arm-trusted-firmware/docs/resources/diagrams/plantuml/fip-secure-partitions.puml

/'
 ' Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
 '
 ' SPDX-License-Identifier: BSD-3-Clause
 '/

@startuml

folder SP_vendor_1 {
 artifact sp_binary_1
 artifact sp_manifest_1 [
 sp_manifest_1
 ===
 UUID = xxx
 load_address = 0xaaa
 owner = "Sip"
 ...
 ]
}

folder SP_vendor_2 {
 artifact sp_binary_2
 artifact sp_manifest_2 [
 sp_manifest_2
 ===
 UUID = yyy
 load_address = 0xbbb
 owner = "Plat"
 ]
}

artifact tb_fw_config.dts [
 tb_fw_config.dts
 ----
 secure-partitions
 ===
 spkg_1 UUID
 spkg_1 load_address
 ---
 spkg_2 UUID
 spkg_2 load_address
 ---
 ...
 ===
 ...<rest of the nodes>
]

artifact config.json [
 SP_LAYOUT.json
 ===
 path to sp_binary_1
 path to sp_manifest_1
 ---
 path to sp_binary_2
 path to sp_manifest_2
 ---
 ...
]

control sp_mk_generator

artifact sp_gen [
 sp_gen.mk
 ===
 FDT_SOURCE = ...
 SPTOOL_ARGS = ...
 FIP_ARGS = ...
 CRT_ARGS = ...
]

control dtc
control sptool

artifact tb_fw_config.dtb

artifact spkg_1 [
 sp1.pkg
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
]

artifact spkg_2 [
 sp2.pkg
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
]

artifact signed_tb_fw_config.dtb [
 tb_fw_config.dtb (signed)
]

artifact signed_spkg_1 [
 sp1.pkg (signed)
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
 ---
 <i>signature</I>
]

artifact signed_spkg_2 [
 sp2.pkg (signed)
 ===
 <i>header</i>
 ---
 manifest
 ---
 binary
 ---
 <i>signature</I>
]

control crttool
control fiptool

artifact fip [
 fip.bin
 ===
 tb_fw_config.dtb (signed)
 ---
 ...
 ---
 sp1.pkg  (signed & SiP owned)
 ---
 sp2.pkg  (signed & Platform owned)
 ---
 ...
]

config.json .up.> SP_vendor_1
config.json .up.> SP_vendor_2
config.json --> sp_mk_generator
sp_mk_generator --> sp_gen
sp_gen --> fiptool
sp_gen --> cert_create
sp_gen --> sptool

sptool --> spkg_1
sptool --> spkg_2

spkg_1 --> cert_create
spkg_2 --> cert_create
cert_create --> signed_spkg_1
cert_create --> signed_spkg_2

tb_fw_config.dts --> dtc
dtc --> tb_fw_config.dtb
tb_fw_config.dtb --> cert_create
cert_create --> signed_tb_fw_config.dtb

signed_tb_fw_config.dtb --> fiptool
signed_spkg_1 -down-> fiptool
signed_spkg_2 -down-> fiptool
fiptool -down-> fip

@enduml