€•:Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œdocutils.nodes”Œsubstitution_definition”“”)”}”(hŒ&.. |AArch32| replace:: :term:`AArch32`”h]”hŒpending_xref”“”)”}”(hŒ:term:`AArch32`”h]”h Œinline”“”)”}”(hhh]”h ŒText”“”ŒAArch32”…””}”(hhŒparent”hubaŒ attributes”}”(Œids”]”Œclasses”]”(Œxref”Œstd”Œstd-term”eŒnames”]”Œdupnames”]”Œbackrefs”]”uŒtagname”hh!hubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”Œdesign/auth-framework”Œ refdomain”h)Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆŒ reftarget”ŒAArch32”uh1hŒsource”Œ”Œline”Kh!hubah"}”(h$]”h&]”h+]”ŒAArch32”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ&.. |AArch64| replace:: :term:`AArch64`”h]”h)”}”(hŒ:term:`AArch64`”h]”h)”}”(hhQh]”hŒAArch64”…””}”(hhh!hSubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!hOubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”h]Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒAArch64”uh1hhAhBhCKh!hKubah"}”(h$]”h&]”h+]”ŒAArch64”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |AMU| replace:: :term:`AMU`”h]”h)”}”(hŒ:term:`AMU`”h]”h)”}”(hh|h]”hŒAMU”…””}”(hhh!h~ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!hzubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”hˆŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒAMU”uh1hhAhBhCKh!hvubah"}”(h$]”h&]”h+]”ŒAMU”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ&.. |AMUs| replace:: :term:`AMUs `”h]”h)”}”(hŒ:term:`AMUs `”h]”h)”}”(hh§h]”hŒAMUs”…””}”(hhh!h©ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!h¥ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”h³Œreftype”Œterm”Œrefexplicit”ˆŒrefwarn”ˆh?ŒAMU”uh1hhAhBhCKh!h¡ubah"}”(h$]”h&]”h+]”ŒAMUs”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |API| replace:: :term:`API`”h]”h)”}”(hŒ:term:`API`”h]”h)”}”(hhÒh]”hŒAPI”…””}”(hhh!hÔubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!hÐubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”hÞŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒAPI”uh1hhAhBhCKh!hÌubah"}”(h$]”h&]”h+]”ŒAPI”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |BTI| replace:: :term:`BTI`”h]”h)”}”(hŒ:term:`BTI`”h]”h)”}”(hhýh]”hŒBTI”…””}”(hhh!hÿubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!hûubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒBTI”uh1hhAhBhCKh!h÷ubah"}”(h$]”h&]”h+]”ŒBTI”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |CoT| replace:: :term:`CoT`”h]”h)”}”(hŒ:term:`CoT`”h]”h)”}”(hj(h]”hŒCoT”…””}”(hhh!j*ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j&ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j4Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒCoT”uh1hhAhBhCKh!j"ubah"}”(h$]”h&]”h+]”ŒCoT”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |COT| replace:: :term:`COT`”h]”h)”}”(hŒ:term:`COT`”h]”h)”}”(hjSh]”hŒCOT”…””}”(hhh!jUubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jQubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j_Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒCOT”uh1hhAhBhCKh!jMubah"}”(h$]”h&]”h+]”ŒCOT”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |CSS| replace:: :term:`CSS`”h]”h)”}”(hŒ:term:`CSS`”h]”h)”}”(hj~h]”hŒCSS”…””}”(hhh!j€ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j|ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŠŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒCSS”uh1hhAhBhCK h!jxubah"}”(h$]”h&]”h+]”ŒCSS”ah-]”h/]”uh1h hAhBhCK h!hhhubh)”}”(hŒ.. |CVE| replace:: :term:`CVE`”h]”h)”}”(hŒ:term:`CVE`”h]”h)”}”(hj©h]”hŒCVE”…””}”(hhh!j«ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j§ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jµŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒCVE”uh1hhAhBhCK h!j£ubah"}”(h$]”h&]”h+]”ŒCVE”ah-]”h/]”uh1h hAhBhCK h!hhhubh)”}”(hŒ.. |DTB| replace:: :term:`DTB`”h]”h)”}”(hŒ:term:`DTB`”h]”h)”}”(hjÔh]”hŒDTB”…””}”(hhh!jÖubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÒubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jàŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒDTB”uh1hhAhBhCKh!jÎubah"}”(h$]”h&]”h+]”ŒDTB”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ .. |DS-5| replace:: :term:`DS-5`”h]”h)”}”(hŒ:term:`DS-5`”h]”h)”}”(hjÿh]”hŒDS-5”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jýubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒDS-5”uh1hhAhBhCKh!jùubah"}”(h$]”h&]”h+]”ŒDS-5”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |DSU| replace:: :term:`DSU`”h]”h)”}”(hŒ:term:`DSU`”h]”h)”}”(hj*h]”hŒDSU”…””}”(hhh!j,ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j(ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j6Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒDSU”uh1hhAhBhCK h!j$ubah"}”(h$]”h&]”h+]”ŒDSU”ah-]”h/]”uh1h hAhBhCK h!hhhubh)”}”(hŒ.. |DT| replace:: :term:`DT`”h]”h)”}”(hŒ :term:`DT`”h]”h)”}”(hjUh]”hŒDT”…””}”(hhh!jWubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jSubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jaŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒDT”uh1hhAhBhCKh!jOubah"}”(h$]”h&]”h+]”ŒDT”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |EL| replace:: :term:`EL`”h]”h)”}”(hŒ :term:`EL`”h]”h)”}”(hj€h]”hŒEL”…””}”(hhh!j‚ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j~ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒEL”uh1hhAhBhCKh!jzubah"}”(h$]”h&]”h+]”ŒEL”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |EHF| replace:: :term:`EHF`”h]”h)”}”(hŒ:term:`EHF`”h]”h)”}”(hj«h]”hŒEHF”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j©ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j·Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒEHF”uh1hhAhBhCKh!j¥ubah"}”(h$]”h&]”h+]”ŒEHF”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ".. |FCONF| replace:: :term:`FCONF`”h]”h)”}”(hŒ :term:`FCONF`”h]”h)”}”(hjÖh]”hŒFCONF”…””}”(hhh!jØubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÔubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jâŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒFCONF”uh1hhAhBhCKh!jÐubah"}”(h$]”h&]”h+]”ŒFCONF”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |FDT| replace:: :term:`FDT`”h]”h)”}”(hŒ:term:`FDT`”h]”h)”}”(hjh]”hŒFDT”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÿubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒFDT”uh1hhAhBhCKh!jûubah"}”(h$]”h&]”h+]”ŒFDT”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ .. |FF-A| replace:: :term:`FF-A`”h]”h)”}”(hŒ:term:`FF-A`”h]”h)”}”(hj,h]”hŒFF-A”…””}”(hhh!j.ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j*ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j8Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒFF-A”uh1hhAhBhCKh!j&ubah"}”(h$]”h&]”h+]”ŒFF-A”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |FIP| replace:: :term:`FIP`”h]”h)”}”(hŒ:term:`FIP`”h]”h)”}”(hjWh]”hŒFIP”…””}”(hhh!jYubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jUubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jcŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒFIP”uh1hhAhBhCKh!jQubah"}”(h$]”h&]”h+]”ŒFIP”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |FVP| replace:: :term:`FVP`”h]”h)”}”(hŒ:term:`FVP`”h]”h)”}”(hj‚h]”hŒFVP”…””}”(hhh!j„ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j€ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŽŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒFVP”uh1hhAhBhCKh!j|ubah"}”(h$]”h&]”h+]”ŒFVP”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |FWU| replace:: :term:`FWU`”h]”h)”}”(hŒ:term:`FWU`”h]”h)”}”(hjh]”hŒFWU”…””}”(hhh!j¯ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j«ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j¹Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒFWU”uh1hhAhBhCKh!j§ubah"}”(h$]”h&]”h+]”ŒFWU”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |GIC| replace:: :term:`GIC`”h]”h)”}”(hŒ:term:`GIC`”h]”h)”}”(hjØh]”hŒGIC”…””}”(hhh!jÚubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÖubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jäŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒGIC”uh1hhAhBhCKh!jÒubah"}”(h$]”h&]”h+]”ŒGIC”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |ISA| replace:: :term:`ISA`”h]”h)”}”(hŒ:term:`ISA`”h]”h)”}”(hjh]”hŒISA”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒISA”uh1hhAhBhCKh!jýubah"}”(h$]”h&]”h+]”ŒISA”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ$.. |Linaro| replace:: :term:`Linaro`”h]”h)”}”(hŒ:term:`Linaro`”h]”h)”}”(hj.h]”hŒLinaro”…””}”(hhh!j0ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j,ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j:Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒLinaro”uh1hhAhBhCKh!j(ubah"}”(h$]”h&]”h+]”ŒLinaro”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |MMU| replace:: :term:`MMU`”h]”h)”}”(hŒ:term:`MMU`”h]”h)”}”(hjYh]”hŒMMU”…””}”(hhh!j[ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jWubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jeŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒMMU”uh1hhAhBhCKh!jSubah"}”(h$]”h&]”h+]”ŒMMU”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ .. |MPAM| replace:: :term:`MPAM`”h]”h)”}”(hŒ:term:`MPAM`”h]”h)”}”(hj„h]”hŒMPAM”…””}”(hhh!j†ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j‚ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒMPAM”uh1hhAhBhCKh!j~ubah"}”(h$]”h&]”h+]”ŒMPAM”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ .. |MPMM| replace:: :term:`MPMM`”h]”h)”}”(hŒ:term:`MPMM`”h]”h)”}”(hj¯h]”hŒMPMM”…””}”(hhh!j±ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j»Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒMPMM”uh1hhAhBhCKh!j©ubah"}”(h$]”h&]”h+]”ŒMPMM”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ".. |MPIDR| replace:: :term:`MPIDR`”h]”h)”}”(hŒ :term:`MPIDR`”h]”h)”}”(hjÚh]”hŒMPIDR”…””}”(hhh!jÜubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jØubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jæŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒMPIDR”uh1hhAhBhCKh!jÔubah"}”(h$]”h&]”h+]”ŒMPIDR”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |MTE| replace:: :term:`MTE`”h]”h)”}”(hŒ:term:`MTE`”h]”h)”}”(hjh]”hŒMTE”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒMTE”uh1hhAhBhCKh!jÿubah"}”(h$]”h&]”h+]”ŒMTE”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ.. |OEN| replace:: :term:`OEN`”h]”h)”}”(hŒ:term:`OEN`”h]”h)”}”(hj0h]”hŒOEN”…””}”(hhh!j2ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j.ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j<Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒOEN”uh1hhAhBhCKh!j*ubah"}”(h$]”h&]”h+]”ŒOEN”ah-]”h/]”uh1h hAhBhCKh!hhhubh)”}”(hŒ$.. |OP-TEE| replace:: :term:`OP-TEE`”h]”h)”}”(hŒ:term:`OP-TEE`”h]”h)”}”(hj[h]”hŒOP-TEE”…””}”(hhh!j]ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jYubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jgŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒOP-TEE”uh1hhAhBhCK h!jUubah"}”(h$]”h&]”h+]”ŒOP-TEE”ah-]”h/]”uh1h hAhBhCK h!hhhubh)”}”(hŒ.. |OTE| replace:: :term:`OTE`”h]”h)”}”(hŒ:term:`OTE`”h]”h)”}”(hj†h]”hŒOTE”…””}”(hhh!jˆubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j„ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j’Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒOTE”uh1hhAhBhCK!h!j€ubah"}”(h$]”h&]”h+]”ŒOTE”ah-]”h/]”uh1h hAhBhCK!h!hhhubh)”}”(hŒ.. |PDD| replace:: :term:`PDD`”h]”h)”}”(hŒ:term:`PDD`”h]”h)”}”(hj±h]”hŒPDD”…””}”(hhh!j³ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j¯ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j½Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒPDD”uh1hhAhBhCK"h!j«ubah"}”(h$]”h&]”h+]”ŒPDD”ah-]”h/]”uh1h hAhBhCK"h!hhhubh)”}”(hŒ".. |PAUTH| replace:: :term:`PAUTH`”h]”h)”}”(hŒ :term:`PAUTH`”h]”h)”}”(hjÜh]”hŒPAUTH”…””}”(hhh!jÞubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÚubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jèŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒPAUTH”uh1hhAhBhCK#h!jÖubah"}”(h$]”h&]”h+]”ŒPAUTH”ah-]”h/]”uh1h hAhBhCK#h!hhhubh)”}”(hŒ.. |PMF| replace:: :term:`PMF`”h]”h)”}”(hŒ:term:`PMF`”h]”h)”}”(hjh]”hŒPMF”…””}”(hhh!j ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒPMF”uh1hhAhBhCK$h!jubah"}”(h$]”h&]”h+]”ŒPMF”ah-]”h/]”uh1h hAhBhCK$h!hhhubh)”}”(hŒ .. |PSCI| replace:: :term:`PSCI`”h]”h)”}”(hŒ:term:`PSCI`”h]”h)”}”(hj2h]”hŒPSCI”…””}”(hhh!j4ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j0ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j>Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒPSCI”uh1hhAhBhCK%h!j,ubah"}”(h$]”h&]”h+]”ŒPSCI”ah-]”h/]”uh1h hAhBhCK%h!hhhubh)”}”(hŒ.. |RAS| replace:: :term:`RAS`”h]”h)”}”(hŒ:term:`RAS`”h]”h)”}”(hj]h]”hŒRAS”…””}”(hhh!j_ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j[ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jiŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒRAS”uh1hhAhBhCK&h!jWubah"}”(h$]”h&]”h+]”ŒRAS”ah-]”h/]”uh1h hAhBhCK&h!hhhubh)”}”(hŒ.. |ROT| replace:: :term:`ROT`”h]”h)”}”(hŒ:term:`ROT`”h]”h)”}”(hjˆh]”hŒROT”…””}”(hhh!jŠubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j†ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j”Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒROT”uh1hhAhBhCK'h!j‚ubah"}”(h$]”h&]”h+]”ŒROT”ah-]”h/]”uh1h hAhBhCK'h!hhhubh)”}”(hŒ .. |SCMI| replace:: :term:`SCMI`”h]”h)”}”(hŒ:term:`SCMI`”h]”h)”}”(hj³h]”hŒSCMI”…””}”(hhh!jµubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j±ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j¿Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSCMI”uh1hhAhBhCK(h!jubah"}”(h$]”h&]”h+]”ŒSCMI”ah-]”h/]”uh1h hAhBhCK(h!hhhubh)”}”(hŒ.. |SCP| replace:: :term:`SCP`”h]”h)”}”(hŒ:term:`SCP`”h]”h)”}”(hjÞh]”hŒSCP”…””}”(hhh!jàubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÜubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jêŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSCP”uh1hhAhBhCK)h!jØubah"}”(h$]”h&]”h+]”ŒSCP”ah-]”h/]”uh1h hAhBhCK)h!hhhubh)”}”(hŒ .. |SDEI| replace:: :term:`SDEI`”h]”h)”}”(hŒ:term:`SDEI`”h]”h)”}”(hj h]”hŒSDEI”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSDEI”uh1hhAhBhCK*h!jubah"}”(h$]”h&]”h+]”ŒSDEI”ah-]”h/]”uh1h hAhBhCK*h!hhhubh)”}”(hŒ.. |SDS| replace:: :term:`SDS`”h]”h)”}”(hŒ:term:`SDS`”h]”h)”}”(hj4h]”hŒSDS”…””}”(hhh!j6ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j2ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j@Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSDS”uh1hhAhBhCK+h!j.ubah"}”(h$]”h&]”h+]”ŒSDS”ah-]”h/]”uh1h hAhBhCK+h!hhhubh)”}”(hŒ.. |SEA| replace:: :term:`SEA`”h]”h)”}”(hŒ:term:`SEA`”h]”h)”}”(hj_h]”hŒSEA”…””}”(hhh!jaubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j]ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jkŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSEA”uh1hhAhBhCK,h!jYubah"}”(h$]”h&]”h+]”ŒSEA”ah-]”h/]”uh1h hAhBhCK,h!hhhubh)”}”(hŒ.. |SiP| replace:: :term:`SiP`”h]”h)”}”(hŒ:term:`SiP`”h]”h)”}”(hjŠh]”hŒSiP”…””}”(hhh!jŒubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jˆubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j–Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSiP”uh1hhAhBhCK-h!j„ubah"}”(h$]”h&]”h+]”ŒSiP”ah-]”h/]”uh1h