TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 1d6baf4b1e178de4546800b15fd361fbfdb8b765
commit1d6baf4b1e178de4546800b15fd361fbfdb8b765[log] [tgz]
authorJackson Cooper-Driver <jackson.cooper-driver@arm.com>Mon Jun 23 15:47:18 2025 +0100
committerAntonio de Angelis <Antonio.deAngelis@arm.com>Thu Jun 26 08:08:00 2025 +0000
tree33479626ccc0ecc5f175519342a9faadf978d2cf
parent1e9658e9c6bfe7d33082cb713a882c4677245434 [diff]
RSE: Allow CM ROTPK in non-endorsed flow

The non-endorsed provisioning flow (to provision DM ROTPKs late on in SE
state) uses a blob which then subsequently receives the plain data. This
blob can be signed using the CM ROTPK (specifically with the public key
in the blob and the hash of that key in the OTP) and therefore we need
to allow this signing configuration in SE LCS.

Update the ROTPK getter function in the provisioning flow to allow for
this LCS.

Change-Id: I97f506e25dd7dc9bbb5bf8bed913fc44bbac31e3
Signed-off-by: Jackson Cooper-Driver <jackson.cooper-driver@arm.com>
1 file changed
tree: 33479626ccc0ecc5f175519342a9faadf978d2cf
  1. bl1/
  2. bl2/
  3. cmake/
  4. config/
  5. docs/
  6. interface/
  7. lib/
  8. platform/
  9. secure_fw/
  10. tools/
  11. .editorconfig
  12. .gitattributes
  13. .gitignore
  14. .gitreview
  15. .readthedocs.yaml
  16. CMakeLists.txt
  17. dco.txt
  18. Kconfig
  19. Kconfig.bl
  20. Kconfig.misc
  21. license.rst
  22. readme.rst
  23. toolchain_ARMCLANG.cmake
  24. toolchain_CLANG.cmake
  25. toolchain_GNUARM.cmake
  26. toolchain_IARARM.cmake