- 12 Aug, 2020 1 commit
-
-
Manish Pandey authored
Add support to generate a certificate named "plat-sp-cert" for Secure Partitions(SP) owned by Platform. Earlier a single certificate file "sip-sp-cert" was generated which contained hash of all 8 SPs, with this change SPs are divided into two categories viz "SiP owned" and "Plat owned" containing 4 SPs each. Platform RoT key pair is used for signing. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
-
- 04 Aug, 2020 1 commit
-
-
Grant Likely authored
If the user tries to change BUILD_BASE to put the build products outside the build tree the compile will fail due to hard coded assumptions that $BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE)) to rationalize to an absolute path every time and remove the relative path assumptions. This patch also adds documentation that BUILD_BASE can be specified by the user. Signed-off-by: Grant Likely <grant.likely@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
-
- 10 Jul, 2020 2 commits
-
-
Konstantin Porotchkin authored
Change the binary image alignment from 4 to 16. The PKCS signature verification fails for unaligned images. Change-Id: Ieb08dc3ea128790f542ad93e3c948117567a65af Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
Konstantin Porotchkin authored
Replace deprecated mbedtls_sha256 with mbedtls_sha256_ret The mbedtls_pk_parse_key does not work correctly anymore with the DER buffer embedded in the secure image extentson using the buffer size as the the key length. Move to mbedtls_pk_parse_subpubkey API that handles such case correctly. The DER format already contains the key length, so there is no particular reason to supply it to the key parser. Update the doimage version to 3.3 Change-Id: I0ec5ee84b7d1505b43138e0b7a6bdba44a6702b6 Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 06 Jul, 2020 1 commit
-
-
Leonardo Sandoval authored
Querying the 'fiptool' for help or help <command> should return 0 return status (success) and not 1 (failure). In the other hand, if tool is executed with any other command (not help) where command's parameters are either missing or wrong, then the tool should return non-zero (failure). Now, the 'usage' function caller is the one that passes the return status. Change-Id: Id5eea91037cd810fb1e34a42e8199ef504f5daa4 Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
-
- 24 Jun, 2020 2 commits
-
-
Manish V Badarkhe authored
Updated cert_tool to add hash information of fw_config image into the existing "trusted boot fw" certificate. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
-
Manish V Badarkhe authored
Added support in fiptool to include fw_config image in FIP. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
-
- 11 Jun, 2020 1 commit
-
-
Manish Pandey authored
with sha 0792dd7d , support to generate certificate for Secure Partitions was added for dualroot CoT only, this patch extends this support for tbbr CoT. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
-
- 08 Jun, 2020 2 commits
-
-
Manish Pandey authored
To support secure boot of SP's update cert tool arguments while generating sp_gen.mk which in turn is consumed by build system. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc
-
Manish Pandey authored
Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
-
- 06 Mar, 2020 1 commit
-
-
Sumit Garg authored
Add firmware authenticated encryption tool which utilizes OpenSSL library to encrypt firmwares using a key provided via cmdline. Currently this tool supports AES-GCM as an authenticated encryption algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
-
- 24 Feb, 2020 1 commit
-
-
Sandrine Bailleux authored
Selection of the chain of trust is done through the COT build option: > make COT=dualroot Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 20 Feb, 2020 1 commit
-
-
Manish Pandey authored
Till now TF-A allows limited number of external images to be made part of FIP. With SPM coming along, there may exist multiple SP packages which need to be inserted into FIP. To achieve this we need a more scalable approach to feed SP packages to FIP. This patch introduces changes in build system to generate and add SP packages into FIP based on information provided by platform. Platform provides information in form of JSON which contains layout description of available Secure Partitions. JSON parser script is invoked by build system early on and generates a makefile which updates FIP, SPTOOL and FDT arguments which will be used by build system later on for final packaging. "SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A tree. This option will be used only when SPD=spmd. For each SP, generated makefile will have following entries - FDT_SOURCES += sp1.dts - SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg - FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
-
- 14 Feb, 2020 1 commit
-
-
Louis Mayencourt authored
This patch: - Add the __COHERENT_RAM_START__ and __COHERENT_RAM_END__ symbols. - Improve how the symbols are found with a regex. - Add a build option to revert the memory layout output. Change-Id: I54ec660261431bc98d78acb0f80e3d95bc5397ac Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 10 Feb, 2020 1 commit
-
-
Manish Pandey authored