hAhBhCK-h!hhhubh)”}”(hŒ.. |SIP| replace:: :term:`SIP`”h]”h)”}”(hŒ:term:`SIP`”h]”h)”}”(hjµh]”hŒSIP”…””}”(hhh!j·ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j³ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jÁŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSIP”uh1hhAhBhCK.h!j¯ubah"}”(h$]”h&]”h+]”ŒSIP”ah-]”h/]”uh1h hAhBhCK.h!hhhubh)”}”(hŒ.. |SMC| replace:: :term:`SMC`”h]”h)”}”(hŒ:term:`SMC`”h]”h)”}”(hjàh]”hŒSMC”…””}”(hhh!jâubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jÞubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jìŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSMC”uh1hhAhBhCK/h!jÚubah"}”(h$]”h&]”h+]”ŒSMC”ah-]”h/]”uh1h hAhBhCK/h!hhhubh)”}”(hŒ".. |SMCCC| replace:: :term:`SMCCC`”h]”h)”}”(hŒ :term:`SMCCC`”h]”h)”}”(hjh]”hŒSMCCC”…””}”(hhh!j ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSMCCC”uh1hhAhBhCK0h!jubah"}”(h$]”h&]”h+]”ŒSMCCC”ah-]”h/]”uh1h hAhBhCK0h!hhhubh)”}”(hŒ.. |SoC| replace:: :term:`SoC`”h]”h)”}”(hŒ:term:`SoC`”h]”h)”}”(hj6h]”hŒSoC”…””}”(hhh!j8ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j4ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jBŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSoC”uh1hhAhBhCK1h!j0ubah"}”(h$]”h&]”h+]”ŒSoC”ah-]”h/]”uh1h hAhBhCK1h!hhhubh)”}”(hŒ.. |SP| replace:: :term:`SP`”h]”h)”}”(hŒ :term:`SP`”h]”h)”}”(hjah]”hŒSP”…””}”(hhh!jcubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j_ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jmŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSP”uh1hhAhBhCK2h!j[ubah"}”(h$]”h&]”h+]”ŒSP”ah-]”h/]”uh1h hAhBhCK2h!hhhubh)”}”(hŒ.. |SPD| replace:: :term:`SPD`”h]”h)”}”(hŒ:term:`SPD`”h]”h)”}”(hjŒh]”hŒSPD”…””}”(hhh!jŽubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jŠubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j˜Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSPD”uh1hhAhBhCK3h!j†ubah"}”(h$]”h&]”h+]”ŒSPD”ah-]”h/]”uh1h hAhBhCK3h!hhhubh)”}”(hŒ.. |SPM| replace:: :term:`SPM`”h]”h)”}”(hŒ:term:`SPM`”h]”h)”}”(hj·h]”hŒSPM”…””}”(hhh!j¹ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jµubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jÃŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSPM”uh1hhAhBhCK4h!j±ubah"}”(h$]”h&]”h+]”ŒSPM”ah-]”h/]”uh1h hAhBhCK4h!hhhubh)”}”(hŒ .. |SSBS| replace:: :term:`SSBS`”h]”h)”}”(hŒ:term:`SSBS`”h]”h)”}”(hjâh]”hŒSSBS”…””}”(hhh!jäubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jàubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jîŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSSBS”uh1hhAhBhCK5h!jÜubah"}”(h$]”h&]”h+]”ŒSSBS”ah-]”h/]”uh1h hAhBhCK5h!hhhubh)”}”(hŒ.. |SVE| replace:: :term:`SVE`”h]”h)”}”(hŒ:term:`SVE`”h]”h)”}”(hj h]”hŒSVE”…””}”(hhh!j ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒSVE”uh1hhAhBhCK6h!j ubah"}”(h$]”h&]”h+]”ŒSVE”ah-]”h/]”uh1h hAhBhCK6h!hhhubh)”}”(hŒ.. |TBB| replace:: :term:`TBB`”h]”h)”}”(hŒ:term:`TBB`”h]”h)”}”(hj8 h]”hŒTBB”…””}”(hhh!j: ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j6 ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jD Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTBB”uh1hhAhBhCK7h!j2 ubah"}”(h$]”h&]”h+]”ŒTBB”ah-]”h/]”uh1h hAhBhCK7h!hhhubh)”}”(hŒ .. |TBBR| replace:: :term:`TBBR`”h]”h)”}”(hŒ:term:`TBBR`”h]”h)”}”(hjc h]”hŒTBBR”…””}”(hhh!je ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!ja ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jo Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTBBR”uh1hhAhBhCK8h!j] ubah"}”(h$]”h&]”h+]”ŒTBBR”ah-]”h/]”uh1h hAhBhCK8h!hhhubh)”}”(hŒ.. |TEE| replace:: :term:`TEE`”h]”h)”}”(hŒ:term:`TEE`”h]”h)”}”(hjŽ h]”hŒTEE”…””}”(hhh!j ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jŒ ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jš Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTEE”uh1hhAhBhCK9h!jˆ ubah"}”(h$]”h&]”h+]”ŒTEE”ah-]”h/]”uh1h hAhBhCK9h!hhhubh)”}”(hŒ .. |TF-A| replace:: :term:`TF-A`”h]”h)”}”(hŒ:term:`TF-A`”h]”h)”}”(hj¹ h]”hŒTF-A”…””}”(hhh!j» ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j· ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jÅ Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTF-A”uh1hhAhBhCK:h!j³ ubah"}”(h$]”h&]”h+]”ŒTF-A”ah-]”h/]”uh1h hAhBhCK:h!hhhubh)”}”(hŒ .. |TF-M| replace:: :term:`TF-M`”h]”h)”}”(hŒ:term:`TF-M`”h]”h)”}”(hjä h]”hŒTF-M”…””}”(hhh!jæ ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jâ ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jð Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTF-M”uh1hhAhBhCK;h!jÞ ubah"}”(h$]”h&]”h+]”ŒTF-M”ah-]”h/]”uh1h hAhBhCK;h!hhhubh)”}”(hŒ.. |TLB| replace:: :term:`TLB`”h]”h)”}”(hŒ:term:`TLB`”h]”h)”}”(hj h]”hŒTLB”…””}”(hhh!j ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTLB”uh1hhAhBhCKh!j_ ubah"}”(h$]”h&]”h+]”ŒTRNG”ah-]”h/]”uh1h hAhBhCK>h!hhhubh)”}”(hŒ.. |TSP| replace:: :term:`TSP`”h]”h)”}”(hŒ:term:`TSP`”h]”h)”}”(hj h]”hŒTSP”…””}”(hhh!j’ ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jŽ ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jœ Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTSP”uh1hhAhBhCK?h!jŠ ubah"}”(h$]”h&]”h+]”ŒTSP”ah-]”h/]”uh1h hAhBhCK?h!hhhubh)”}”(hŒ.. |TZC| replace:: :term:`TZC`”h]”h)”}”(hŒ:term:`TZC`”h]”h)”}”(hj» h]”hŒTZC”…””}”(hhh!j½ ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j¹ ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jÇ Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒTZC”uh1hhAhBhCK@h!jµ ubah"}”(h$]”h&]”h+]”ŒTZC”ah-]”h/]”uh1h hAhBhCK@h!hhhubh)”}”(hŒ".. |UBSAN| replace:: :term:`UBSAN`”h]”h)”}”(hŒ :term:`UBSAN`”h]”h)”}”(hjæ h]”hŒUBSAN”…””}”(hhh!jè ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jä ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jò Œreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒUBSAN”uh1hhAhBhCKAh!jà ubah"}”(h$]”h&]”h+]”ŒUBSAN”ah-]”h/]”uh1h hAhBhCKAh!hhhubh)”}”(hŒ .. |UEFI| replace:: :term:`UEFI`”h]”h)”}”(hŒ:term:`UEFI`”h]”h)”}”(hjh]”hŒUEFI”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒUEFI”uh1hhAhBhCKBh!jubah"}”(h$]”h&]”h+]”ŒUEFI”ah-]”h/]”uh1h hAhBhCKBh!hhhubh)”}”(hŒ .. |WDOG| replace:: :term:`WDOG`”h]”h)”}”(hŒ:term:`WDOG`”h]”h)”}”(hj<h]”hŒWDOG”…””}”(hhh!j>ubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!j:ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jHŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒWDOG”uh1hhAhBhCKCh!j6ubah"}”(h$]”h&]”h+]”ŒWDOG”ah-]”h/]”uh1h hAhBhCKCh!hhhubh)”}”(hŒ!.. |XLAT| replace:: :term:`XLAT` ”h]”h)”}”(hŒ:term:`XLAT`”h]”h)”}”(hjgh]”hŒXLAT”…””}”(hhh!jiubah"}”(h$]”h&]”(h(Œstd”Œstd-term”eh+]”h-]”h/]”uh1hh!jeubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jsŒreftype”Œterm”Œrefexplicit”‰Œrefwarn”ˆh?ŒXLAT”uh1hhAhBhCKDh!jaubah"}”(h$]”h&]”h+]”ŒXLAT”ah-]”h/]”uh1h hAhBhCKDh!hhhubh Œsection”“”)”}”(hhh]”(h Œtitle”“”)”}”(hŒ)Authentication Framework & Chain of Trust”h]”hŒ)Authentication Framework & Chain of Trust”…””}”(hj•h!j“hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jŽhhhAŒV/home/test/workspace/code/optee_3.16/trusted-firmware-a/docs/design/auth-framework.rst”hCKubh Œ paragraph”“”)”}”(hŒ¢The aim of this document is to describe the authentication framework implemented in Trusted Firmware-A (TF-A). This framework fulfills the following requirements:”h]”hŒ¢The aim of this document is to describe the authentication framework implemented in Trusted Firmware-A (TF-A). This framework fulfills the following requirements:”…””}”(hj¦h!j¤hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!jŽhhubh Œenumerated_list”“”)”}”(hhh]”(h Œ list_item”“”)”}”(hŒ¬It should be possible for a platform port to specify the Chain of Trust in terms of certificate hierarchy and the mechanisms used to verify a particular image/certificate. ”h]”j£)”}”(hŒ«It should be possible for a platform port to specify the Chain of Trust in terms of certificate hierarchy and the mechanisms used to verify a particular image/certificate.”h]”hŒ«It should be possible for a platform port to specify the Chain of Trust in terms of certificate hierarchy and the mechanisms used to verify a particular image/certificate.”…””}”(hj¿h!j½ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!j¹ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j´hhhAj¡hCNubj¸)”}”(hX4The framework should distinguish between: - The mechanism used to encode and transport information, e.g. DER encoded X.509v3 certificates to ferry Subject Public Keys, hashes and non-volatile counters. - The mechanism used to verify the transported information i.e. the cryptographic libraries. ”h]”(j£)”}”(hŒ)The framework should distinguish between:”h]”hŒ)The framework should distinguish between:”…””}”(hj×h!jÕubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!jÑubh Œbullet_list”“”)”}”(hhh]”(j¸)”}”(hŒžThe mechanism used to encode and transport information, e.g. DER encoded X.509v3 certificates to ferry Subject Public Keys, hashes and non-volatile counters. ”h]”j£)”}”(hŒThe mechanism used to encode and transport information, e.g. DER encoded X.509v3 certificates to ferry Subject Public Keys, hashes and non-volatile counters.”h]”hŒThe mechanism used to encode and transport information, e.g. DER encoded X.509v3 certificates to ferry Subject Public Keys, hashes and non-volatile counters.”…””}”(hjîh!jìubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!jèubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jåubj¸)”}”(hŒ[The mechanism used to verify the transported information i.e. the cryptographic libraries. ”h]”j£)”}”(hŒZThe mechanism used to verify the transported information i.e. the cryptographic libraries.”h]”hŒZThe mechanism used to verify the transported information i.e. the cryptographic libraries.”…””}”(hjh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jåubeh"}”(h$]”h&]”h+]”h-]”h/]”Œbullet”Œ-”uh1jãhAj¡hCKh!jÑubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j´hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1j²h!jŽhhhAj¡hCKubj£)”}”(hŒ]The framework has been designed following a modular approach illustrated in the next diagram:”h]”hŒ]The framework has been designed following a modular approach illustrated in the next diagram:”…””}”(hj3h!j1hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!jŽhhubh Œ literal_block”“”)”}”(hXˆ+---------------+---------------+------------+ | Trusted | Trusted | Trusted | | Firmware | Firmware | Firmware | | Generic | IO Framework | Platform | | Code i.e. | (IO) | Port | | BL1/BL2 (GEN) | | (PP) | +---------------+---------------+------------+ ^ ^ ^ | | | v v v +-----------+ +-----------+ +-----------+ | | | | | Image | | Crypto | | Auth | | Parser | | Module |<->| Module |<->| Module | | (CM) | | (AM) | | (IPM) | | | | | | | +-----------+ +-----------+ +-----------+ ^ ^ | | v v +----------------+ +-----------------+ | Cryptographic | | Image Parser | | Libraries (CL) | | Libraries (IPL) | +----------------+ +-----------------+ | | | | | | v v +-----------------+ | Misc. Libs e.g. | | ASN.1 decoder | | | +-----------------+ DIAGRAM 1.”h]”hXˆ+---------------+---------------+------------+ | Trusted | Trusted | Trusted | | Firmware | Firmware | Firmware | | Generic | IO Framework | Platform | | Code i.e. | (IO) | Port | | BL1/BL2 (GEN) | | (PP) | +---------------+---------------+------------+ ^ ^ ^ | | | v v v +-----------+ +-----------+ +-----------+ | | | | | Image | | Crypto | | Auth | | Parser | | Module |<->| Module |<->| Module | | (CM) | | (AM) | | (IPM) | | | | | | | +-----------+ +-----------+ +-----------+ ^ ^ | | v v +----------------+ +-----------------+ | Cryptographic | | Image Parser | | Libraries (CL) | | Libraries (IPL) | +----------------+ +-----------------+ | | | | | | v v +-----------------+ | Misc. Libs e.g. | | ASN.1 decoder | | | +-----------------+ DIAGRAM 1.”…””}”(hhh!jAubah"}”(h$]”h&]”h+]”h-]”h/]”Œ xml:space”Œpreserve”uh1j?hAj¡hCKh!jŽhhubj£)”}”(hŒThis document describes the inner details of the authentication framework and the abstraction mechanisms available to specify a Chain of Trust.”h]”hŒThis document describes the inner details of the authentication framework and the abstraction mechanisms available to specify a Chain of Trust.”…””}”(hjSh!jQhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK>h!jŽhhubj)”}”(hhh]”(j’)”}”(hŒFramework design”h]”hŒFramework design”…””}”(hjdh!jbhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j_hhhAj¡hCKBubj£)”}”(hŒŒThis section describes some aspects of the framework design and the rationale behind them. These aspects are key to verify a Chain of Trust.”h]”hŒŒThis section describes some aspects of the framework design and the rationale behind them. These aspects are key to verify a Chain of Trust.”…””}”(hjrh!jphhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKDh!j_hhubj)”}”(hhh]”(j’)”}”(hŒChain of Trust”h]”hŒChain of Trust”…””}”(hjƒh!jhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j~hhhAj¡hCKHubj£)”}”(hXA CoT is basically a sequence of authentication images which usually starts with a root of trust and culminates in a single data image. The following diagram illustrates how this maps to a CoT for the BL31 image described in the `TBBR-Client specification`_.”h]”(hŒåA CoT is basically a sequence of authentication images which usually starts with a root of trust and culminates in a single data image. The following diagram illustrates how this maps to a CoT for the BL31 image described in the ”…””}”(hŒåA CoT is basically a sequence of authentication images which usually starts with a root of trust and culminates in a single data image. The following diagram illustrates how this maps to a CoT for the BL31 image described in the ”h!jhhhANhCNubh Œ reference”“”)”}”(hŒ`TBBR-Client specification`_”h]”hŒTBBR-Client specification”…””}”(hŒTBBR-Client specification”h!jšubah"}”(h$]”h&]”h+]”h-]”h/]”Œname”ŒTBBR-Client specification”Œrefuri”Œhhttps://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a”uh1j˜h!jŒresolved”KubhŒ.”…””}”(hj0h!jhhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKJh!j~hhubj@)”}”(hX7+------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| BL31 Key | | Public Key | | Certificate | +------------------+ | (Auth Image) | +-------------------+ / | / | / | / | / v +------------------+ L +-------------------+ | BL31 Content |------>| BL31 Content | | Certificate PK | | Certificate | +------------------+ | (Auth Image) | +-------------------+ / | / | / | / | / v +------------------+ L +-------------------+ | BL31 Hash |------>| BL31 Image | | | | (Data Image) | +------------------+ | | +-------------------+ DIAGRAM 2.”h]”hX7+------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| BL31 Key | | Public Key | | Certificate | +------------------+ | (Auth Image) | +-------------------+ / | / | / | / | / v +------------------+ L +-------------------+ | BL31 Content |------>| BL31 Content | | Certificate PK | | Certificate | +------------------+ | (Auth Image) | +-------------------+ / | / | / | / | / v +------------------+ L +-------------------+ | BL31 Hash |------>| BL31 Image | | | | (Data Image) | +------------------+ | | +-------------------+ DIAGRAM 2.”