Hi,
I am testing TBB on a stm32mp157f-dk2 platform, yocto, kirkstone, sp_min version. I am wondering on the FIP package creation and singing keys.
FIP_SIGN_KEY -> is set to my private ROT key.
After unpacking the "fip.bin" into separate files i get all the needed components:
- fw-config.bin
- hw-config.bin
- nt-fw.bin
- nt-fw-cert.bin
- nt-fw-key-cert.bin
- stm32mp-cfg-cert.bin
- tb-fw-cert.bin
- tos-fw.bin
- tos-fw-cert.bin
- tos-fw-config.bin
- tos-fw-key-cert.bin
- trusted-key-cert.bin
Analyzing the all certificates (*cert.bin files) it appears, that the some of them are not signed with the ROT key, as you can see in the "public key" section of the certificate.
Analyzing deeper, looking into fip-utils-stm32mp bbclass, I could find, that the cert_create tool is using "-n" option and is generating additional key pair for signing i.e nt-fw.bin. I understand that it generates pair of TRUSTED_WORLD_KEY and NON_TRUSTED_WORLD_KEY, which are used later to follow CoT boot.
But I can't find those keys in build dir nor I can't set them for the FIP / TF-A recipe. I don't feel comfortable not having access to the private parts of the keys that sign my CoT binaries, but do I really need them ie. for some firmware update? I guess that each time I generate new FIP package, these keys are regenerated and signed again by ROT key, so they will get accepted by the BL2 if I decide to update only the FIP package. Should I be worried?