Currently sptool generates a single blob containing all the Secure Partitions, with latest SPM implementation, it is desirable to have individual blobs for each Secure Partition. It allows to leverage packaging and parsing of SP on existing FIP framework. It also allows SP packages coming from different sources. This patch modifies sptool so that it takes number of SP payload pairs as input and generates number of SP blobs instead of a single blob. Each SP blob can optionally have its own header containing offsets and sizes of different payloads along with a SP magic number and version. It is also associated in FIP with a UUID, provided by SP owner. Usage example: sptool -i sp1.bin:sp1.dtb -o sp1.pkg -i sp2.bin:sp2.dtb -o sp2.pkg ... Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ie2db8e601fa1d4182d0a1d22e78e9533dce231bc
-
- 29 Jan, 2020 3 commits
-
-
Sandrine Bailleux authored
In preparation of supporting alternate chains of trust, reword comments and error messages that explicitly mentioned TBBR. Change-Id: I85a0b08e16d0cd82f3b767fcc092d1f20f45939f Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
It allows to select the desired chain of trust. Right now, only the TBBR CoT is available. At this stage, this build option only affects the tool itself. It is not plugged into the rest of the build system yet. To use it: > make -C tools/cert_create COT=tbbr Change-Id: I4484418f76d3c7b330d8653c978499a181534dcd Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Move all TBBR-specific stuff out of the tool's makefile into a sub-makefile. This will make it easier to define and select an alternate chain of trust in the future. Change-Id: I92e366a1999b74cf51127d1771b64b807cd94b29 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 14 Jan, 2020 1 commit
-
-
Sandrine Bailleux authored
The chain of trust definitions are only needed in the part of the code dealing with the TBBR CoT (tbbr/* files). Change-Id: I6f9a86bba4a2d16313b6842a3ec85b7c951074bc Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 25 Nov, 2019 1 commit
-
-
Louis Mayencourt authored
show_memory is a simple tools that parse the blx.map files and print a representation of the memory layout for the latest build. This representation is based on standard symbols present on the map files as: __TEXT_START/END__, __RODATA_START/END__, __STACKS_START/END__ , etc.. Change-Id: Iba3e301a1a9fee9a35abf1afdb69093617d33929 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed in SHA fe199e3b , however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 05 Sep, 2019 1 commit
-
-
Carlo Caione authored
Meson is the internal code name for the SoC family. The correct name for the platform should be Amlogic. Change the name of the platform directory. Signed-off-by: Carlo Caione <ccaione@baylibre.com> Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
-
- 16 Aug, 2019 1 commit
-
-
Justin Chadwell authored
The valgrind checks for cert_create have not been run in a long while - as such there are a few memory leaks present. This patch fixes a few of the major ones reported by valgrind. However, a few do remain. Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 02 Jul, 2019 1 commit
-
-
Girish Pathak authored
This change adds nmake compatible Makefile.msvc file for building (nmake /FMakefile.msvc) fiptool on the Windows. Change-Id: Iccd1fe8da072edd09eb04b8622f27b3c4693b281 Signed-off-by: Girish Pathak <girish.pathak@arm.com>
-
- 02 Apr, 2019 2 commits
-
-
Remi Pommarel authored
GXL platforms need to have a specific header at the beginning of bl31 image to be able to boot. This adds a tool to create that and calls it at build time. Signed-off-by: Remi Pommarel <repk@triplefau.lt>
-
Marek Vasut authored
Add R-Car D3 SoC platform specifics. Driver, PFC, QoS, DDR init code will be added separately. Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
-
- 12 Mar, 2019 2 commits
-
-
Paul Beesley authored
It is quite unlikely that this number will ever change and, if it does need to change, we should have a good reason to do so. It seems that this comment is now redundant. Change-Id: I409c764080748e338e9bc5606bbdcc475213fb6e Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: Iea72ef9ba16325cbce07eea1a975d2a96eede274 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 29 Jan, 2019 1 commit
-
-
Andre Przywara authored
Commit 03364865 ("Make TF UUID RFC 4122 compliant") changed the scanf parsing string to handle endianness correctly. However that changed the number of items sscanf handles, without adjusting the sanity check just below. Increase the expected return value from 11 to 16 to let fiptool handle UUIDs given as blob parameters correctly again. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 11 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
This tool packages Secure Partitions and Resource Descriptor blobs into a simple file that can be loaded by SPM. Change-Id: If3800064f30bdc3d7fc6a15ffbb3007ef632bcaa Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Oct, 2018 1 commit
-
-
Konstantin Porotchkin authored
Move doimage utility from toos/doimage to tools/marvell/doimage. This is done for supporting mode Marvell tools in the future. Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 17 Oct, 2018 1 commit
