Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9da6cf13 authored by Andrew Scull's avatar Andrew Scull
Browse files

Remove recommentation of non-normal mode 

Only specify the requirements for `normal` DICE mode and allow vendors
to choose the non-normal mode that fits their need per the ope-dice
specification.

Add a note that RKP required `normal` mode in the DICE chain in order to
trust the device.

Test: n/a
Bug: 263144485
Change-Id: Iaaa3799c53234de61a51ebc855822b93ab3e5bb8
parent ed74a681

security/rkp/README.md

+4 −3
Original line number Diff line number Diff line
@@ -303,9 +303,10 @@ component that is being described by the certificate: 
*   debug ports, fuses or other debug facilities are disabled

*   device booted software from the normal primary source e.g. internal flash



If any of these conditions are not met then it is recommended to explicitly

acknowledge this fact by using the `debug` mode. The mode should never be `not

configured`.

The mode should never be `not configured`.



Every certificate in the DICE chain will need to be have the `normal` mode in

order to be provisioned with production certificates by RKP.



#### Configuration descriptor