…””}”(hhh!j¸ubah"}”(h$]”h&]”h+]”h-]”h/]”jOjPuh1j?hAj¡hCKQh!j~hhubj£)”}”(hŒmThe root of trust is usually a public key (ROTPK) that has been burnt in the platform and cannot be modified.”h]”hŒmThe root of trust is usually a public key (ROTPK) that has been burnt in the platform and cannot be modified.”…””}”(hjÈh!jÆhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKwh!j~hhubeh"}”(h$]”Œchain-of-trust”ah&]”h+]”Œchain of trust”ah-]”h/]”uh1jŒh!j_hhhAj¡hCKHubj)”}”(hhh]”(j’)”}”(hŒImage types”h]”hŒImage types”…””}”(hjáh!jßhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jÜhhhAj¡hCK{ubj£)”}”(hXImages in a CoT are categorised as authentication and data images. An authentication image contains information to authenticate a data image or another authentication image. A data image is usually a boot loader binary, but it could be any other data that requires authentication.”h]”hXImages in a CoT are categorised as authentication and data images. An authentication image contains information to authenticate a data image or another authentication image. A data image is usually a boot loader binary, but it could be any other data that requires authentication.”…””}”(hjïh!jíhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK}h!jÜhhubeh"}”(h$]”Œimage-types”ah&]”h+]”Œimage types”ah-]”h/]”uh1jŒh!j_hhhAj¡hCK{ubj)”}”(hhh]”(j’)”}”(hŒComponent responsibilities”h]”hŒComponent responsibilities”…””}”(hj h!j hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j hhhAj¡hCKƒubj£)”}”(hŒdFor every image in a Chain of Trust, the following high level operations are performed to verify it:”h]”hŒdFor every image in a Chain of Trust, the following high level operations are performed to verify it:”…””}”(hj h!j hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK…h!j hhubj³)”}”(hhh]”(j¸)”}”(hŒ?Allocate memory for the image either statically or at runtime. ”h]”j£)”}”(hŒ>Allocate memory for the image either statically or at runtime.”h]”hŒ>Allocate memory for the image either statically or at runtime.”…””}”(hj+ h!j) ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKˆh!j% ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j" hhhAj¡hCNubj¸)”}”(hŒ8Identify the image and load it in the allocated memory. ”h]”j£)”}”(hŒ7Identify the image and load it in the allocated memory.”h]”hŒ7Identify the image and load it in the allocated memory.”…””}”(hjC h!jA ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKŠh!j= ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j" hhhAj¡hCNubj¸)”}”(hŒ2Check the integrity of the image as per its type. ”h]”j£)”}”(hŒ1Check the integrity of the image as per its type.”h]”hŒ1Check the integrity of the image as per its type.”…””}”(hj[ h!jY ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKŒh!jU ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j" hhhAj¡hCNubj¸)”}”(hŒAAuthenticate the image as per the cryptographic algorithms used. ”h]”j£)”}”(hŒ@Authenticate the image as per the cryptographic algorithms used.”h]”hŒ@Authenticate the image as per the cryptographic algorithms used.”…””}”(hjs h!jq ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKŽh!jm ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j" hhhAj¡hCNubj¸)”}”(hŒ~If the image is an authentication image, extract the information that will be used to authenticate the next image in the CoT. ”h]”j£)”}”(hŒ}If the image is an authentication image, extract the information that will be used to authenticate the next image in the CoT.”h]”hŒ}If the image is an authentication image, extract the information that will be used to authenticate the next image in the CoT.”…””}”(hj‹ h!j‰ ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!j… ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j" hhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!j hhhAj¡hCKˆubj£)”}”(hŒ‚In Diagram 1, each component is responsible for one or more of these operations. The responsibilities are briefly described below.”h]”hŒ‚In Diagram 1, each component is responsible for one or more of these operations. The responsibilities are briefly described below.”…””}”(hj¥ h!j£ hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK“h!j hhubj)”}”(hhh]”(j’)”}”(hŒ+TF-A Generic code and IO framework (GEN/IO)”h]”hŒ+TF-A Generic code and IO framework (GEN/IO)”…””}”(hj¶ h!j´ hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j± hhhAj¡hCK—ubj£)”}”(hXÌThese components are responsible for initiating the authentication process for a particular image in BL1 or BL2. For each BL image that requires authentication, the Generic code asks recursively the Authentication module what is the parent image until either an authenticated image or the ROT is reached. Then the Generic code calls the IO framework to load the image and calls the Authentication module to authenticate it, following the CoT from ROT to Image.”h]”hXÌThese components are responsible for initiating the authentication process for a particular image in BL1 or BL2. For each BL image that requires authentication, the Generic code asks recursively the Authentication module what is the parent image until either an authenticated image or the ROT is reached. Then the Generic code calls the IO framework to load the image and calls the Authentication module to authenticate it, following the CoT from ROT to Image.”…””}”(hjÄ h!jÂ hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK™h!j± hhubeh"}”(h$]”Œ)tf-a-generic-code-and-io-framework-gen-io”ah&]”h+]”Œ+tf-a generic code and io framework (gen/io)”ah-]”h/]”uh1jŒh!j hhhAj¡hCK—ubj)”}”(hhh]”(j’)”}”(hŒTF-A Platform Port (PP)”h]”hŒTF-A Platform Port (PP)”…””}”(hjÝ h!jÛ hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jØ hhhAj¡hCK¡ubj£)”}”(hŒ The platform is responsible for:”h]”hŒ The platform is responsible for:”…””}”(hjë h!jé hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK£h!jØ hhubj³)”}”(hhh]”(j¸)”}”(hŒðSpecifying the CoT for each image that needs to be authenticated. Details of how a CoT can be specified by the platform are explained later. The platform also specifies the authentication methods and the parsing method used for each image. ”h]”j£)”}”(hŒïSpecifying the CoT for each image that needs to be authenticated. Details of how a CoT can be specified by the platform are explained later. The platform also specifies the authentication methods and the parsing method used for each image.”h]”hŒïSpecifying the CoT for each image that needs to be authenticated. Details of how a CoT can be specified by the platform are explained later. The platform also specifies the authentication methods and the parsing method used for each image.”…””}”(hjh!jþ ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK¥h!jú ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubj¸)”}”(hŒŒStatically allocating memory for each parameter in each image which is used for verifying the CoT, e.g. memory for public keys, hashes etc. ”h]”j£)”}”(hŒ‹Statically allocating memory for each parameter in each image which is used for verifying the CoT, e.g. memory for public keys, hashes etc.”h]”hŒ‹Statically allocating memory for each parameter in each image which is used for verifying the CoT, e.g. memory for public keys, hashes etc.”…””}”(hjh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKªh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubj¸)”}”(hŒ%Providing the ROTPK or a hash of it. ”h]”j£)”}”(hŒ$Providing the ROTPK or a hash of it.”h]”hŒ$Providing the ROTPK or a hash of it.”…””}”(hj0h!j.ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKh!j*ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubj¸)”}”(hŒâProviding additional information to the IPM to enable it to identify and extract authentication parameters contained in an image, e.g. if the parameters are stored as X509v3 extensions, the corresponding OID must be provided. ”h]”j£)”}”(hŒáProviding additional information to the IPM to enable it to identify and extract authentication parameters contained in an image, e.g. if the parameters are stored as X509v3 extensions, the corresponding OID must be provided.”h]”hŒáProviding additional information to the IPM to enable it to identify and extract authentication parameters contained in an image, e.g. if the parameters are stored as X509v3 extensions, the corresponding OID must be provided.”…””}”(hjHh!jFubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK¯h!jBubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubj¸)”}”(hŒhFulfill any other memory requirements of the IPM and the CM (not currently described in this document). ”h]”j£)”}”(hŒgFulfill any other memory requirements of the IPM and the CM (not currently described in this document).”h]”hŒgFulfill any other memory requirements of the IPM and the CM (not currently described in this document).”…””}”(hj`h!j^ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK´h!jZubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubj¸)”}”(hŒúExport functions to verify an image which uses an authentication method that cannot be interpreted by the CM, e.g. if an image has to be verified using a NV counter, then the value of the counter to compare with can only be provided by the platform. ”h]”j£)”}”(hŒùExport functions to verify an image which uses an authentication method that cannot be interpreted by the CM, e.g. if an image has to be verified using a NV counter, then the value of the counter to compare with can only be provided by the platform.”h]”hŒùExport functions to verify an image which uses an authentication method that cannot be interpreted by the CM, e.g. if an image has to be verified using a NV counter, then the value of the counter to compare with can only be provided by the platform.”…””}”(hjxh!jvubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK·h!jrubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubj¸)”}”(hŒSExport a custom IPM if a proprietary image format is being used (described later). ”h]”j£)”}”(hŒRExport a custom IPM if a proprietary image format is being used (described later).”h]”hŒRExport a custom IPM if a proprietary image format is being used (described later).”…””}”(hjh!jŽubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCK¼h!jŠubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j÷ hhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!jØ hhhAj¡hCK¥ubeh"}”(h$]”Œtf-a-platform-port-pp”ah&]”h+]”Œtf-a platform port (pp)”ah-]”h/]”uh1jŒh!j hhhAj¡hCK¡ubj)”}”(hhh]”(j’)”}”(hŒAuthentication Module (AM)”h]”hŒAuthentication Module (AM)”…””}”(hjµh!j³hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j°hhhAj¡hCKÀubj£)”}”(hŒIt is responsible for:”h]”hŒIt is responsible for:”…””}”(hjÃh!jÁhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKÂh!j°hhubj³)”}”(hhh]”(j¸)”}”(hŒProviding the necessary abstraction mechanisms to describe a CoT. Amongst other things, the authentication and image parsing methods must be specified by the PP in the CoT. ”h]”j£)”}”(hŒ¬Providing the necessary abstraction mechanisms to describe a CoT. Amongst other things, the authentication and image parsing methods must be specified by the PP in the CoT.”h]”hŒ¬Providing the necessary abstraction mechanisms to describe a CoT. Amongst other things, the authentication and image parsing methods must be specified by the PP in the CoT.”…””}”(hjØh!jÖubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKÄh!jÒubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÏhhhAj¡hCNubj¸)”}”(hŒ[Verifying the CoT passed by GEN by utilising functionality exported by the PP, IPM and CM. ”h]”j£)”}”(hŒZVerifying the CoT passed by GEN by utilising functionality exported by the PP, IPM and CM.”h]”hŒZVerifying the CoT passed by GEN by utilising functionality exported by the PP, IPM and CM.”…””}”(hjðh!jîubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKÈh!jêubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÏhhhAj¡hCNubj¸)”}”(hXsTracking which images have been verified. In case an image is a part of multiple CoTs then it should be verified only once e.g. the Trusted World Key Certificate in the TBBR-Client spec. contains information to verify SCP_BL2, BL31, BL32 each of which have a separate CoT. (This responsibility has not been described in this document but should be trivial to implement). ”h]”j£)”}”(hXrTracking which images have been verified. In case an image is a part of multiple CoTs then it should be verified only once e.g. the Trusted World Key Certificate in the TBBR-Client spec. contains information to verify SCP_BL2, BL31, BL32 each of which have a separate CoT. (This responsibility has not been described in this document but should be trivial to implement).”h]”hXrTracking which images have been verified. In case an image is a part of multiple CoTs then it should be verified only once e.g. the Trusted World Key Certificate in the TBBR-Client spec. contains information to verify SCP_BL2, BL31, BL32 each of which have a separate CoT. (This responsibility has not been described in this document but should be trivial to implement).”…””}”(hjh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKËh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÏhhhAj¡hCNubj¸)”}”(hXReusing memory meant for a data image to verify authentication images e.g. in the CoT described in Diagram 2, each certificate can be loaded and verified in the memory reserved by the platform for the BL31 image. By the time BL31 (the data image) is loaded, all information to authenticate it will have been extracted from the parent image i.e. BL31 content certificate. It is assumed that the size of an authentication image will never exceed the size of a data image. It should be possible to verify this at build time using asserts. ”h]”j£)”}”(hXReusing memory meant for a data image to verify authentication images e.g. in the CoT described in Diagram 2, each certificate can be loaded and verified in the memory reserved by the platform for the BL31 image. By the time BL31 (the data image) is loaded, all information to authenticate it will have been extracted from the parent image i.e. BL31 content certificate. It is assumed that the size of an authentication image will never exceed the size of a data image. It should be possible to verify this at build time using asserts.”h]”hXReusing memory meant for a data image to verify authentication images e.g. in the CoT described in Diagram 2, each certificate can be loaded and verified in the memory reserved by the platform for the BL31 image. By the time BL31 (the data image) is loaded, all information to authenticate it will have been extracted from the parent image i.e. BL31 content certificate. It is assumed that the size of an authentication image will never exceed the size of a data image. It should be possible to verify this at build time using asserts.”…””}”(hj h!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKÒh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÏhhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!j°hhhAj¡hCKÄubeh"}”(h$]”Œauthentication-module-am”ah&]”h+]”Œauthentication module (am)”ah-]”h/]”uh1jŒh!j hhhAj¡hCKÀubj)”}”(hhh]”(j’)”}”(hŒCryptographic Module (CM)”h]”hŒCryptographic Module (CM)”…””}”(hjEh!jChhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j@hhhAj¡hCKÜubj£)”}”(hŒ.The CM is responsible for providing an API to:”h]”hŒ.The CM is responsible for providing an API to:”…””}”(hjSh!jQhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKÞh!j@hhubj³)”}”(hhh]”(j¸)”}”(hŒVerify a digital signature.”h]”j£)”}”(hjdh]”hŒVerify a digital signature.”