1. 09 Mar, 2020 6 commits
  2. 06 Mar, 2020 10 commits
    • Manish Pandey's avatar
      TSP: corrected log information · a16bc845
      Manish Pandey authored
      
      
      In CPU resume function, CPU suspend count was printed instead of CPU
      resume count.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I0c081dc03a4ccfb2129687f690667c5ceed00a5f
      a16bc845
    • Masahiro Yamada's avatar
      uniphier: shrink UNIPHIER_ROM_REGION_SIZE · 548654bc
      Masahiro Yamada authored
      
      
      Currently, the ROM region is needlessly too large.
      
      The on-chip SRAM region of the next SoC will start from 0x04000000,
      and this will cause the region overlap.
      
      Mapping 0x04000000 for the ROM is enough.
      
      Change-Id: I85ce0bb1120ebff2e3bc7fd13dc0fd15dfff5ff6
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      548654bc
    • Alexei Fedorov's avatar
      03ea84c3
    • Sumit Garg's avatar
      qemu: Support optional encryption of BL31 and BL32 images · 51857762
      Sumit Garg authored
      
      
      Enable encryption IO layer to be stacked above FIP IO layer for optional
      encryption of Bl31 and BL32 images in case ENCRYPT_BL31 or ENCRYPT_BL32
      build flag is set.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I24cba64728861e833abffc3d5d9807599c49feb6
      51857762
    • Sumit Garg's avatar
      qemu: Update flash address map to keep FIP in secure FLASH0 · a886bbec
      Sumit Garg authored
      
      
      Secure FLASH0 memory map looks like:
      - Offset: 0 to 256K -> bl1.bin
      - Offset: 256K to 4.25M -> fip.bin
      
      FLASH1 is normally used via UEFI/edk2 to keep varstore.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I6883f556c22d6a5d3fa3846c703bebc2abe36765
      a886bbec
    • Sumit Garg's avatar
      Makefile: Add support to optionally encrypt BL31 and BL32 · c6ba9b45
      Sumit Garg authored
      
      
      Following build flags have been added to support optional firmware
      encryption:
      
      - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
          0: Encryption is done with Secret Symmetric Key (SSK) which is
             common for a class of devices.
          1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
             is unique per device.
      
      - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
          could be SSK or BSSK depending on FW_ENC_STATUS flag.
      
      - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
          (IV) in hex string format.
      
      - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
      
      - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
      
      Similar flags can be added to encrypt other firmwares as well depending
      on use-cases.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
      c6ba9b45
    • Sumit Garg's avatar
      tools: Add firmware authenticated encryption tool · 90aa901f
      Sumit Garg authored
      
      
      Add firmware authenticated encryption tool which utilizes OpenSSL
      library to encrypt firmwares using a key provided via cmdline. Currently
      this tool supports AES-GCM as an authenticated encryption algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
      90aa901f
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored
      
      
      Add framework for autheticated decryption of data. Currently this
      patch optionally imports mbedtls library as a backend if build option
      "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
      using AES-GCM algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb
    • Olivier Deprez's avatar
      Merge changes from topic "spmd-sel2" into integration · d95f7a72
      Olivier Deprez authored
      * changes:
        SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
        SPMD: smc handler qualify secure origin using booleans
        SPMD: SPMC init, SMC handler cosmetic changes
        SPMD: [tegra] rename el1_sys_regs structure to sys_regs
        SPMD: Adds partially supported EL2 registers.
        SPMD: save/restore EL2 system registers.
      d95f7a72
  3. 05 Mar, 2020 5 commits
  4. 04 Mar, 2020 2 commits
    • Vishnu Banavath's avatar
      fdts: a5ds: add ethernet node in devicetree · c84cbf41
      Vishnu Banavath authored
      
      
      This change is to add ethernet and voltage regulator nodes into
      a5ds devicetree.
      
      Change-Id: If9ed67040d54e76af1813c9f99835f51f617e9df
      Signed-off-by: default avatarVishnu Banavath <vishnu.banavath@arm.com>
      c84cbf41
    • Manish Pandey's avatar
      SPMD: loading Secure Partition payloads · cb3b5344
      Manish Pandey authored
      
      
      This patch implements loading of Secure Partition packages using
      existing framework of loading other bl images.
      
      The current framework uses a statically defined array to store all the
      possible image types and at run time generates a link list and traverse
      through it to load different images.
      
      To load SPs, a new array of fixed size is introduced which will be
      dynamically populated based on number of SPs available in the system
      and it will be appended to the loadable images list.
      
      Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      cb3b5344
  5. 03 Mar, 2020 8 commits
  6. 02 Mar, 2020 3 commits
  7. 28 Feb, 2020 6 commits