- 31 Jul, 2020 1 commit
-
-
Manish Pandey authored
Currently only single signing domain is supported for SP packages but there is plan to support dual signing domains if CoT is dualroot. SP_CONTENT_CERT_ID is the certificate file which is currently generated and signed with trusted world key which in-turn is derived from Silicon provider RoT key. To allow dual signing domain for SP packages, other certificate file will be derived from Platform owned RoT key. This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and does other related changes. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
-
- 21 Jul, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds support for Event Log generation required for Measured Boot functionality. Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 24 Jun, 2020 1 commit
-
-
Louis Mayencourt authored
fw_config image is authenticated using secure boot framework by adding it into the single root and dual root chain of trust. The COT for fw_config image looks as below: +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Boot fw | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | fw_config hash |------>| fw_config | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com> Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I08fc8ee95c29a95bb140c807dd06e772474c7367
-
- 15 Jun, 2020 1 commit
-
-
Manish Pandey authored
with sha 44f1aa8e , support for Silicon Provider(SiP) owned Secure Partition(SP) was added for dualroot CoT. This patch extends this support for tbbr CoT. Earlier tbbr CoT for SPs was left to avoid adding new image types in TBBR which could possibly be seen as deviation from specification. But with further discussions it is understood that TBBR being a *minimal* set of requirements that can be extended as long as we don't violate any of the musts, which is the case with adding SP support. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb
-
- 09 Jun, 2020 1 commit
-
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
-
- 19 May, 2020 1 commit
-
-
Manish V Badarkhe authored
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c and tbbr_cot_bl2.c respectively. Common CoT used across BL1 and BL2 are moved to tbbr_cot_common.c. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
-
- 01 Apr, 2020 1 commit
-
-
Gilad Ben-Yossef authored
Add Crypto 713 support as crypto module and NVM counter provider. As files under include/drivers/arm/cryptocell/713/ are copied verbatim from the CryptoCell SBROM lib project they are filtered from checkpatch coding style check. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
-
- 25 Mar, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides support for measured boot by adding calculation of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB. Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 08 Mar, 2020 1 commit
-
-
Madhukar Pappireddy authored
Include x509.h header file explicitly. Update docs. Change-Id: If2e52c2cd3056654406b7b6779b67eea5cc04a48 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 06 Mar, 2020 1 commit
-
-
Sumit Garg authored
Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
-
- 24 Feb, 2020 1 commit
-
-
Sandrine Bailleux authored
This new chain of trust defines 2 independent signing domains: 1) One for the silicon firmware (BL1, BL2, BL31) and optionally the Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR CoT. 2) One for the Normal World Bootloader (BL33). It is rooted in a new key called Platform ROTPK, or PROTPK for short. In terms of certificates chain, - Signing domain 1) is similar to what TBBR advocates (see page 21 of the TBBR specification), except that the Non-Trusted World Public Key has been removed from the Trusted Key Certificate. - Signing domain 2) only contains the Non-Trusted World Content certificate, which provides the hash of the Non-Trusted World Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World Key certificate for simplicity. Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 18 Feb, 2020 2 commits
-
-
Sandrine Bailleux authored
The TBBR implementation extracts hashes from certificates and stores them in static buffers. TF-A supports 3 variants of SHA right now: SHA-256, SHA-384 and SHA-512. When support for SHA-512 was added in commit 9a3088a5 ("tbbr: Add build flag HASH_ALG to let the user to select the SHA"), the hash buffers got unconditionally increased from 51 to 83 bytes each. We can reduce that space if we're using SHA-256 or SHA-384. This saves some BSS space in both BL1 and BL2: - BL1 with SHA-256: saving 168 bytes. - BL1 with SHA-384: saving 80 bytes. - BL2 with SHA-256: saving 384 bytes. - BL2 with SHA-384: saving 192 bytes. Change-Id: I0d02e5dc5f0162e82339c768609c9766cfe7e2bd Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
The TBBR implementation extracts public keys from certificates and stores them in static buffers. DER-encoded ECDSA keys are only 91 bytes each but were each allocated 294 bytes instead. Reducing the size of these buffers saves 609 bytes of BSS in BL2 (294 - 91 = 203 bytes for each of the 3 key buffers in use). Also add a comment claryfing that key buffers are tailored on RSA key sizes when both ECDSA and RSA keys are used. Change-Id: Iad332856e7af1f9814418d012fba3e1e9399f72a Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 07 Feb, 2020 1 commit