…””}”(hjdh!jfubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKàh!jbubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j_hhhAj¡hCNubj¸)”}”(hŒVerify a hash. ”h]”j£)”}”(hŒVerify a hash.”h]”hŒVerify a hash.”…””}”(hjh!j}ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKáh!jyubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j_hhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!j@hhhAj¡hCKàubj£)”}”(hXThe CM does not include any cryptography related code, but it relies on an external library to perform the cryptographic operations. A Crypto-Library (CL) linking the CM and the external library must be implemented. The following functions must be provided by the CL:”h]”hXThe CM does not include any cryptography related code, but it relies on an external library to perform the cryptographic operations. A Crypto-Library (CL) linking the CM and the external library must be implemented. The following functions must be provided by the CL:”…””}”(hj™h!j—hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKãh!j@hhubj@)”}”(hXvoid (*init)(void); int (*verify_signature)(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len);”h]”hXvoid (*init)(void); int (*verify_signature)(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len);”…””}”(hhh!j¥ubah"}”(h$]”h&]”h+]”h-]”h/]”Œforce”‰Œhighlight_args”}”jOjPŒlanguage”Œc”uh1j?hAj¡hCKèh!j@hhubj£)”}”(hŒ9These functions are registered in the CM using the macro:”h]”hŒ9These functions are registered in the CM using the macro:”…””}”(hjºh!j¸hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKòh!j@hhubj@)”}”(hŒCREGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash);”h]”hŒCREGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash);”…””}”(hhh!jÆubah"}”(h$]”h&]”h+]”h-]”h/]”Œforce”‰Œhighlight_args”}”jOjPj¶j·uh1j?hAj¡hCKôh!j@hhubj£)”}”(hŒc``_name`` must be a string containing the name of the CL. This name is used for debugging purposes.”h]”(h Œliteral”“”)”}”(hŒ ``_name``”h]”hŒ_name”…””}”(hhh!jÝubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j×ubhŒZ must be a string containing the name of the CL. This name is used for debugging purposes.”…””}”(hŒZ must be a string containing the name of the CL. This name is used for debugging purposes.”h!j×hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKøh!j@hhubeh"}”(h$]”Œcryptographic-module-cm”ah&]”h+]”Œcryptographic module (cm)”ah-]”h/]”uh1jŒh!j hhhAj¡hCKÜubj)”}”(hhh]”(j’)”}”(hŒImage Parser Module (IPM)”h]”hŒImage Parser Module (IPM)”…””}”(hjh!jhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jþhhhAj¡hCKüubj£)”}”(hŒThe IPM is responsible for:”h]”hŒThe IPM is responsible for:”…””}”(hjh!jhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCKþh!jþhhubj³)”}”(hhh]”(j¸)”}”(hŒ@Checking the integrity of each image loaded by the IO framework.”h]”j£)”}”(hj"h]”hŒ@Checking the integrity of each image loaded by the IO framework.”…””}”(hj"h!j$ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jhhhAj¡hCNubj¸)”}”(hŒ€Extracting parameters used for authenticating an image based upon a description provided by the platform in the CoT descriptor. ”h]”j£)”}”(hŒExtracting parameters used for authenticating an image based upon a description provided by the platform in the CoT descriptor.”h]”hŒExtracting parameters used for authenticating an image based upon a description provided by the platform in the CoT descriptor.”…””}”(hj=h!j;ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!j7ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jhhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!jþhhhAj¡hCMubj£)”}”(hXÐImages may have different formats (for example, authentication images could be x509v3 certificates, signed ELF files or any other platform specific format). The IPM allows to register an Image Parser Library (IPL) for every image format used in the CoT. This library must implement the specific methods to parse the image. The IPM obtains the image format from the CoT and calls the right IPL to check the image integrity and extract the authentication parameters.”h]”hXÐImages may have different formats (for example, authentication images could be x509v3 certificates, signed ELF files or any other platform specific format). The IPM allows to register an Image Parser Library (IPL) for every image format used in the CoT. This library must implement the specific methods to parse the image. The IPM obtains the image format from the CoT and calls the right IPL to check the image integrity and extract the authentication parameters.”…””}”(hjWh!jUhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jþhhubj£)”}”(hŒ…See Section "Describing the image parsing methods" for more details about the mechanism the IPM provides to define and register IPLs.”h]”hŒ‰See Section â€œDescribing the image parsing methodsâ€ for more details about the mechanism the IPM provides to define and register IPLs.”…””}”(hjeh!jchhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jþhhubeh"}”(h$]”Œimage-parser-module-ipm”ah&]”h+]”Œimage parser module (ipm)”ah-]”h/]”uh1jŒh!j hhhAj¡hCKüubeh"}”(h$]”Œcomponent-responsibilities”ah&]”h+]”Œcomponent responsibilities”ah-]”h/]”uh1jŒh!j_hhhAj¡hCKƒubj)”}”(hhh]”(j’)”}”(hŒAuthentication methods”h]”hŒAuthentication methods”…””}”(hj†h!j„hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jhhhAj¡hCMubj£)”}”(hŒ5The AM supports the following authentication methods:”h]”hŒ5The AM supports the following authentication methods:”…””}”(hj”h!j’hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jhhubj³)”}”(hhh]”(j¸)”}”(hŒHash”h]”j£)”}”(hj¥h]”hŒHash”…””}”(hj¥h!j§ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!j£ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j hhhAj¡hCNubj¸)”}”(hŒDigital signature ”h]”j£)”}”(hŒDigital signature”h]”hŒDigital signature”…””}”(hjÀh!j¾ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jºubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j hhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!jhhhAj¡hCMubj£)”}”(hŒ€The platform may specify these methods in the CoT in case it decides to define a custom CoT instead of reusing a predefined one.”h]”hŒ€The platform may specify these methods in the CoT in case it decides to define a custom CoT instead of reusing a predefined one.”…””}”(hjÚh!jØhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jhhubj£)”}”(hŒÛIf a data image uses multiple methods, then all the methods must be a part of the same CoT. The number and type of parameters are method specific. These parameters should be obtained from the parent image using the IPM.”h]”hŒÛIf a data image uses multiple methods, then all the methods must be a part of the same CoT. The number and type of parameters are method specific. These parameters should be obtained from the parent image using the IPM.”…””}”(hjèh!jæhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jhhubj³)”}”(hhh]”(j¸)”}”(hX6Hash Parameters: #. A pointer to data to hash #. Length of the data #. A pointer to the hash #. Length of the hash The hash will be represented by the DER encoding of the following ASN.1 type: :: DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest } This ASN.1 structure makes it possible to remove any assumption about the type of hash algorithm used as this information accompanies the hash. This should allow the Cryptography Library (CL) to support multiple hash algorithm implementations. ”h]”(j£)”}”(hŒHash”h]”hŒHash”…””}”(hjýh!jûubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!j÷ubj£)”}”(hŒParameters:”h]”hŒParameters:”…””}”(hjh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!j÷ubj³)”}”(hhh]”(j¸)”}”(hŒA pointer to data to hash”h]”j£)”}”(hjh]”hŒA pointer to data to hash”…””}”(hjh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM!h!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jubj¸)”}”(hŒLength of the data”h]”j£)”}”(hj3h]”hŒLength of the data”…””}”(hj3h!j5ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM"h!j1ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jubj¸)”}”(hŒA pointer to the hash”h]”j£)”}”(hjJh]”hŒA pointer to the hash”…””}”(hjJh!jLubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM#h!jHubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jubj¸)”}”(hŒLength of the hash ”h]”j£)”}”(hŒLength of the hash”h]”hŒLength of the hash”…””}”(hjeh!jcubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM$h!j_ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!j÷ubj£)”}”(hŒMThe hash will be represented by the DER encoding of the following ASN.1 type:”h]”hŒMThe hash will be represented by the DER encoding of the following ASN.1 type:”…””}”(hjh!j}ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM&h!j÷ubj@)”}”(hŒgDigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest }”h]”hŒgDigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest }”…””}”(hhh!j‹ubah"}”(h$]”h&]”h+]”h-]”h/]”jOjPuh1j?hAj¡hCM+h!j÷ubj£)”}”(hŒóThis ASN.1 structure makes it possible to remove any assumption about the type of hash algorithm used as this information accompanies the hash. This should allow the Cryptography Library (CL) to support multiple hash algorithm implementations.”h]”hŒóThis ASN.1 structure makes it possible to remove any assumption about the type of hash algorithm used as this information accompanies the hash. This should allow the Cryptography Library (CL) to support multiple hash algorithm implementations.”…””}”(hj›h!j™ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM0h!j÷ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jôhhhAj¡hCNubj¸)”}”(hX;Digital Signature Parameters: #. A pointer to data to sign #. Length of the data #. Public Key Algorithm #. Public Key value #. Digital Signature Algorithm #. Digital Signature value The Public Key parameters will be represented by the DER encoding of the following ASN.1 type: :: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier{PUBLIC-KEY,{PublicKeyAlgorithms}}, subjectPublicKey BIT STRING } The Digital Signature Algorithm will be represented by the DER encoding of the following ASN.1 types. :: AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE { algorithm ALGORITHM.&id({IOSet}), parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL } The digital signature will be represented by: :: signature ::= BIT STRING ”•h]”(j£)”}”(hŒDigital Signature”h]”hŒDigital Signature”…””}”(hj³h!j±ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM5h!jubj£)”}”(hŒParameters:”h]”hŒParameters:”…””}”(hjÁh!j¿ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM7h!jubj³)”}”(hhh]”(j¸)”}”(hŒA pointer to data to sign”h]”j£)”}”(hjÒh]”hŒA pointer to data to sign”…””}”(hjÒh!jÔubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM9h!jÐubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÍubj¸)”}”(hŒLength of the data”h]”j£)”}”(hjéh]”hŒLength of the data”…””}”(hjéh!jëubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM:h!jçubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÍubj¸)”}”(hŒPublic Key Algorithm”h]”j£)”}”(hjh]”hŒPublic Key Algorithm”…””}”(hjh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM;h!jþubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÍubj¸)”}”(hŒPublic Key value”h]”j£)”}”(hjh]”hŒPublic Key value”…””}”(hjh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jCubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÍubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!jubj£)”}”(hŒ^The Public Key parameters will be represented by the DER encoding of the following ASN.1 type:”h]”hŒ^The Public Key parameters will be represented by the DER encoding of the following ASN.1 type:”…””}”(hjch!jaubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM@h!jubj@)”}”(hŒ—SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier{PUBLIC-KEY,{PublicKeyAlgorithms}}, subjectPublicKey BIT STRING }”h]”hŒ—SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier{PUBLIC-KEY,{PublicKeyAlgorithms}}, subjectPublicKey BIT STRING }”…””}”(hhh!joubah"}”(h$]”h&]”h+]”h-]”h/]”jOjPuh1j?hAj¡hCMEh!jubj£)”}”(hŒeThe Digital Signature Algorithm will be represented by the DER encoding of the following ASN.1 types.”h]”hŒeThe Digital Signature Algorithm will be represented by the DER encoding of the following ASN.1 types.”…””}”(hjh!j}ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMIh!jubj@)”}”(hŒ©AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE { algorithm ALGORITHM.&id({IOSet}), parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL }”h]”hŒ©AlgorithmIdentifier {ALGORITHM:IOSet } ::= SEQUENCE { algorithm ALGORITHM.&id({IOSet}), parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL }”…””}”(hhh!j‹ubah"}”(h$]”h&]”h+]”h-]”h/]”jOjPuh1j?hAj¡hCMNh!jubj£)”}”(hŒ-The digital signature will be represented by:”h]”hŒ-The digital signature will be represented by:”…””}”(hj›h!j™ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMSh!jubj@)”}”(hŒsignature ::= BIT STRING”h]”hŒsignature ::= BIT STRING”…””}”(hhh!j§ubah"}”(h$]”h&]”h+]”h-]”h/]”jOjPuh1j?hAj¡hCMWh!jubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jôhhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!jhhhAj¡hCMubj£)”}”(hŒtThe authentication framework will use the image descriptor to extract all the information related to authentication.”h]”hŒtThe authentication framework will use the image descriptor to extract all the information related to authentication.”…””}”(hjÃh!jÁhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMYh!jhhubeh"}”(h$]”Œauthentication-methods”ah&]”h+]”Œauthentication methods”ah-]”h/]”uh1jŒh!j_hhhAj¡hCMubeh"}”(h$]”Œframework-design”ah&]”h+]”Œframework design”ah-]”h/]”uh1jŒh!jŽhhhAj¡hCKBubj)”}”(hhh]”(j’)”}”(hŒSpecifying a Chain of Trust”h]”hŒSpecifying a Chain of Trust”…””}”(hjäh!jâhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jßhhhAj¡hCM]ubj£)”}”(hXA CoT can be described as a set of image descriptors linked together in a particular order. The order dictates the sequence in which they must be verified. Each image has a set of properties which allow the AM to verify it. These properties are described below.”h]”hXA CoT can be described as a set of image descriptors linked together in a particular order. The order dictates the sequence in which they must be verified. Each image has a set of properties which allow the AM to verify it. These properties are described below.”…””}”(hjòh!jðhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM_h!jßhhubj£)”}”(hŒÆThe PP is responsible for defining a single or multiple CoTs for a data image. Unless otherwise specified, the data structures described in the following sections are populated by the PP statically.”h]”hŒÆThe PP is responsible for defining a single or multiple CoTs for a data image. Unless otherwise specified, the data structures described in the following sections are populated by the PP statically.”