1. 12 Aug, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add Platform owned secure partitions support · 23d5f03a
      Manish Pandey authored
      
      
      Add support to generate a certificate named "plat-sp-cert" for Secure
      Partitions(SP) owned by Platform.
      Earlier a single certificate file "sip-sp-cert" was generated which
      contained hash of all 8 SPs, with this change SPs are divided into
      two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
      
      Platform RoT key pair is used for signing.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
      23d5f03a
  2. 06 Jul, 2020 1 commit
    • Leonardo Sandoval's avatar
      fiptool: return zero status on help and help <command> · 4e500525
      Leonardo Sandoval authored
      
      
      Querying the 'fiptool' for help or help <command> should return 0
      return status (success) and not 1 (failure). In the other hand, if tool is
      executed with any other command (not help) where command's parameters are
      either missing or wrong, then the tool should return non-zero (failure). Now,
      the 'usage' function caller is the one that passes the return status.
      
      Change-Id: Id5eea91037cd810fb1e34a42e8199ef504f5daa4
      Signed-off-by: default avatarLeonardo Sandoval <leonardo.sandoval@linaro.org>
      4e500525
  3. 24 Jun, 2020 1 commit
  4. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add SiP owned secure partitions support · 0792dd7d
      Manish Pandey authored
      
      
      Add support to generate certificate "sip-sp-cert" for Secure
      Partitions(SP) owned by Silicon provider(SiP).
      To avoid deviation from TBBR specification the support is only added for
      dualroot CoT and not for TBBR CoT.
      
      A single certificate file is generated containing hash of individual
      packages. Maximum 8 secure partitions are supported.
      
      Following new options added to cert_tool:
       --sip-sp-cert --> SiP owned Secure Partition Content Certificate
       --sp-pkg1 --> Secure Partition Package1 file
       --sp-pkg2
       .....
       --sp-pkg8
      
      Trusted world key pair is used for signing.
      
      Going forward, this feature can be extended for Platfrom owned
      Partitions, if required.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
      0792dd7d
  5. 02 Jul, 2019 1 commit
  6. 12 Mar, 2019 1 commit
  7. 29 Jan, 2019 1 commit
  8. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  9. 04 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      tools: Make invocation of host compiler correct · 750e8d80
      Antonio Nino Diaz authored
      
      
      HOSTCC should be used in any of the tools inside the tools/ directory
      instead of CC. That way it is possible to override both values from the
      command line when building the Trusted Firmware and the tools at the
      same time. Also, use HOSTCCFLAGS instead of CFLAGS.
      
      Also, instead of printing the strings CC and LD in the console during
      the compilation of the tools, HOSTCC and HOSTLD have to be used for
      clarity. This is how it is done in other projects like U-Boot or Linux.
      
      Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      750e8d80
  10. 28 Sep, 2018 1 commit
  11. 14 Jun, 2018 1 commit
    • Roberto Vargas's avatar
      Make TF UUID RFC 4122 compliant · 03364865
      Roberto Vargas authored
      
      
      RFC4122 defines that fields are stored in network order (big endian),
      but TF-A stores them in machine order (little endian by default in TF-A).
      We cannot change the future UUIDs that are already generated, but we can store
      all the bytes using arrays and modify fiptool to generate the UUIDs with
      the correct byte order.
      
      Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      03364865
  12. 18 May, 2018 1 commit
  13. 03 May, 2018 1 commit
  14. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      Dynamic cfg: Update the tools · e24659df
      Soby Mathew authored
      
      
      This patch updates the `fiptool` and `cert_create` for the
      `hw_config` and `tb_fw_config` dynamic configuration files.
      The necessary UUIDs and OIDs are assigned to these files and
      the `cert_create` is updated to generate appropriate hashes
      and include them in the "Trusted Boot FW Certificate". The
      `fiptool` is updated to allow the configs to be specified
      via cmdline and included in the generated FIP.
      
      Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e24659df
  15. 27 Jan, 2018 1 commit
  16. 03 Jan, 2018 1 commit
  17. 17 Oct, 2017 1 commit
    • Evan Lloyd's avatar
      fiptool: Enable Visual Studio build · a1ee3836
      Evan Lloyd authored
      
      
      Updates are required to enable the fiptool utility to be built on a
      Windows platform.  This change modifies the source files to enable
      building with Visual Studio (detected via preprocessor settings).
      The primary changes are:
        1.  Provide an implementation of the getopt_long function.  This does
            not exist in the Visual Studio CRT libraries because Windows
            commands normally use '/' not '-' as an option indicator.
        2.  Redirect some function names to match those supported by the
            Visual Studio libraries (when building with Visual Studio).
        2.  Modify a structure name (stat) to match that provided
            by the Visual Studio libraries (_stat).
      
      Note - this change does not provide makefile updates.  It only modifies
             the sources to enable the fiptool to be built from a Visual
             Studio project.  In normal use the presence of FIPTOOL.EXE is
             enough to satisfy the make requirements.  A makefile change may
             be derived from the Visual Studio command line information at
             some point in the future.
      