-
-
Louis Mayencourt authored
Introduce the Firmware CONfiguration Framework (fconf). The fconf is an abstraction layer for platform specific data, allowing a "property" to be queried and a value retrieved without the requesting entity knowing what backing store is being used to hold the data. The default backing store used is C structure. If another backing store has to be used, the platform integrator needs to provide a "populate()" function to fill the corresponding C structure. The "populate()" function must be registered to the fconf framework with the "FCONF_REGISTER_POPULATOR()". This ensures that the function would be called inside the "fconf_populate()" function. A two level macro is used as getter: - the first macro takes 3 parameters and converts it to a function call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c). - the second level defines a__b_getter(c) to the matching C structure, variable, array, function, etc.. Ex: Get a Chain of trust property: 1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id) 2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id] Change-Id: Id394001353ed295bc680c3f543af0cf8da549469 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 04 Feb, 2020 1 commit
-
-
Zelalem authored
This patch removes unnecessary header file includes discovered by Coverity HFA option. Change-Id: I2827c37c1c24866c87db0e206e681900545925d4 Signed-off-by: Zelalem <zelalem.aweke@arm.com>
-
- 28 Jan, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds 'calc_hash' function using Mbed TLS library required for Measured Boot support. Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 09 Jan, 2020 1 commit
-
-
Madhukar Pappireddy authored
In further patches, we wish to enable -wredundant-decls check as part of warning flags by default. Change-Id: I43410d6dbf40361a503c16d94ccf0f4cf29615b7 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 11 Dec, 2019 1 commit
-
-
Gilad Ben-Yossef authored
Add the support needed to enable using CryptoCell integration with with RSA 3K support. Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com> Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed in SHA fe199e3b , however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
Previously, TF-A could not support large RSA key sizes as the configuration options passed to MBEDTLS prevented storing and performing calculations with the larger, higher-precision numbers required. With these changes to the arguments passed to MBEDTLS, TF-A now supports using 3072 (3K) and 4096 (4K) keys in certificates. Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 25 Jul, 2019 2 commits
-
-
Gilad Ben-Yossef authored
Add support for multiple Cryptocell revisions which use different APIs. This commit only refactors the existing code in preperation to the addition of another Cryptocell revisions later on. Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com> Change-Id: I16d80b31afb6edd56dc645fee5ea619cc74f09b6
-
Gilad Ben-Yossef authored
Code using Cryptocell specific APIs was used as part of the arm common board ROT support, instead of being abstracted in Cryptocell specific driver code, creating two problems: - Any none arm board that uses Cryptocell wuld need to copy and paste the same code. - Inability to cleanly support multiple versions of Cryptocell API and products. Move over Cryptocell specific API calls into the Cryptocell driver, creating abstraction API where needed. Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com> Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
-
- 13 Jun, 2019 1 commit
-
-
Sandrine Bailleux authored
The chain of trust description and the pointer pointing to its first element were incompatible, thus requiring an explicit type cast for the assignment. - cot_desc was an array of const pointers to const image descriptors. - cot_desc_ptr was a const pointer to (non-constant) pointers to const image descriptors. Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would generate the following compiler warning: drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] REGISTER_COT(cot_desc); ^~~~~~~~ Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 12 Apr, 2019 1 commit
-
-
Ambroise Vincent authored
The implementation of the heap function plat_get_mbedtls_heap() becomes mandatory for platforms supporting TRUSTED_BOARD_BOOT. The shared Mbed TLS heap default weak function implementation is converted to a helper function get_mbedtls_heap_helper() which can be used by the platforms for their own function implementation. Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 09 Apr, 2019 1 commit
-
-
Joel Hutton authored
Change-Id: I0cb9f0db1ef3491f55c038a10db5a88d37e89697 Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
- 08 Apr, 2019 2 commits
-
-
Joel Hutton authored