…””}”(hjh!jþhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMdh!jßhhubj)”}”(hhh]”(j’)”}”(hŒ$Describing the image parsing methods”h]”hŒ$Describing the image parsing methods”…””}”(hjh!jhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jhhhAj¡hCMiubj£)”}”(hXÝThe parsing method refers to the format of a particular image. For example, an authentication image that represents a certificate could be in the X.509v3 format. A data image that represents a boot loader stage could be in raw binary or ELF format. The IPM supports three parsing methods. An image has to use one of the three methods described below. An IPL is responsible for interpreting a single parsing method. There has to be one IPL for every method used by the platform.”h]”hXÝThe parsing method refers to the format of a particular image. For example, an authentication image that represents a certificate could be in the X.509v3 format. A data image that represents a boot loader stage could be in raw binary or ELF format. The IPM supports three parsing methods. An image has to use one of the three methods described below. An IPL is responsible for interpreting a single parsing method. There has to be one IPL for every method used by the platform.”…””}”(hjh!jhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMkh!jhhubj³)”}”(hhh]”(j¸)”}”(hŒÊRaw format: This format is effectively a nop as an image using this method is treated as being in raw binary format e.g. boot loader images used by TF-A. This method should only be used by data images. ”h]”j£)”}”(hŒÉRaw format: This format is effectively a nop as an image using this method is treated as being in raw binary format e.g. boot loader images used by TF-A. This method should only be used by data images.”h]”hŒÉRaw format: This format is effectively a nop as an image using this method is treated as being in raw binary format e.g. boot loader images used by TF-A. This method should only be used by data images.”…””}”(hj4h!j2ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMsh!j.ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j+hhhAj¡hCNubj¸)”}”(hX\X509V3 method: This method uses industry standards like X.509 to represent PKI certificates (authentication images). It is expected that open source libraries will be available which can be used to parse an image represented by this method. Such libraries can be used to write the corresponding IPL e.g. the X.509 parsing library code in mbed TLS. ”h]”j£)”}”(hX[X509V3 method: This method uses industry standards like X.509 to represent PKI certificates (authentication images). It is expected that open source libraries will be available which can be used to parse an image represented by this method. Such libraries can be used to write the corresponding IPL e.g. the X.509 parsing library code in mbed TLS.”h]”hX[X509V3 method: This method uses industry standards like X.509 to represent PKI certificates (authentication images). It is expected that open source libraries will be available which can be used to parse an image represented by this method. Such libraries can be used to write the corresponding IPL e.g. the X.509 parsing library code in mbed TLS.”…””}”(hjLh!jJubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMwh!jFubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j+hhhAj¡hCNubj¸)”}”(hXPlatform defined method: This method caters for platform specific proprietary standards to represent authentication or data images. For example, The signature of a data image could be appended to the data image raw binary. A header could be prepended to the combined blob to specify the extents of each component. The platform will have to implement the corresponding IPL to interpret such a format. ”h]”j£)”}”(hXPlatform defined method: This method caters for platform specific proprietary standards to represent authentication or data images. For example, The signature of a data image could be appended to the data image raw binary. A header could be prepended to the combined blob to specify the extents of each component. The platform will have to implement the corresponding IPL to interpret such a format.”h]”hXPlatform defined method: This method caters for platform specific proprietary standards to represent authentication or data images. For example, The signature of a data image could be appended to the data image raw binary. A header could be prepended to the combined blob to specify the extents of each component. The platform will have to implement the corresponding IPL to interpret such a format.”…””}”(hjdh!jbubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM}h!j^ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j+hhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”j,j-j.hj/j0uh1j²h!jhhhAj¡hCMsubj£)”}”(hŒ=The following enum can be used to define these three methods.”h]”hŒ=The following enum can be used to define these three methods.”…””}”(hj~h!j|hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM„h!jhhubj@)”}”(hŒÐtypedef enum img_type_enum { IMG_RAW, /* Binary image */ IMG_PLAT, /* Platform specific format */ IMG_CERT, /* X509v3 certificate */ IMG_MAX_TYPES, } img_type_t;”h]”hŒÐtypedef enum img_type_enum { IMG_RAW, /* Binary image */ IMG_PLAT, /* Platform specific format */ IMG_CERT, /* X509v3 certificate */ IMG_MAX_TYPES, } img_type_t;”…””}”(hhh!jŠubah"}”(h$]”h&]”h+]”h-]”h/]”Œforce”‰Œhighlight_args”}”jOjPj¶j·uh1j?hAj¡hCM†h!jhhubj£)”}”(hŒhhhANhCNubh)”}”(hŒ:ref:`Trusted Board Boot`”h]”h)”}”(hjIh]”hŒTrusted Board Boot”…””}”(hhh!jKubah"}”(h$]”h&]”(h(Œstd”Œstd-ref”eh+]”h-]”h/]”uh1hh!jGubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”jUŒreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆh?Œtrusted board boot”uh1hhAj¡hCM€h!j>ubhŒ document.”…””}”(hŒ document.”h!j>hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM€h!jûhhubj£)”}”(hXÆFollowing the :ref:`Porting Guide`, a platform must provide unique identifiers for all the images and certificates that will be loaded during the boot process. If a platform is using the TBBR as a reference for trusted boot, these identifiers can be obtained from ``include/common/tbbr/tbbr_img_def.h``. Arm platforms include this file in ``include/plat/arm/common/arm_def.h``. Other platforms may also include this file or provide their own identifiers.”h]”(hŒFollowing the ”…””}”(hŒFollowing the ”h!jrhhhANhCNubh)”}”(hŒ:ref:`Porting Guide`”h]”h)”}”(hj}h]”hŒ Porting Guide”…””}”(hhh!jubah"}”(h$]”h&]”(h(Œstd”Œstd-ref”eh+]”h-]”h/]”uh1hh!j{ubah"}”(h$]”h&]”h+]”h-]”h/]”Œrefdoc”h9Œ refdomain”j‰Œreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆh?Œ porting guide”uh1hhAj¡hCM„h!jrubhŒæ, a platform must provide unique identifiers for all the images and certificates that will be loaded during the boot process. If a platform is using the TBBR as a reference for trusted boot, these identifiers can be obtained from ”…””}”(hŒæ, a platform must provide unique identifiers for all the images and certificates that will be loaded during the boot process. If a platform is using the TBBR as a reference for trusted boot, these identifiers can be obtained from ”h!jrhhhANhCNubjÜ)”}”(hŒ&``include/common/tbbr/tbbr_img_def.h``”h]”hŒ"include/common/tbbr/tbbr_img_def.h”…””}”(hhh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jrubhŒ%. Arm platforms include this file in ”…””}”(hŒ%. Arm platforms include this file in ”h!jrhhhANhCNubjÜ)”}”(hŒ%``include/plat/arm/common/arm_def.h``”h]”hŒ!include/plat/arm/common/arm_def.h”…””}”(hhh!j³ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jrubhŒN. Other platforms may also include this file or provide their own identifiers.”…””}”(hŒN. Other platforms may also include this file or provide their own identifiers.”h!jrhhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM„h!jûhhubj£)”}”(hŒœ**Important**: the authentication module uses these identifiers to index the CoT array, so the descriptors location in the array must match the identifiers.”h]”(h Œstrong”“”)”}”(hŒ **Important**”h]”hŒ Important”…””}”(hhh!jÒubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÐh!jÌubhŒ: the authentication module uses these identifiers to index the CoT array, so the descriptors location in the array must match the identifiers.”…””}”(hŒ: the authentication module uses these identifiers to index the CoT array, so the descriptors location in the array must match the identifiers.”h!jÌhhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM‹h!jûhhubj£)”}”(hŒ#Each image descriptor must specify:”h]”hŒ#Each image descriptor must specify:”…””}”(hjíh!jëhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMŽh!jûhhubjä)”}”(hhh]”(j¸)”}”(hŒN``img_id``: the corresponding image unique identifier defined by the platform.”h]”j£)”}”(hjþh]”(jÜ)”}”(hŒ ``img_id``”h]”hŒimg_id”…””}”(hhh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jubhŒD: the corresponding image unique identifier defined by the platform.”…””}”(hŒD: the corresponding image unique identifier defined by the platform.”h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMh!jüubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jùhhhAj¡hCNubj¸)”}”(hX$``img_type``: the image parser module uses the image type to call the proper parsing library to check the image integrity and extract the required authentication parameters. Three types of images are currently supported: - ``IMG_RAW``: image is a raw binary. No parsing functions are available, other than reading the whole image. - ``IMG_PLAT``: image format is platform specific. The platform may use this type for custom images not directly supported by the authentication framework. - ``IMG_CERT``: image is an x509v3 certificate. ”h]”(j£)”}”(hŒÜ``img_type``: the image parser module uses the image type to call the proper parsing library to check the image integrity and extract the required authentication parameters. Three types of images are currently supported:”h]”(jÜ)”}”(hŒ``img_type``”h]”hŒimg_type”…””}”(hhh!j*ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j&ubhŒÐ: the image parser module uses the image type to call the proper parsing library to check the image integrity and extract the required authentication parameters. Three types of images are currently supported:”…””}”(hŒÐ: the image parser module uses the image type to call the proper parsing library to check the image integrity and extract the required authentication parameters. Three types of images are currently supported:”h!j&ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM‘h!j"ubjä)”}”(hhh]”(j¸)”}”(hŒk``IMG_RAW``: image is a raw binary. No parsing functions are available, other than reading the whole image.”h]”j£)”}”(hŒk``IMG_RAW``: image is a raw binary. No parsing functions are available, other than reading the whole image.”h]”(jÜ)”}”(hŒ``IMG_RAW``”h]”hŒIMG_RAW”…””}”(hhh!jNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jJubhŒ`: image is a raw binary. No parsing functions are available, other than reading the whole image.”…””}”(hŒ`: image is a raw binary. No parsing functions are available, other than reading the whole image.”h!jJubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM•h!jFubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jCubj¸)”}”(hŒ™``IMG_PLAT``: image format is platform specific. The platform may use this type for custom images not directly supported by the authentication framework.”h]”j£)”}”(hŒ™``IMG_PLAT``: image format is platform specific. The platform may use this type for custom images not directly supported by the authentication framework.”h]”(jÜ)”}”(hŒ``IMG_PLAT``”h]”hŒIMG_PLAT”…””}”(hhh!juubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jqubhŒ: image format is platform specific. The platform may use this type for custom images not directly supported by the authentication framework.”…””}”(hŒ: image format is platform specific. The platform may use this type for custom images not directly supported by the authentication framework.”h!jqubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM—h!jmubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jCubj¸)”}”(hŒ.``IMG_CERT``: image is an x509v3 certificate. ”h]”j£)”}”(hŒ-``IMG_CERT``: image is an x509v3 certificate.”h]”(jÜ)”}”(hŒ``IMG_CERT``”h]”hŒIMG_CERT”…””}”(hhh!jœubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j˜ubhŒ!: image is an x509v3 certificate.”…””}”(hŒ!: image is an x509v3 certificate.”h!j˜ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMšh!j”ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jCubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCM•h!j"ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jùhhhANhCNubj¸)”}”(hX]``parent``: pointer to the parent image descriptor. The parent will contain the information required to authenticate the current image. If the parent is NULL, the authentication parameters will be obtained from the platform (i.e. the BL2 and Trusted Key certificates are signed with the ROT private key, whose public part is stored in the platform).”h]”j£)”}”(hX]``parent``: pointer to the parent image descriptor. The parent will contain the information required to authenticate the current image. If the parent is NULL, the authentication parameters will be obtained from the platform (i.e. the BL2 and Trusted Key certificates are signed with the ROT private key, whose public part is stored in the platform).”h]”(jÜ)”}”(hŒ ``parent``”h]”hŒparent”…””}”(hhh!jÏubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jËubhXS: pointer to the parent image descriptor. The parent will contain the information required to authenticate the current image. If the parent is NULL, the authentication parameters will be obtained from the platform (i.e. the BL2 and Trusted Key certificates are signed with the ROT private key, whose public part is stored in the platform).”