Lines Matching refs:certificates
32 The remaining components in the CoT are either certificates or boot loader
33 images. The certificates follow the `X.509 v3`_ standard. This standard
34 enables adding custom extensions to the certificates, which are used to store
37 In the TBB CoT all certificates are self-signed. There is no need for a
40 extensions. To sign the certificates, the PKCS#1 SHA-256 with RSA Encryption
44 The certificates are categorised as "Key" and "Content" certificates. Key
45 certificates are used to verify public keys which have been used to sign content
46 certificates. Content certificates are used to store the hash of a boot loader
50 non-standard extension fields in the `X.509 v3`_ certificates.
61 The private part is used to sign the key certificates corresponding to the
86 The following certificates are used to authenticate the images.
136 The SCP\_BL2 and BL32 certificates are optional, but they must be present if the
196 On the host machine, a tool generates the certificates, which are included in
197 the FIP along with the boot loader images. These certificates are loaded in
220 certificates (in DER format) required to establish the CoT. New keys can be
221 generated by the tool in case they are not provided. The certificates are then
224 The certificates are also stored individually in the in the output build
228 library version 1.0.1 or later to generate the X.509 certificates. Instructions