docs: explain Measured Boot dependency on Trusted Boot
Change-Id: I04d9439d5967e93896dfdb0f3d7b0aec96c743f9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
diff --git a/Makefile b/Makefile
index 017fc65..2ec988e 100644
--- a/Makefile
+++ b/Makefile
@@ -735,6 +735,9 @@
endif
endif
+# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the
+# code taking the measurements and recording them has not been tampered
+# with. This is referred to as the Root of Trust for Measurement.
ifeq ($(MEASURED_BOOT),1)
ifneq (${TRUSTED_BOARD_BOOT},1)
$(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1)
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 99fc21d..6f60a8e 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -463,7 +463,10 @@
the build. The default value is 40 in debug builds and 20 in release builds.
- ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot
- feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set.
+ feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well
+ in order to provide trust that the code taking the measurements and recording
+ them has not been tampered with.
+
This option defaults to 0 and is an experimental feature in the stage of
development.