…””}”(hXS: pointer to the parent image descriptor. The parent will contain the information required to authenticate the current image. If the parent is NULL, the authentication parameters will be obtained from the platform (i.e. the BL2 and Trusted Key certificates are signed with the ROT private key, whose public part is stored in the platform).”h!jËubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMœh!jÇubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jùhhhAj¡hCNubj¸)”}”(hX~``img_auth_methods``: this points to an array which defines the authentication methods that must be checked to consider an image authenticated. Each method consists of a type and a list of parameter descriptors. A parameter descriptor consists of a type and a cookie which will point to specific information required to extract that parameter from the image (i.e. if the parameter is stored in an x509v3 extension, the cookie will point to the extension OID). Depending on the method type, a different number of parameters must be specified. This pointer should not be NULL. Supported methods are: - ``AUTH_METHOD_HASH``: the hash of the image must match the hash extracted from the parent image. The following parameter descriptors must be specified: - ``data``: data to be hashed (obtained from current image) - ``hash``: reference hash (obtained from parent image) - ``AUTH_METHOD_SIG``: the image (usually a certificate) must be signed with the private key whose public part is extracted from the parent image (or the platform if the parent is NULL). The following parameter descriptors must be specified: - ``pk``: the public key (obtained from parent image) - ``sig``: the digital signature (obtained from current image) - ``alg``: the signature algorithm used (obtained from current image) - ``data``: the data to be signed (obtained from current image) ”h]”(j£)”}”(hXU``img_auth_methods``: this points to an array which defines the authentication methods that must be checked to consider an image authenticated. Each method consists of a type and a list of parameter descriptors. A parameter descriptor consists of a type and a cookie which will point to specific information required to extract that parameter from the image (i.e. if the parameter is stored in an x509v3 extension, the cookie will point to the extension OID). Depending on the method type, a different number of parameters must be specified. This pointer should not be NULL. Supported methods are:”h]”(jÜ)”}”(hŒ``img_auth_methods``”h]”hŒimg_auth_methods”…””}”(hhh!jöubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jòubhXA: this points to an array which defines the authentication methods that must be checked to consider an image authenticated. Each method consists of a type and a list of parameter descriptors. A parameter descriptor consists of a type and a cookie which will point to specific information required to extract that parameter from the image (i.e. if the parameter is stored in an x509v3 extension, the cookie will point to the extension OID). Depending on the method type, a different number of parameters must be specified. This pointer should not be NULL. Supported methods are:”…””}”(hXA: this points to an array which defines the authentication methods that must be checked to consider an image authenticated. Each method consists of a type and a list of parameter descriptors. A parameter descriptor consists of a type and a cookie which will point to specific information required to extract that parameter from the image (i.e. if the parameter is stored in an x509v3 extension, the cookie will point to the extension OID). Depending on the method type, a different number of parameters must be specified. This pointer should not be NULL. Supported methods are:”h!jòubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¡h!jîubjä)”}”(hhh]”(j¸)”}”(hX``AUTH_METHOD_HASH``: the hash of the image must match the hash extracted from the parent image. The following parameter descriptors must be specified: - ``data``: data to be hashed (obtained from current image) - ``hash``: reference hash (obtained from parent image) ”h]”(j£)”}”(hŒ—``AUTH_METHOD_HASH``: the hash of the image must match the hash extracted from the parent image. The following parameter descriptors must be specified:”h]”(jÜ)”}”(hŒ``AUTH_METHOD_HASH``”h]”hŒAUTH_METHOD_HASH”…””}”(hhh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jubhŒƒ: the hash of the image must match the hash extracted from the parent image. The following parameter descriptors must be specified:”…””}”(hŒƒ: the hash of the image must match the hash extracted from the parent image. The following parameter descriptors must be specified:”h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¬h!jubjä)”}”(hhh]”(j¸)”}”(hŒ9``data``: data to be hashed (obtained from current image)”h]”j£)”}”(hj8h]”(jÜ)”}”(hŒ``data``”h]”hŒdata”…””}”(hhh!j=ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j:ubhŒ1: data to be hashed (obtained from current image)”…””}”(hŒ1: data to be hashed (obtained from current image)”h!j:ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM°h!j6ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j3ubj¸)”}”(hŒ6``hash``: reference hash (obtained from parent image) ”h]”j£)”}”(hŒ5``hash``: reference hash (obtained from parent image)”h]”(jÜ)”}”(hŒ``hash``”h]”hŒhash”…””}”(hhh!jdubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j`ubhŒ-: reference hash (obtained from parent image)”…””}”(hŒ-: reference hash (obtained from parent image)”h!j`ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM±h!j\ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j3ubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCM°h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jubj¸)”}”(hXð``AUTH_METHOD_SIG``: the image (usually a certificate) must be signed with the private key whose public part is extracted from the parent image (or the platform if the parent is NULL). The following parameter descriptors must be specified: - ``pk``: the public key (obtained from parent image) - ``sig``: the digital signature (obtained from current image) - ``alg``: the signature algorithm used (obtained from current image) - ``data``: the data to be signed (obtained from current image) ”h]”(j£)”}”(hŒï``AUTH_METHOD_SIG``: the image (usually a certificate) must be signed with the private key whose public part is extracted from the parent image (or the platform if the parent is NULL). The following parameter descriptors must be specified:”h]”(jÜ)”}”(hŒ``AUTH_METHOD_SIG``”h]”hŒAUTH_METHOD_SIG”…””}”(hhh!j—ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j“ubhŒÜ: the image (usually a certificate) must be signed with the private key whose public part is extracted from the parent image (or the platform if the parent is NULL). The following parameter descriptors must be specified:”…””}”(hŒÜ: the image (usually a certificate) must be signed with the private key whose public part is extracted from the parent image (or the platform if the parent is NULL). The following parameter descriptors must be specified:”h!j“ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM³h!jubjä)”}”(hhh]”(j¸)”}”(hŒ3``pk``: the public key (obtained from parent image)”h]”j£)”}”(hjµh]”(jÜ)”}”(hŒ``pk``”h]”hŒpk”…””}”(hhh!jºubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j·ubhŒ-: the public key (obtained from parent image)”…””}”(hŒ-: the public key (obtained from parent image)”h!j·ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¸h!j³ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j°ubj¸)”}”(hŒ<``sig``: the digital signature (obtained from current image)”h]”j£)”}”(hjÛh]”(jÜ)”}”(hŒ``sig``”h]”hŒsig”…””}”(hhh!jàubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jÝubhŒ5: the digital signature (obtained from current image)”…””}”(hŒ5: the digital signature (obtained from current image)”h!jÝubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¹h!jÙubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j°ubj¸)”}”(hŒC``alg``: the signature algorithm used (obtained from current image)”h]”j£)”}”(hjh]”(jÜ)”}”(hŒ``alg``”h]”hŒalg”…””}”(hhh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jubhŒ<: the signature algorithm used (obtained from current image)”…””}”(hŒ<: the signature algorithm used (obtained from current image)”h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMºh!jÿubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j°ubj¸)”}”(hŒ>``data``: the data to be signed (obtained from current image) ”h]”j£)”}”(hŒ=``data``: the data to be signed (obtained from current image)”h]”(jÜ)”}”(hŒ``data``”h]”hŒdata”…””}”(hhh!j-ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j)ubhŒ5: the data to be signed (obtained from current image)”…””}”(hŒ5: the data to be signed (obtained from current image)”h!j)ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM»h!j%ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!j°ubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCM¸h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCM¬h!jîubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jùhhhANhCNubj¸)”}”(hXg``authenticated_data``: this array pointer indicates what authentication parameters must be extracted from an image once it has been authenticated. Each parameter consists of a parameter descriptor and the buffer address/size to store the parameter. The CoT is responsible for allocating the required memory to store the parameters. This pointer may be NULL. ”h]”j£)”}”(hXf``authenticated_data``: this array pointer indicates what authentication parameters must be extracted from an image once it has been authenticated. Each parameter consists of a parameter descriptor and the buffer address/size to store the parameter. The CoT is responsible for allocating the required memory to store the parameters. This pointer may be NULL.”h]”(jÜ)”}”(hŒ``authenticated_data``”h]”hŒauthenticated_data”…””}”(hhh!jlubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jhubhXP: this array pointer indicates what authentication parameters must be extracted from an image once it has been authenticated. Each parameter consists of a parameter descriptor and the buffer address/size to store the parameter. The CoT is responsible for allocating the required memory to store the parameters. This pointer may be NULL.”…””}”(hXP: this array pointer indicates what authentication parameters must be extracted from an image once it has been authenticated. Each parameter consists of a parameter descriptor and the buffer address/size to store the parameter. The CoT is responsible for allocating the required memory to store the parameters. This pointer may be NULL.”h!jhubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM½h!jdubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jùhhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCMh!jûh•¯hubj£)”}”(hX’In the ``tbbr_cot*.c`` file, a set of buffers are allocated to store the parameters extracted from the certificates. In the case of the TBBR CoT, these parameters are hashes and public keys. In DER format, an RSA-4096 public key requires 550 bytes, and a hash requires 51 bytes. Depending on the CoT and the authentication process, some of the buffers may be reused at different stages during the boot.”h]”(hŒIn the ”…””}”(hŒIn the ”h!j‘hhhANhCNubjÜ)”}”(hŒ``tbbr_cot*.c``”h]”hŒtbbr_cot*.c”…””}”(hhh!jšubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j‘ubhX| file, a set of buffers are allocated to store the parameters extracted from the certificates. In the case of the TBBR CoT, these parameters are hashes and public keys. In DER format, an RSA-4096 public key requires 550 bytes, and a hash requires 51 bytes. Depending on the CoT and the authentication process, some of the buffers may be reused at different stages during the boot.”…””}”(hX| file, a set of buffers are allocated to store the parameters extracted from the certificates. In the case of the TBBR CoT, these parameters are hashes and public keys. In DER format, an RSA-4096 public key requires 550 bytes, and a hash requires 51 bytes. Depending on the CoT and the authentication process, some of the buffers may be reused at different stages during the boot.”h!j‘hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMÃh!jûhhubj£)”}”(hŒ”Next in that file, the parameter descriptors are defined. These descriptors will be used to extract the parameter data from the corresponding image.”h]”hŒ”Next in that file, the parameter descriptors are defined. These descriptors will be used to extract the parameter data from the corresponding image.”…””}”(hjµh!j³hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMÉh!jûhhubj)”}”(hhh]”(j’)”}”(hŒ Example: the BL31 Chain of Trust”h]”hŒ Example: the BL31 Chain of Trust”…””}”(hjÆh!jÄhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jÁhhhAj¡hCMÍubj£)”}”(hŒ4Four image descriptors form the BL31 Chain of Trust:”h]”hŒ4Four image descriptors form the BL31 Chain of Trust:”…””}”(hjÔh!jÒhhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMÏh!jÁhhubj@)”}”(hXstatic const auth_img_desc_t trusted_key_cert = { .img_id = TRUSTED_KEY_CERT_ID, .img_type = IMG_CERT, .parent = NULL, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_SIG, .param.sig = { .pk = &subject_pk, .sig = &sig, .alg = &sig_alg, .data = &raw_data } }, [1] = { .type = AUTH_METHOD_NV_CTR, .param.nv_ctr = { .cert_nv_ctr = &trusted_nv_ctr, .plat_nv_ctr = &trusted_nv_ctr } } }, .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { [0] = { .type_desc = &trusted_world_pk, .data = { .ptr = (void *)trusted_world_pk_buf, .len = (unsigned int)PK_DER_LEN } }, [1] = { .type_desc = &non_trusted_world_pk, .data = { .ptr = (void *)non_trusted_world_pk_buf, .len = (unsigned int)PK_DER_LEN } } } }; static const auth_img_desc_t soc_fw_key_cert = { .img_id = SOC_FW_KEY_CERT_ID, .img_type = IMG_CERT, .parent = &trusted_key_cert, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_SIG, .param.sig = { .pk = &trusted_world_pk, .sig = &sig, .alg = &sig_alg, .data = &raw_data } }, [1] = { .type = AUTH_METHOD_NV_CTR, .param.nv_ctr = { .cert_nv_ctr = &trusted_nv_ctr, .plat_nv_ctr = &trusted_nv_ctr } } }, .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { [0] = { .type_desc = &soc_fw_content_pk, .data = { .ptr = (void *)content_pk_buf, .len = (unsigned int)PK_DER_LEN } } } }; static const auth_img_desc_t soc_fw_content_cert = { .img_id = SOC_FW_CONTENT_CERT_ID, .img_type = IMG_CERT, .parent = &soc_fw_key_cert, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_SIG, .param.sig = { .pk = &soc_fw_content_pk, .sig = &sig, .alg = &sig_alg, .data = &raw_data } }, [1] = { .type = AUTH_METHOD_NV_CTR, .param.nv_ctr = { .cert_nv_ctr = &trusted_nv_ctr, .plat_nv_ctr = &trusted_nv_ctr } } }, .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { [0] = { .type_desc = &soc_fw_hash, .data = { .ptr = (void *)soc_fw_hash_buf, .len = (unsigned int)HASH_DER_LEN } }, [1] = { .type_desc = &soc_fw_config_hash, .data = { .ptr = (void *)soc_fw_config_hash_buf, .len = (unsigned int)HASH_DER_LEN } } } }; static const auth_img_desc_t bl31_image = { .img_id = BL31_IMAGE_ID, .img_type = IMG_RAW, .parent = &soc_fw_content_cert, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_HASH, .param.hash = { .data = &raw_data, .hash = &soc_fw_hash } } } };”h]”hXstatic const auth_img_desc_t trusted_key_cert = { .img_id = TRUSTED_KEY_CERT_ID, .img_type = IMG_CERT, .parent = NULL, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_SIG, .param.sig = { .pk = &subject_pk, .sig = &sig, .alg = &sig_alg, .data = &raw_data } }, [1] = { .type = AUTH_METHOD_NV_CTR, .param.nv_ctr = { .cert_nv_ctr = &trusted_nv_ctr, .plat_nv_ctr = &trusted_nv_ctr } } }, .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { [0] = { .type_desc = &trusted_world_pk, .data = { .ptr = (void *)trusted_world_pk_buf, .len = (unsigned int)PK_DER_LEN } }, [1] = { .type_desc = &non_trusted_world_pk, .data = { .ptr = (void *)non_trusted_world_pk_buf, .len = (unsigned int)PK_DER_LEN } } } }; static const auth_img_desc_t soc_fw_key_cert = { .img_id = SOC_FW_KEY_CERT_ID, .img_type = IMG_CERT, .parent = &trusted_key_cert, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_SIG, .param.sig = { .pk = &trusted_world_pk, .sig = &sig, .alg = &sig_alg, .data = &raw_data } }, [1] = { .type = AUTH_METHOD_NV_CTR, .param.nv_ctr = { .cert_nv_ctr = &trusted_nv_ctr, .plat_nv_ctr = &trusted_nv_ctr } } }, .