mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2026-07-02 05:42:41 +00:00
Until now we have only supported describing chain of trusts through the CoT DTB with a single ROTPK so the signing key for root certificates was implicit. Therefore signing key was not a supported property in the root certificates node. Now we want to extend that to describe CoTs with mulitiple roots of trust so we need a way to specify for each root certificate with which ROTPK it should be verified. For that, we reuse the 'signing-key' property already in use for the non-root certificates, but we make it optional for root certificates in single-RoT CoTs and for root certificates signed with the default ROTPK in multi-RoT CoTs. Change-Id: I41eb6579e8f1d01eaf10480fe5e224d2eed9c736 Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>