-
-
Jorge Ramirez-Ortiz authored
Reference code: ============== rar_gen3: IPL and Secure Monitor Rev1.0.22 https://github.com/renesas-rcar/arm-trusted-firmware [rcar_gen3] Author: Takuya Sakata <takuya.sakata.wz@bp.renesas.com> Date: Thu Aug 30 21:26:41 2018 +0900 Update IPL and Secure Monitor Rev1.0.22 General Information: =================== This port has been tested on the Salvator-X Soc_id r8a7795 revision ES1.1 (uses an SPD). Build Tested: ------------- ATFW_OPT="LSI=H3 RCAR_DRAM_SPLIT=1 RCAR_LOSSY_ENABLE=1" MBEDTLS_DIR=$mbedtls $ make clean bl2 bl31 rcar PLAT=rcar ${ATFW_OPT} SPD=opteed Other dependencies: ------------------ * mbed_tls: git@github.com:ARMmbed/mbedtls.git [devel] Merge: 68dbc94 f34a4c1 Author: Simon Butcher <simon.butcher@arm.com> Date: Thu Aug 30 00:57:28 2018 +0100 * optee_os: https://github.com/BayLibre/optee_os Until it gets merged into OP-TEE, the port requires Renesas' Trusted Environment with a modification to support power management. Author: Jorge Ramirez-Ortiz <jramirez@baylibre.com> Date: Thu Aug 30 16:49:49 2018 +0200 plat-rcar: cpu-suspend: handle the power level Signed-off-by: Jorge Ramirez-Ortiz <jramirez@baylibre.com> * u-boot: The port has beent tested using mainline uboot. Author: Fabio Estevam <festevam@gmail.com> Date: Tue Sep 4 10:23:12 2018 -0300 *linux: The port has beent tested using mainline kernel. Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Sun Sep 16 11:52:37 2018 -0700 Linux 4.19-rc4 Overview --------- BOOTROM starts the cpu at EL3; In this port BL2 will therefore be entered at this exception level (the Renesas' ATF reference tree [1] resets into EL1 before entering BL2 - see its bl2.ld.S) BL2 initializes DDR (and i2c to talk to the PMIC on some platforms) before determining the boot reason (cold or warm). During suspend all CPUs are switched off and the DDR is put in backup mode (some kind of self-refresh mode). This means that BL2 is always entered in a cold boot scenario. Once BL2 boots, it determines the boot reason, writes it to shared memory (BOOT_KIND_BASE) together with the BL31 parameters (PARAMS_BASE) and jumps to BL31. To all effects, BL31 is as if it is being entered in reset mode since it still needs to initialize the rest of the cores; this is the reason behind using direct shared memory access to BOOT_KIND_BASE and PARAMS_BASE instead of using registers to get to those locations (see el3_common_macros.S and bl31_entrypoint.S for the RESET_TO_BL31 use case). Depending on the boot reason BL31 initializes the rest of the cores: in case of suspend, it uses a MBOX memory region to recover the program counters. [1] https://github.com/renesas-rcar/arm-trusted-firmware Tests ----- * cpuidle ------- enable kernel's cpuidle arm_idle driver and boot * system suspend -------------- $ cat suspend.sh #!/bin/bash i2cset -f -y 7 0x30 0x20 0x0F read -p "Switch off SW23 and press return " foo echo mem > /sys/power/state * cpu hotplug: ------------ $ cat offline.sh #!/bin/bash nbr=$1 echo 0 > /sys/devices/system/cpu/cpu$nbr/online printf "ONLINE: " && cat /sys/devices/system/cpu/online printf "OFFLINE: " && cat /sys/devices/system/cpu/offline $ cat online.sh #!/bin/bash nbr=$1 echo 1 > /sys/devices/system/cpu/cpu$nbr/online printf "ONLINE: " && cat /sys/devices/system/cpu/online printf "OFFLINE: " && cat /sys/devices/system/cpu/offline Signed-off-by: ldts <jramirez@baylibre.com>
-
- 15 Oct, 2018 1 commit
-
-
Yann Gautier authored
Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 04 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
HOSTCC should be used in any of the tools inside the tools/ directory instead of CC. That way it is possible to override both values from the command line when building the Trusted Firmware and the tools at the same time. Also, use HOSTCCFLAGS instead of CFLAGS. Also, instead of printing the strings CC and LD in the console during the compilation of the tools, HOSTCC and HOSTLD have to be used for clarity. This is how it is done in other projects like U-Boot or Linux. Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Oct, 2018 1 commit
-
-
Jan Kiszka authored
As these rules depend on non-existing headers as well (likely copy & pasted from fiptool), they never matched, and the built-in rules were used. That led to random breakages when e.g. CPPFLAGS was suddenly evaluated and contained invalid options. For the stm32image, this reveals that we were relying on the built-in rules by passing -D_GNU_SOURCE via CPPFLAGS, rather than using CFLAGS as used in the local rule. Fix that as well. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-
- 28 Sep, 2018 1 commit
-
-
dp-arm authored
A compatibility script has been provided for about 2 years. Users should have migrated to fiptool by now so remove the compat script. Change-Id: I643e0c40a9e3fb428bad3be04a82cb431aad74dc Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 24 Sep, 2018 1 commit
-
-
Matteo Croce authored
Signed-off-by: Matteo Croce <mcroce@redhat.com>
-
- 03 Sep, 2018 1 commit
-
-
Konstantin Porotchkin authored
Missing ")" in fprintf causing build break in secure boot mode. Change-Id: Ice555571683b68bb0d81479e9fc8abc4296809ac Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-