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { [0] = { .type_desc = &soc_fw_content_pk, .data = { .ptr = (void *)content_pk_buf, .len = (unsigned int)PK_DER_LEN } } } }; static const auth_img_desc_t soc_fw_content_cert = { .img_id = SOC_FW_CONTENT_CERT_ID, .img_type = IMG_CERT, .parent = &soc_fw_key_cert, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_SIG, .param.sig = { .pk = &soc_fw_content_pk, .sig = &sig, .alg = &sig_alg, .data = &raw_data } }, [1] = { .type = AUTH_METHOD_NV_CTR, .param.nv_ctr = { .cert_nv_ctr = &trusted_nv_ctr, .plat_nv_ctr = &trusted_nv_ctr } } }, .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { [0] = { .type_desc = &soc_fw_hash, .data = { .ptr = (void *)soc_fw_hash_buf, .len = (unsigned int)HASH_DER_LEN } }, [1] = { .type_desc = &soc_fw_config_hash, .data = { .ptr = (void *)soc_fw_config_hash_buf, .len = (unsigned int)HASH_DER_LEN } } } }; static const auth_img_desc_t bl31_image = { .img_id = BL31_IMAGE_ID, .img_type = IMG_RAW, .parent = &soc_fw_content_cert, .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { [0] = { .type = AUTH_METHOD_HASH, .param.hash = { .data = &raw_data, .hash = &soc_fw_hash } } } };”…””}”(hhh!jàubah"}”(h$]”h&]”h+]”h-]”h/]”Œforce”‰Œhighlight_args”}”jOjPj¶j·uh1j?hAj¡hCMÑh!jÁhhubj£)”}”(hX&The **Trusted Key certificate** is signed with the ROT private key and contains the Trusted World public key and the Non-Trusted World public key as x509v3 extensions. This must be specified in the image descriptor using the ``img_auth_methods`` and ``authenticated_data`` arrays, respectively.”h]”(hŒThe ”…””}”(hŒThe ”h!jñhhhANhCNubjÑ)”}”(hŒ**Trusted Key certificate**”h]”hŒTrusted Key certificate”…””}”(hhh!júubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÐh!jñubhŒÂ is signed with the ROT private key and contains the Trusted World public key and the Non-Trusted World public key as x509v3 extensions. This must be specified in the image descriptor using the ”…””}”(hŒÂ is signed with the ROT private key and contains the Trusted World public key and the Non-Trusted World public key as x509v3 extensions. This must be specified in the image descriptor using the ”h!jñhhhANhCNubjÜ)”}”(hŒ``img_auth_methods``”h]”hŒimg_auth_methods”…””}”(hhh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jñubhŒ and ”…””}”(hŒ and ”h!jñhhhANhCNubjÜ)”}”(hŒ``authenticated_data``”h]”hŒauthenticated_data”…””}”(hhh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jñubhŒ arrays, respectively.”…””}”(hŒ arrays, respectively.”h!jñhhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMPh!jÁhhubj£)”}”(hX:The Trusted Key certificate is authenticated by checking its digital signature using the ROTPK. Four parameters are required to check a signature: the public key, the algorithm, the signature and the data that has been signed. Therefore, four parameter descriptors must be specified with the authentication method:”h]”hX:The Trusted Key certificate is authenticated by checking its digital signature using the ROTPK. Four parameters are required to check a signature: the public key, the algorithm, the signature and the data that has been signed. Therefore, four parameter descriptors must be specified with the authentication method:”…””}”(hj;h!j9hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMUh!jÁhhubjä)”}”(hhh]”(j¸)”}”(hX“``subject_pk``: parameter descriptor of type ``AUTH_PARAM_PUB_KEY``. This type is used to extract a public key from the parent image. If the cookie is an OID, the key is extracted from the corresponding x509v3 extension. If the cookie is NULL, the subject public key is retrieved. In this case, because the parent image is NULL, the public key is obtained from the platform (this key will be the ROTPK).”h]”j£)”}”(hX“``subject_pk``: parameter descriptor of type ``AUTH_PARAM_PUB_KEY``. This type is used to extract a public key from the parent image. If the cookie is an OID, the key is extracted from the corresponding x509v3 extension. If the cookie is NULL, the subject public key is retrieved. In this case, because the parent image is NULL, the public key is obtained from the platform (this key will be the ROTPK).”h]”(jÜ)”}”(hŒ``subject_pk``”h]”hŒ subject_pk”…””}”(hhh!jRubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jNubhŒ: parameter descriptor of type ”…””}”(hŒ: parameter descriptor of type ”h!jNubjÜ)”}”(hŒ``AUTH_PARAM_PUB_KEY``”h]”hŒAUTH_PARAM_PUB_KEY”…””}”(hhh!jeubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jNubhXP. This type is used to extract a public key from the parent image. If the cookie is an OID, the key is extracted from the corresponding x509v3 extension. If the cookie is NULL, the subject public key is retrieved. In this case, because the parent image is NULL, the public key is obtained from the platform (this key will be the ROTPK).”…””}”(hXP. This type is used to extract a public key from the parent image. If the cookie is an OID, the key is extracted from the corresponding x509v3 extension. If the cookie is NULL, the subject public key is retrieved. In this case, because the parent image is NULL, the public key is obtained from the platform (this key will be the ROTPK).”h!jNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMZh!jJubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jGhhhAj¡hCNubj¸)”}”(hŒs``sig``: parameter descriptor of type ``AUTH_PARAM_SIG``. It is used to extract the signature from the certificate.”h]”j£)”}”(hŒs``sig``: parameter descriptor of type ``AUTH_PARAM_SIG``. It is used to extract the signature from the certificate.”h]”(jÜ)”}”(hŒ``sig``”h]”hŒsig”…””}”(hhh!jŒubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jˆubhŒ: parameter descriptor of type ”…””}”(hŒ: parameter descriptor of type ”h!jˆubjÜ)”}”(hŒ``AUTH_PARAM_SIG``”h]”hŒAUTH_PARAM_SIG”…””}”(hhh!jŸubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jˆubhŒ;. It is used to extract the signature from the certificate.”…””}”(hŒ;. It is used to extract the signature from the certificate.”h!jˆubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM`h!j„ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jGhhhAj¡hCNubj¸)”}”(hŒ``sig_alg``: parameter descriptor of type ``AUTH_PARAM_SIG``. It is used to extract the signature algorithm from the certificate.”h]”j£)”}”(hŒ``sig_alg``: parameter descriptor of type ``AUTH_PARAM_SIG``. It is used to extract the signature algorithm from the certificate.”h]”(jÜ)”}”(hŒ``sig_alg``”h]”hŒsig_alg”…””}”(hhh!jÆubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jÂubhŒ: parameter descriptor of type ”…””}”(hŒ: parameter descriptor of type ”h!jÂubjÜ)”}”(hŒ``AUTH_PARAM_SIG``”h]”hŒAUTH_PARAM_SIG”…””}”(hhh!jÙubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jÂubhŒE. It is used to extract the signature algorithm from the certificate.”…””}”(hŒE. It is used to extract the signature algorithm from the certificate.”h!jÂubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMbh!j¾ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jGhhhAj¡hCNubj¸)”}”(hŒ†``raw_data``: parameter descriptor of type ``AUTH_PARAM_RAW_DATA``. It is used to extract the data to be signed from the certificate. ”h]”j£)”}”(hŒ…``raw_data``: parameter descriptor of type ``AUTH_PARAM_RAW_DATA``. It is used to extract the data to be signed from the certificate.”h]”(jÜ)”}”(hŒ``raw_data``”h]”hŒraw_data”…””}”(hhh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jüubhŒ: parameter descriptor of type ”…””}”(hŒ: parameter descriptor of type ”h!jüubjÜ)”}”(hŒ``AUTH_PARAM_RAW_DATA``”h]”hŒAUTH_PARAM_RAW_DATA”…””}”(hhh!jubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jüubhŒC. It is used to extract the data to be signed from the certificate.”…””}”(hŒC. It is used to extract the data to be signed from the certificate.”h!jüubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMdh!jøubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jGhhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCMZh!jÁhhubj£)”}”(hX‘Once the signature has been checked and the certificate authenticated, the Trusted World public key needs to be extracted from the certificate. A new entry is created in the ``authenticated_data`` array for that purpose. In that entry, the corresponding parameter descriptor must be specified along with the buffer address to store the parameter value. In this case, the ``trusted_world_pk`` descriptor is used to extract the public key from an x509v3 extension with OID ``TRUSTED_WORLD_PK_OID``. The BL31 key certificate will use this descriptor as parameter in the signature authentication method. The key is stored in the ``trusted_world_pk_buf`` buffer.”h]”(hŒ®Once the signature has been checked and the certificate authenticated, the Trusted World public key needs to be extracted from the certificate. A new entry is created in the ”…””}”(hŒ®Once the signature has been checked and the certificate authenticated, the Trusted World public key needs to be extracted from the certificate. A new entry is created in the ”h!j8hhhANhCNubjÜ)”}”(hŒ``authenticated_data``”h]”hŒauthenticated_data”…””}”(hhh!jAubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j8ubhŒ¯ array for that purpose. In that entry, the corresponding parameter descriptor must be specified along with the buffer address to store the parameter value. In this case, the ”…””}”(hŒ¯ array for that purpose. In that entry, the corresponding parameter descriptor must be specified along with the buffer address to store the parameter value. In this case, the ”h!j8hhhANhCNubjÜ)”}”(hŒ``trusted_world_pk``”h]”hŒtrusted_world_pk”…””}”(hhh!jTubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j8ubhŒP descriptor is used to extract the public key from an x509v3 extension with OID ”…””}”(hŒP descriptor is used to extract the public key from an x509v3 extension with OID ”h!j8hhhANhCNubjÜ)”}”(hŒ``TRUSTED_WORLD_PK_OID``”h]”hŒTRUSTED_WORLD_PK_OID”…””}”(hhh!jgubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j8ubhŒ‚. The BL31 key certificate will use this descriptor as parameter in the signature authentication method. The key is stored in the ”…””}”(hŒ‚. The BL31 key certificate will use this descriptor as parameter in the signature authentication method. The key is stored in the ”h!j8hhhANhCNubjÜ)”}”(hŒ``trusted_world_pk_buf``”h]”hŒtrusted_world_pk_buf”…””}”(hhh!jzubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j8ubhŒ buffer.”…””}”(hŒ buffer.”h!j8hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMgh!jÁhhubj£)”}”(hXòThe **BL31 Key certificate** is authenticated by checking its digital signature using the Trusted World public key obtained previously from the Trusted Key certificate. In the image descriptor, we specify a single authentication method by signature whose public key is the ``trusted_world_pk``. Once this certificate has been authenticated, we have to extract the BL31 public key, stored in the extension specified by ``soc_fw_content_pk``. This key will be copied to the ``content_pk_buf`` buffer.”h]”(hŒThe ”…””}”(hŒThe ”h!j“hhhANhCNubjÑ)”}”(hŒ**BL31 Key certificate**”h]”hŒBL31 Key certificate”…””}”(hhh!jœubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÐh!j“ubhŒõ is authenticated by checking its digital signature using the Trusted World public key obtained previously from the Trusted Key certificate. In the image descriptor, we specify a single authentication method by signature whose public key is the ”…””}”(hŒõ is authenticated by checking its digital signature using the Trusted World public key obtained previously from the Trusted Key certificate. In the image descriptor, we specify a single authentication method by signature whose public key is the ”h!j“hhhANhCNubjÜ)”}”(hŒ``trusted_world_pk``”h]”hŒtrusted_world_pk”…””}”(hhh!j¯ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j“ubhŒ}. Once this certificate has been authenticated, we have to extract the BL31 public key, stored in the extension specified by ”…””}”(hŒ}. Once this certificate has been authenticated, we have to extract the BL31 public key, stored in the extension specified by ”h!j“hhhANhCNubjÜ)”}”(hŒ``soc_fw_content_pk``”h]”hŒsoc_fw_content_pk”…””}”(hhh!jÂubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j“ubhŒ!. This key will be copied to the ”…””}”(hŒ!. This key will be copied to the ”h!j“hhhANhCNubjÜ)”}”(hŒ``content_pk_buf``”h]”hŒcontent_pk_buf”…””}”(hhh!jÕubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j“ubhŒ buffer.”…””}”(hŒ buffer.”h!j“hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMqh!jÁhhubj£)”}”(hX’The **BL31 certificate** is authenticated by checking its digital signature using the BL31 public key obtained previously from the BL31 Key certificate. We specify the authentication method using ``soc_fw_content_pk`` as public key. After authentication, we need to extract the BL31 hash, stored in the extension specified by ``soc_fw_hash``. This hash will be copied to the ``soc_fw_hash_buf`` buffer.”h]”(hŒThe ”…””}”(hŒThe ”h!jîhhhANhCNubjÑ)”}”(hŒ**BL31 certificate**”h]”hŒBL31 certificate”…””}”(hhh!j÷ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÐh!jîubhŒ¬ is authenticated by checking its digital signature using the BL31 public key obtained previously from the BL31 Key certificate. We specify the authentication method using ”…””}”(hŒ¬ is authenticated by checking its digital signature using the BL31 public key obtained previously from the BL31 Key certificate. We specify the authentication method using ”h!jîhhhANhCNubjÜ)”}”(hŒ``soc_fw_content_pk``”h]”hŒsoc_fw_content_pk”…””}”(hhh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jîubhŒm as public key. After authentication, we need to extract the BL31 hash, stored in the extension specified by ”…””}”(hŒm as public key. After authentication, we need to extract the BL31 hash, stored in the extension specified by ”h!jîhhhANhCNubjÜ)”}”(hŒ``soc_fw_hash``”h]”hŒsoc_fw_hash”…””}”(hhh!j ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jîubhŒ". This hash will be copied to the ”…””}”(hŒ". This hash will be copied to the ”h!jîhhhANhCNubjÜ)”}”(hŒ``soc_fw_hash_buf``”h]”hŒsoc_fw_hash_buf”…””}”(hhh!j0 ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jîubhŒ buffer.”…””}”(hŒ buffer.”h!jîhhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMyh!jÁhhubj£)”}”(hXjThe **BL31 image** is authenticated by calculating its hash and matching it with the hash obtained from the BL31 certificate. The image descriptor contains a single authentication method by hash. The parameters to the hash method are the reference hash, ``soc_fw_hash``, and the data to be hashed. In this case, it is the whole image, so we specify ``raw_data``.”h]”(hŒThe ”…””}”(hŒThe ”h!jI hhhANhCNubjÑ)”}”(hŒ**BL31 image**”h]”hŒ BL31 image”…””}”(hhh!jR ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÐh!jI ubhŒì is authenticated by calculating its hash and matching it with the hash obtained from the BL31 certificate. The image descriptor contains a single authentication method by hash. The parameters to the hash method are the reference hash, ”…””}”(hŒì is authenticated by calculating its hash and matching it with the hash obtained from the BL31 certificate. The image descriptor contains a single authentication method by hash. The parameters to the hash method are the reference hash, ”h!jI hhhANhCNubjÜ)”}”(hŒ``soc_fw_hash``”h]”hŒsoc_fw_hash”…””}”(hhh!je ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jI ubhŒP, and the data to be hashed. In this case, it is the whole image, so we specify ”…””}”(hŒP, and the data to be hashed. In this case, it is the whole image, so we specify ”h!jI hhhANhCNubjÜ)”}”(hŒ``raw_data``”h]”hŒraw_data”…””}”(hhh!jx ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jI ubhŒ.”