This changes the auth_img_desc_t struct to have pointers to struct arrays instead of struct arrays. This saves memory as many of these were never used, and can be NULL pointers. Note the memory savings are only when these arrays are not initialised, as it is assumed these arrays are fixed length. A possible future optimisation could allow for variable length. memory diff: bl1: bl2: text text -12 -12 bss bss -1463 0 data data -56 -48 rodata rodata -5688 -2592 total total -7419 -2652 Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
Joel Hutton authored
When Trusted Board Boot is enabled, we need to specify the Chain of Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array of image descriptors. The authentication module assumes that each image descriptor in this array is indexed by its unique image identifier. For example, the Trusted Boot Firmware Certificate has to be at index [TRUSTED_BOOT_FW_CERT_ID]. Unique image identifiers may not necessarily be consecutive. Also, a given BL image might not use all image descriptors. For example, BL1 does not need any of the descriptors related to BL31. As a result, the CoT array might contain holes, which unnecessarily takes up space in the BL binary. Using pointers to auth_img_desc_t structs (rather than structs themselves) means these unused elements only use 1 pointer worth of space, rather than one struct worth of space. This patch also changes the code which accesses this array to reflect the change to pointers. Image descriptors not needed in BL1 or BL2 respectively are also ifdef'd out in this patch. For example, verifying the BL31 image is the responsibility of BL2 so BL1 does not need any of the data structures describing BL31. memory diff: bl1: bl2: text text -20 -20 bss bss -1463 0 data data -256 -48 rodata rodata -5240 -1952 total total -6979 -2020 Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
- 01 Apr, 2019 1 commit
-
-
Ambroise Vincent authored
Improved support for W=2 compilation flag by solving some nested-extern and sign-compare warnings. The libraries are compiling with warnings (which turn into errors with the Werror flag). Outside of libraries, some warnings cannot be fixed. Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 28 Feb, 2019 1 commit
-
-
John Tsichritzis authored
Due to the shared Mbed TLS heap optimisation introduced in 6d01a463 , common code files were depending on Mbed TLS specific headers. This dependency is now removed by moving the default, unoptimised heap implementation inside the Mbed TLS specific files. Change-Id: I11ea3eb4474f0d9b6cb79a2afd73a51a4a9b8994 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Sep, 2018 1 commit
-
-
John Tsichritzis authored
The Mbed TLS drivers, in order to work, need a heap for internal usage. This heap, instead of being directly referenced by the drivers, now it is being accessed indirectly through a pointer. Also, the heap, instead of being part of the drivers, now it is being received through the plat_get_mbedtls_heap() function. This function requests a heap from the current BL image which utilises the Mbed TLS drivers. Those changes create the opportunity for the Mbed TLS heap to be shared among different images, thus saving memory. A default heap implementation is provided but it can be overridden by a platform specific, optimised implemenetation. Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 22 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
tf_printf and tf_snprintf are now called printf and snprintf, so the code needs to be updated. Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Aug, 2018 3 commits
-
-
Roberto Vargas authored
We had exit but we didn't have atexit, and we were calling panic and tf_printf from exit, which generated a dependency from exit to them. Having atexit allows to set a different function pointer in every image. Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Mbebtls include paths are controlled by the user using the variable MBEDTLS_DIR and they are out of the TF source tree. Since these includes have a different origin it is better to move them to a different variable. This change makes easier for the romlib Makefile to parse the include paths. Change-Id: I3e4c99300f1012bc7f88c6b9f5bc0ec1f7b5aa8d Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
TF Makefile was linking all the objects files generated for the Mbed TLS library instead of creating a static library that could be used in the linking stage. Change-Id: I8e4cd843ef56033c9d3faeee71601d110b7e4c12 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 18 Jun, 2018 1 commit
-
-
Jeenu Viswambharan authored
To build with the new release, we pick couple of more files from mbedTLS library. Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 18 May, 2018 1 commit
-
-
Soby Mathew authored
This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 13 Apr, 2018 2 commits
-
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Rule 8.3: All declarations of an object or function shall use the same names and type qualifiers Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-