      Change-Id: I3ade77ea140246af3c030920b3f97c070087f111
      Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      a1ee3836
  18. 11 Oct, 2017 1 commit
    • Evan Lloyd's avatar
      fiptool: Precursor changes for Visual Studio · 96851114
      Evan Lloyd authored
      
      
      In order to compile the source of Fiptool using Visual Studio a number
      of adjustments are required to the source.  This commit modifies the
      source with changes that will be required, but makes no functional
      modification.  The intent is to allow confirmation that the GCC build
      is unaffected.
      
      Change-Id: I4055bd941c646dd0a1aa2e24b940a1db3bf629ce
      Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      96851114
  19. 30 Aug, 2017 1 commit
  20. 09 Aug, 2017 1 commit
  21. 31 Jul, 2017 1 commit
  22. 26 Jul, 2017 1 commit
  23. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  24. 12 Jun, 2017 1 commit
  25. 24 May, 2017 1 commit
  26. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      fip: move headers shared between TF and fiptool to include/tools_share · 2a6c1a8f
      Masahiro Yamada authored
      
      
      Some header files need to be shared between TF and host programs.
      For fiptool, two headers are copied to the tools/fiptool directory,
      but it looks clumsy.
      
      This commit introduces a new directory, include/tools_share, which
      collects headers that should be shared between TF and host programs.
      
      This will clarify the interface exposed to host tools.  We should
      add new headers to this directory only when we really need to do so.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      2a6c1a8f
  27. 03 May, 2017 1 commit
  28. 24 Apr, 2017 1 commit
  29. 27 Feb, 2017 1 commit
    • dp-arm's avatar
      fiptool: Embed a pointer to an image within the image descriptor · b9589fe5
      dp-arm authored
      
      
      Currently, fiptool uses two linked lists.  One to chain together all
      the images and one for all the image descriptors.  Initially this was
      done because not all images had a corresponding image descriptor.
      This was the case for unknown images which existed in the FIP but
      there was no descriptor in the builtin table for them.  When support
      for the --blob option came in, we started building descriptors for the
      unknown images on the fly.  As a result every image now has a
      corresponding image descriptor and therefore it is no longer necessary
      to keep track of them separately.
      
      To simplify the design, maintain only a single linked list of image
      descriptors.  An image descriptor contains a pointer to the
      corresponding image.  If the pointer is NULL, then the descriptor is
      skipped in all the operations.  This approach simplifies the traversal
      code and avoids redundant lookups.
      
      The linked list of image descriptors is populated based on the
      `toc_entries` array.  This means that the order of the images in the
      FIP file remains the same across add/remove or create/update
      operations.  This is true for all standard images (those specified in
      `toc_entries`) but not for those specified via the --blob option.
      
      Change-Id: Ic29a263c86c8f1efdad322b430368c7623782e2d
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      b9589fe5
  30. 11 Feb, 2017 3 commits
  31. 28 Jan, 2017 2 commits
    • Masahiro Yamada's avatar
      fiptool: support --align option to add desired alignment to image offset · 1c75d5df
      Masahiro Yamada authored
      
      
      The current fiptool packs all the images without any padding between
      them.  So, the offset to each image has no alignment.  This is not
      efficient, for example, when the FIP is read from a block-oriented
      device.
      
      For example, (e)MMC is accessed by block-addressing.  The block size
      is 512 byte.  So, the best case is each image is aligned by 512 byte
      since the DMA engine can transfer the whole of the image to its load
      address directly.  The worst case is the offset does not have even
      DMA-capable alignment (this is where we stand now).  In this case,
      we need to transfer every block to a bounce buffer, then do memcpy()
      from the bounce buffer to our final destination.  At least, this
      should work with the abstraction by the block I/O layer, but the
      CPU-intervention for the whole data transfer makes it really slow.
      
      This commit adds a new option --align to the fiptool.  This option,
      if given, requests the tool to align each component in the FIP file
      by the specified byte.  Also, add a new Make option FIP_ALIGN for
      easier access to this feature; users can give something like
      FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to
      their platform.mk file.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1c75d5df
    • Masahiro Yamada's avatar
      fiptool: embed fip_toc_entry in struct image · 65caa3d0
      Masahiro Yamada authored
      
      
      The struct image has "uuid" and "size" to memorize the field values
      they had in the TOC entry.  So, parse_fip() copies them from struct
      fip_toc_entry to struct image, then pack_images() copies them back
      to struct fip_toc_entry.
      
      The next commit (support --align option) will require to save the
      "offset" field as well.  This makes me realize that struct image
      can embed struct fip_toc_entry.
      
      This commit will allow the "flags" field to persevere the "update"
      command.  At this moment, the "flags" is not used in a useful way.
      (Yet, platforms can save their own parameters in the flags field.)
      It makes sense to save it unless users explicitly replace the image.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      65caa3d0
  32. 27 Jan, 2017 6 commits