heap_addr [mandatory]
-   - value type: <u64>
-   - Base address of the dynamically allocated Mbed TLS heap. This is given as a placeholder.
-
-- mbedtls_heap_size [mandatory]
-   - value type: <u32>
-   - Size of the Mbed TLS heap.
-
 IO FIP Handles
 --------------
 
@@ -154,6 +132,21 @@
    - A string property representing the name of the owner of the secure
      partition, which may be the silicon or platform provider.
 
+Chain of Trust Descriptors
+--------------------------
+
+If a structure includes a Chain of Trust (CoT) for secure authentication and
+verification, it must conform to the bindings described in the `Chain of Trust
+Bindings`_ document. Specifically, the CoT should be represented using a ``cot``
+node containing ``manifests`` and ``images`` sub-nodes, with certificates,
+images, and non-volatile counters defined as per the specifications therein.
+This ensures compatibility with the authentication framework and supports
+features such as certificate hierarchies, rollback protection, and root-of-trust
+key integration. For full details on required properties and node structure,
+refer to the `Chain of Trust Bindings`_ document.
+
 --------------
 
-*Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.*
+
+.. _Chain of Trust Bindings: ../cot-binding.html