…””}”(hj0h!jI hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM€h!jÁhhubeh"}”(h$]”Œexample-the-bl31-chain-of-trust”ah&]”h+]”Œ example: the bl31 chain of trust”ah-]”h/]”uh1jŒh!jûhhhAj¡hCMÍubeh"}”(h$]”Œthe-tbbr-cot”ah&]”h+]”Œthe tbbr cot”ah-]”h/]”uh1jŒh!jÜhhhAj¡hCMlubj)”}”(hhh]”(j’)”}”(hŒThe image parser library”h]”hŒThe image parser library”…””}”(hj¥ h!j£ hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!j hhhAj¡hCM‡ubj£)”}”(hXThe image parser module relies on libraries to check the image integrity and extract the authentication parameters. The number and type of parser libraries depend on the images used in the CoT. Raw images do not need a library, so only an x509v3 library is required for the TBBR CoT.”h]”hXThe image parser module relies on libraries to check the image integrity and extract the authentication parameters. The number and type of parser libraries depend on the images used in the CoT. Raw images do not need a library, so only an x509v3 library is required for the TBBR CoT.”…””}”(hj³ h!j± hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM‰h!j hhubj£)”}”(hŒ¤Arm platforms will use an x509v3 library based on mbed TLS. This library may be found in ``drivers/auth/mbedtls/mbedtls_x509_parser.c``. It exports three functions:”h]”(hŒYArm platforms will use an x509v3 library based on mbed TLS. This library may be found in ”…””}”(hŒYArm platforms will use an x509v3 library based on mbed TLS. This library may be found in ”h!j¿ hhhANhCNubjÜ)”}”(hŒ.``drivers/auth/mbedtls/mbedtls_x509_parser.c``”h]”hŒ*drivers/auth/mbedtls/mbedtls_x509_parser.c”…””}”(hhh!jÈ ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j¿ ubhŒ. It exports three functions:”…””}”(hŒ. It exports three functions:”h!j¿ hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMŽh!j hhubj@)”}”(hŒñvoid init(void); int check_integrity(void *img, unsigned int img_len); int get_auth_param(const auth_param_type_desc_t *type_desc, void *img, unsigned int img_len, void **param, unsigned int *param_len);”h]”hŒñvoid init(void); int check_integrity(void *img, unsigned int img_len); int get_auth_param(const auth_param_type_desc_t *type_desc, void *img, unsigned int img_len, void **param, unsigned int *param_len);”…””}”(hhh!já ubah"}”(h$]”h&]”h+]”h-]”h/]”Œforce”‰Œhighlight_args”}”jOjPj¶j·uh1j?hAj¡hCM’h!j hhubj£)”}”(hŒéThe library is registered in the framework using the macro ``REGISTER_IMG_PARSER_LIB()``. Each time the image parser module needs to access an image of type ``IMG_CERT``, it will call the corresponding function exported in this file.”h]”(hŒ;The library is registered in the framework using the macro ”…””}”(hŒ;The library is registered in the framework using the macro ”h!jò hhhANhCNubjÜ)”}”(hŒ``REGISTER_IMG_PARSER_LIB()``”h]”hŒREGISTER_IMG_PARSER_LIB()”…””}”(hhh!jû ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jò ubhŒE. Each time the image parser module needs to access an image of type ”…””}”(hŒE. Each time the image parser module needs to access an image of type ”h!jò hhhANhCNubjÜ)”}”(hŒ``IMG_CERT``”h]”hŒIMG_CERT”…””}”(hhh!j!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jò ubhŒ@, it will call the corresponding function exported in this file.”…””}”(hŒ@, it will call the corresponding function exported in this file.”h!jò hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMšh!j hhubj£)”}”(hŒThe build system must be updated to include the corresponding library and mbed TLS sources. Arm platforms use the ``arm_common.mk`` file to pull the sources.”h]”(hŒrThe build system must be updated to include the corresponding library and mbed TLS sources. Arm platforms use the ”…””}”(hŒrThe build system must be updated to include the corresponding library and mbed TLS sources. Arm platforms use the ”h!j'!hhhANhCNubjÜ)”}”(hŒ``arm_common.mk``”h]”hŒ arm_common.mk”…””}”(hhh!j0!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j'!ubhŒ file to pull the sources.”…””}”(hŒ file to pull the sources.”h!j'!hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMŸh!j hhubeh"}”(h$]”Œthe-image-parser-library”ah&]”h+]”Œthe image parser library”ah-]”h/]”uh1jŒh!jÜhhhAj¡hCM‡ubj)”}”(hhh]”(j’)”}”(hŒThe cryptographic library”h]”hŒThe cryptographic library”…””}”(hjV!h!jT!hhhANhCNubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j‘h!jQ!hhhAj¡hCM¤ubj£)”}”(hXqThe cryptographic module relies on a library to perform the required operations, i.e. verify a hash or a digital signature. Arm platforms will use a library based on mbed TLS, which can be found in ``drivers/auth/mbedtls/mbedtls_crypto.c``. This library is registered in the authentication framework using the macro ``REGISTER_CRYPTO_LIB()`` and exports four functions:”h]”(hŒÆThe cryptographic module relies on a library to perform the required operations, i.e. verify a hash or a digital signature. Arm platforms will use a library based on mbed TLS, which can be found in ”…””}”(hŒÆThe cryptographic module relies on a library to perform the required operations, i.e. verify a hash or a digital signature. Arm platforms will use a library based on mbed TLS, which can be found in ”h!jb!hhhANhCNubjÜ)”}”(hŒ)``drivers/auth/mbedtls/mbedtls_crypto.c``”h]”hŒ%drivers/auth/mbedtls/mbedtls_crypto.c”…””}”(hhh!jk!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jb!ubhŒM. This library is registered in the authentication framework using the macro ”…””}”(hŒM. This library is registered in the authentication framework using the macro ”h!jb!hhhANhCNubjÜ)”}”(hŒ``REGISTER_CRYPTO_LIB()``”h]”hŒREGISTER_CRYPTO_LIB()”…””}”(hhh!j~!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jb!ubhŒ and exports four functions:”…””}”(hŒ and exports four functions:”h!jb!hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¦h!jQ!hhubj@)”}”(hX•void init(void); int verify_signature(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); int verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, size_t len, const void *key, unsigned int key_len, unsigned int key_flags, const void *iv, unsigned int iv_len, const void *tag, unsigned int tag_len)”h]”hX•void init(void); int verify_signature(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); int verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, size_t len, const void *key, unsigned int key_len, unsigned int key_flags, const void *iv, unsigned int iv_len, const void *tag, unsigned int tag_len)”…””}”(hhh!j—!ubah"}”(h$]”h&]”h+]”h-]”h/]”Œforce”‰Œhighlight_args”}”jOjPj¶j·uh1j?hAj¡hCMh!jQ!hhubj£)”}”(hŒ}The mbedTLS library algorithm support is configured by both the ``TF_MBEDTLS_KEY_ALG`` and ``TF_MBEDTLS_KEY_SIZE`` variables.”h]”(hŒ@The mbedTLS library algorithm support is configured by both the ”…””}”(hŒ@The mbedTLS library algorithm support is configured by both the ”h!j¨!hhhANhCNubjÜ)”}”(hŒ``TF_MBEDTLS_KEY_ALG``”h]”hŒTF_MBEDTLS_KEY_ALG”…””}”(hhh!j±!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j¨!ubhŒ and ”…””}”(hŒ and ”h!j¨!hhhANhCNubjÜ)”}”(hŒ``TF_MBEDTLS_KEY_SIZE``”h]”hŒTF_MBEDTLS_KEY_SIZE”…””}”(hhh!jÄ!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j¨!ubhŒ variables.”…””}”(hŒ variables.”h!j¨!hhhANhCNubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¼h!jQ!hhubjä)”}”(hhh]”(j¸)”}”(hX*``TF_MBEDTLS_KEY_ALG`` can take in 3 values: `rsa`, `ecdsa` or `rsa+ecdsa`. This variable allows the Makefile to include the corresponding sources in the build for the various algorithms. Setting the variable to `rsa+ecdsa` enables support for both rsa and ecdsa algorithms in the mbedTLS library. ”h]”j£)”}”(hX)``TF_MBEDTLS_KEY_ALG`` can take in 3 values: `rsa`, `ecdsa` or `rsa+ecdsa`. This variable allows the Makefile to include the corresponding sources in the build for the various algorithms. Setting the variable to `rsa+ecdsa` enables support for both rsa and ecdsa algorithms in the mbedTLS library.”h]”(jÜ)”}”(hŒ``TF_MBEDTLS_KEY_ALG``”h]”hŒTF_MBEDTLS_KEY_ALG”…””}”(hhh!jè!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jä!ubhŒ can take in 3 values: ”…””}”(hŒ can take in 3 values: ”h!jä!ubh Œtitle_reference”“”)”}”(hŒ`rsa`”h]”hŒrsa”…””}”(hhh!jý!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jû!h!jä!ubhŒ, ”…””}”(hŒ, ”h!jä!ubjü!)”}”(hŒ`ecdsa`”h]”hŒecdsa”…””}”(hhh!j"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jû!h!jä!ubhŒ or ”…””}”(hŒ or ”h!jä!ubjü!)”}”(hŒ`rsa+ecdsa`”h]”hŒ rsa+ecdsa”…””}”(hhh!j#"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jû!h!jä!ubhŒŠ. This variable allows the Makefile to include the corresponding sources in the build for the various algorithms. Setting the variable to ”…””}”(hŒŠ. This variable allows the Makefile to include the corresponding sources in the build for the various algorithms. Setting the variable to ”h!jä!ubjü!)”}”(hŒ`rsa+ecdsa`”h]”hŒ rsa+ecdsa”…””}”(hhh!j6"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jû!h!jä!ubhŒJ enables support for both rsa and ecdsa algorithms in the mbedTLS library.”…””}”(hŒJ enables support for both rsa and ecdsa algorithms in the mbedTLS library.”h!jä!ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCM¿h!jà!ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÝ!hhhAj¡hCNubj¸)”}”(hŒq``TF_MBEDTLS_KEY_SIZE`` sets the supported RSA key size for TFA. Valid values include 1024, 2048, 3072 and 4096. ”h]”j£)”}”(hŒp``TF_MBEDTLS_KEY_SIZE`` sets the supported RSA key size for TFA. Valid values include 1024, 2048, 3072 and 4096.”h]”(jÜ)”}”(hŒ``TF_MBEDTLS_KEY_SIZE``”h]”hŒTF_MBEDTLS_KEY_SIZE”…””}”(hhh!j]"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!jY"ubhŒY sets the supported RSA key size for TFA. Valid values include 1024, 2048, 3072 and 4096.”…””}”(hŒY sets the supported RSA key size for TFA. Valid values include 1024, 2048, 3072 and 4096.”h!jY"ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMÄh!jU"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÝ!hhhAj¡hCNubj¸)”}”(hŒ~``TF_MBEDTLS_USE_AES_GCM`` enables the authenticated decryption support based on AES-GCM algorithm. Valid values are 0 and 1. ”h]”j£)”}”(hŒ}``TF_MBEDTLS_USE_AES_GCM`` enables the authenticated decryption support based on AES-GCM algorithm. Valid values are 0 and 1.”h]”(jÜ)”}”(hŒ``TF_MBEDTLS_USE_AES_GCM``”h]”hŒTF_MBEDTLS_USE_AES_GCM”…””}”(hhh!j„"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j€"ubhŒc enables the authenticated decryption support based on AES-GCM algorithm. Valid values are 0 and 1.”…””}”(hŒc enables the authenticated decryption support based on AES-GCM algorithm. Valid values are 0 and 1.”h!j€"ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMÇh!j|"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j·h!jÝ!hhhAj¡hCNubeh"}”(h$]”h&]”h+]”h-]”h/]”jjuh1jãhAj¡hCM¿h!jQ!hhubh Œnote”“”)”}”(hŒæIf code size is a concern, the build option ``MBEDTLS_SHA256_SMALLER`` can be defined in the platform Makefile. It will make mbed TLS use an implementation of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%).”h]”j£)”}”(hŒæIf code size is a concern, the build option ``MBEDTLS_SHA256_SMALLER`` can be defined in the platform Makefile. It will make mbed TLS use an implementation of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%).”h]”(hŒ,If code size is a concern, the build option ”…””}”(hŒ,If code size is a concern, the build option ”h!j¯"ubjÜ)”}”(hŒ``MBEDTLS_SHA256_SMALLER``”h]”hŒMBEDTLS_SHA256_SMALLER”…””}”(hhh!j¸"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jÛh!j¯"ubhŒ can be defined in the platform Makefile. It will make mbed TLS use an implementation of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%).”…””}”(hŒ can be defined in the platform Makefile. It will make mbed TLS use an implementation of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%).”h!j¯"ubeh"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMËh!j«"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j©"h!jQ!hhhAj¡hCNubh Œ transition”“”)”}”(hŒ--------------”h]”h"}”(h$]”h&]”h+]”h-]”h/]”uh1j×"hAj¡hCMÐh!jQ!hhubj£)”}”(hŒM*Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.*”h]”h Œemphasis”“”)”}”(hjå"h]”hŒKCopyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.”…””}”(hhh!jé"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1jç"h!jã"ubah"}”(h$]”h&]”h+]”h-]”h/]”uh1j¢hAj¡hCMÒh!jQ!hhubh Œtarget”“”)”}”(hŒ‡.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a”h]”h"}”(h$]”Œtbbr-client-specification”ah&]”h+]”Œtbbr-client specification”ah-]”h/]”j«j¬uh1jü"hCMh!jQ!hhhAj¡Œ referenced”Kubeh"}”(h$]”Œthe-cryptographic-library”ah&]”h+]”Œthe cryptographic library”ah-]”h/]”uh1jŒh!jÜhhhAj¡hCM¤ubeh"}”(h$]”Œimplementation-example”ah&]”h+]”Œimplementation example”ah-]”h/]”uh1jŒh!jŽhhhAj¡hCMdubeh"}”(h$]”Œ'authentication-framework-chain-of-trust”ah&]”h+]”Œ)authentication framework & chain of trust”ah-]”h/]”uh1jŒh!hhhhAj¡hCKubeh"}”(h$]”h&]”h+]”h-]”h/]”Œsource”j¡uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(j‘NŒ generator”NŒ datestamp”NŒsource_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒreport_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jF#Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”j¡Œ_destination”NŒ _config_files”]”Œpep_references”NŒpep_base_url”Œ https://www.python.org/dev/peps/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œhttps://tools.ietf.org/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œfile_insertion_enabled”ˆŒraw_enabled”KŒsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”(hHhhshKhžhvhÉh¡hôhÌjh÷jJj"jujMj jxjËj£jöjÎj!jùjLj$jwjOj¢jzjÍj¥jøjÐj#jûjNj&jyjQj¤j|jÏj§jújÒj%jýjPj(j{jSj¦j~jÑj©jüjÔj'jÿjRj*j}jUj¨j€jÓj«jþjÖj)jjTj,jjWjªj‚jÕjjjØj+jjVj.jjYj¬j„j×j¯jjÚj-jjXj0jƒj[j®j†jÙj±j jÜj/ j jZ j2 j… j] j° jˆ jÛ j³ j jÞ j1 j j\ j4 j‡ j_ j² jŠ jÝ jµ jjà j3jj^j6j‰jauŒsubstitution_names”}”(Œaarch32”hHŒaarch64”hsŒamu”hžŒamus”hÉŒapi”hôŒbti”jŒcot”juŒcss”j Œcve”jËŒdtb”jöŒds-5”j!Œdsu”jLŒdt”jwŒel”j¢Œehf”jÍŒfconf”jøŒfdt”j#Œff-a”jNŒfip”jyŒfvp”j¤Œfwu”jÏŒgic”júŒisa”j%Œlinaro”jPŒmmu”j{Œmpam”j¦Œmpmm”jÑŒmpidr”jüŒmte”j'Œoen”jRŒop-tee”j}Œote”j¨Œpdd”jÓŒpauth”jþŒpmf”j)Œpsci”jTŒras”jŒrot”jªŒscmi”jÕŒscp”jŒsdei”j+Œsds”jVŒsea”jŒsip”j×Œsmc”jŒsmccc”j-Œsoc”jXŒsp”jƒŒspd”j®Œspm”jÙŒssbs”j Œsve”j/ Œtbb”jZ Œtbbr”j… Œtee”j° Œtf-a”jÛ Œtf-m”j Œtlb”j1 Œtlk”j\ Œtrng”j‡ Œtsp”j² Œtzc”jÝ Œubsan”jŒuefi”j3Œwdog”j^Œxlat”j‰uŒrefnames”}”Œtbbr-client specification”]”jšasŒrefids”}”Œnameids”}”(j #j#jÜjÙjÙjÖj jýj~j{jÕ jÒ jjªj=j:jûjøjvjsjÔjÑjÙjÖj@j=j÷jôjíjêjÑjÎj#j#j jš j• j’ jN!jK!j#j #j#j#uŒ nametypes”}”(j #NjÜNjÙNj Nj~NjÕ NjNj=NjûNjvNjÔNjÙNj@Nj÷NjíNjÑNj#Nj Nj• NjN!Nj#Nj#ˆuh$}”(j#jŽjÙj_jÖj~jýjÜj{j jÒ j± jªjØ j:j°jøj@jsjþjÑjjÖjßj=jjôjCjêjújÎjðj#jÜjš jûj’ jÁjK!j j #jQ!j#jþ"uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒ decoration”Nhhub.