1Trusted Boot Firmware Configuration bindings
2============================================
3
4This document defines the nodes and properties used to define the Trusted-Boot
5firmware configuration. Platform owners are advised to define shared bindings
6here. If a binding does not generalize, they should be documented
7alongside platform documentation. There is no guarantee of backward
8compatibility with the nodes and properties outlined in this context.
9
10Trusted Boot Firmware Configuration
11-----------------------------------
12
13- compatible [mandatory]
14   - value type: <string>
15   - Should be the string ``"<plat>,tb_fw"``, where ``<plat>`` is the name of the
16     platform (i.e. ``"arm,tb_fw"``).
17
18- disable_auth [mandatory]
19   - value type: <u32>
20   - Flag used to dynamically disable authentication for development purposes.
21     Has two possible values: 0 or 1. Setting the flag to 1 disables
22     authentication.
23
24- mbedtls_heap_addr [mandatory]
25   - value type: <u64>
26   - Base address of the dynamically allocated Mbed TLS heap. This is given as a placeholder.
27
28- mbedtls_heap_size [mandatory]
29   - value type: <u32>
30   - Size of the Mbed TLS heap.
31
32IO FIP Handles
33--------------
34
35- compatible [mandatory]
36   - value type: <string>
37   - Should be the string ``"<plat>,io-fip-handle"``, where ``<plat>`` is the name of the
38     platform (i.e. ``"arm,io-fip-handle"``).
39
40- scp_bl2_uuid [mandatory]
41   - value type: <string>
42   - SCP Firmware SCP_BL2 UUID
43
44- bl31_uuid [mandatory]
45   - value type: <string>
46   - EL3 Runtime Firmware BL31 UUID
47
48- bl32_uuid [mandatory]
49   - value type: <string>
50   - Secure Payload BL32 (Trusted OS) UUID
51
52- bl32_extra1_uuid [mandatory]
53   - value type: <string>
54   - Secure Payload BL32_EXTRA1 (Trusted OS Extra1) UUID
55
56- bl32_extra2_uuid [mandatory]
57   - value type: <string>
58   - Secure Payload BL32_EXTRA2 (Trusted OS Extra2) UUID
59
60- bl33_uuid [mandatory]
61   - value type: <string>
62   - Non-Trusted Firmware BL33 UUID
63
64- hw_cfg_uuid [mandatory]
65   - value type: <string>
66   - HW_CONFIG (e.g. Kernel DT) UUID
67
68- soc_fw_cfg_uuid [mandatory]
69   - value type: <string>
70   - SOC Firmware Configuration SOC_FW_CONFIG UUID
71
72- tos_fw_cfg_uuid [mandatory]
73   - value type: <string>
74   - Trusted OS Firmware Configuration TOS_FW_CONFIG UUID
75
76- nt_fw_cfg_uuid [mandatory]
77   - value type: <string>
78   - Non-Trusted Firmware Configuration NT_FW_CONFIG UUID
79
80- cca_cert_uuid [optional]
81   - value type: <string>
82   - CCA Content Certificate UUID
83
84- core_swd_cert_uuid [optional]
85   - value type: <string>
86   - Core SWD Key Certificate UUID
87
88- plat_cert_uuid [optional]
89   - value type: <string>
90   - Core SWD Key Certificate UUID
91
92- t_key_cert_uuid [optional]
93   - value type: <string>
94   - Trusted Key Certificate UUID
95
96- scp_fw_key_uuid [optional]
97   - value type: <string>
98   - SCP Firmware Key UUID
99
100- soc_fw_key_uuid [optional]
101   - value type: <string>
102   - SOC Firmware Key UUID
103
104- tos_fw_key_cert_uuid [optional]
105   - value type: <string>
106   - TOS Firmware Key UUID
107
108- nt_fw_key_cert_uuid [optional]
109   - value type: <string>
110   - Non-Trusted Firmware Key UUID
111
112- scp_fw_content_cert_uuid [optional]
113   - value type: <string>
114   - SCP Firmware Content Certificate UUID
115
116- soc_fw_content_cert_uuid [optional]
117   - value type: <string>
118   - SOC Firmware Content Certificate UUID
119
120- tos_fw_content_cert_uuid [optional]
121   - value type: <string>
122   - TOS Firmware Content Certificate UUID
123
124- nt_fw_content_cert_uuid [optional]
125   - value type: <string>
126   - Non-Trusted Firmware Content Certificate UUID
127
128- plat_sp_content_cert_uuid [optional]
129   - value type: <string>
130   - Platform Secure Partition Content Certificate UUID
131
132
133Secure Partitions
134-----------------
135
136- compatible [mandatory]
137   - value type: <string>
138   - Should be the string ``"<plat>,sp"``, where ``<plat>`` is the name of the
139     platform (i.e. ``"arm,sp"``).
140
141- uuid [mandatory]
142   - value type: <string>
143   - A string identifying the UUID of the service implemented by this partition.
144     The UUID format is described in RFC 4122.
145
146- load-address [mandatory]
147   - value type: <u32>
148   - Physical base address of the partition in memory. Absence of this field
149     indicates that the partition is position independent and can be loaded at
150     any address chosen at boot time.
151
152- owner [optional]
153   - value type: <string>
154   - A string property representing the name of the owner of the secure
155     partition, which may be the silicon or platform provider.
156
157--------------
158
159*Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.*
160