Hi,

On Tue, Jan 12, 2016 at 8:03 AM, Joakim Bech <joakim.bech@linaro.org> wrote:

Hi Amit,

On Tue, Jan 12, 2016 at 12:32:45AM +0530, Amit Kucheria wrote:
> (Adding Joakim)
>
> On Tue, Jan 12, 2016 at 12:08 AM, git git <gitfineon@online.de> wrote:
> > Hi,
> >
> > has anybody tried to activate/implement the Trusted Board Boot (TBB) feature
> > of ARM Trusted Firmware (ATF) on Hikey or any other 96Board, yet?
>
> It would be interesting to get this working but I don't think we've
> worked on it. Joakim, has anybody in the security WG tried this?
>
I'm afraid not, however we have it on the todo-list, then plan is to
deal with it in SWG-112 (Epic, and Stories, 113 to 116).

> > Minimal requirement to run TBB is GENERATE_COT, but it should be possible to
> > only generate these Certificates of Trust (CoT) and add them to the your
> > Firmware Image Package (FIP). I've already tested TBB (incl. CoT) with Juno
> > DevBoard and it worked fine. The 96Boards repository does not mention TBB
> > anywhere.
>
I think ARM introduced the authenticated framework somewhere after they
released v1.1, could it be that simple that 96Boards ARM-TF fork lags
behind? The authenticated framework was introduced somewhere here:
https://github.com/ARM-software/arm-trusted-firmware/commits/d337aaaf53ef27897f52e66718a2741399c8a021

Above is dated 2015/6/16

Hikey branch forked here:
https://github.com/96boards/arm-trusted-firmware/commits/hikey?page=5
https://github.com/96boards/arm-trusted-firmware/commit/68fc81743e8671312a98c364ba2b0d69429cf4c6

dated 2015/2/15, so seems like it is behind.

I believe work is ongoing to rebase on something newer, but don't have any more info about it.

hth

> > But also in Hikey branch it is possible to set the GENERATE_COT
> > flag and the *.crt files get generated.

--
Regards,
Joakim B

_______________________________________________
Dev mailing list
Dev@lists.96boards.org
https://lists.96boards.org/mailman/listinfo/dev