1. 06 Mar, 2020 1 commit
  2. 12 Sep, 2019 1 commit
    • Justin Chadwell's avatar
      Support larger RSA key sizes when using MBEDTLS · aacff749
      Justin Chadwell authored
      
      
      Previously, TF-A could not support large RSA key sizes as the
      configuration options passed to MBEDTLS prevented storing and performing
      calculations with the larger, higher-precision numbers required. With
      these changes to the arguments passed to MBEDTLS, TF-A now supports
      using 3072 (3K) and 4096 (4K) keys in certificates.
      
      Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      aacff749
  3. 04 Sep, 2019 1 commit
    • Masahiro Yamada's avatar
      mbedtls: use #include <...> instead of "..." · 948a0c0d
      Masahiro Yamada authored
      
      
      The #include "mbedtls/check_config.h" directive first searches for
      the header in the relative path to mbedtls_config.h, i.e.
      include/drivers/auth/mbedtls/mbedtls/check_config.h
      
      Obviously, it does not exist since check_config.h is located in
      the mbedtls project.
      
      It is more sensible to use #include <...> form.
      
      Change-Id: If72a71381f84e7748a2c9f07dd1176559d9bb1d2
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      948a0c0d
  4. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored
      
      
      NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
      
      All common C compilers predefine a macro called __ASSEMBLER__ when
      preprocessing a .S file. There is no reason for TF-A to define it's own
      __ASSEMBLY__ macro for this purpose instead. To unify code with the
      export headers (which use __ASSEMBLER__ to avoid one extra dependency),
      let's deprecate __ASSEMBLY__ and switch the code base over to the
      predefined standard.
      
      Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  5. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  6. 28 Sep, 2018 1 commit
  7. 04 Sep, 2018 1 commit
    • John Tsichritzis's avatar
      Prepare Mbed TLS drivers for shared heap · 6d01a463
      John Tsichritzis authored
      
      
      The Mbed TLS drivers, in order to work, need a heap for internal usage.
      This heap, instead of being directly referenced by the drivers, now it
      is being accessed indirectly through a pointer. Also, the heap, instead
      of being part of the drivers, now it is being received through the
      plat_get_mbedtls_heap() function. This function requests a heap from the
      current BL image which utilises the Mbed TLS drivers.
      
      Those changes create the opportunity for the Mbed TLS heap to be shared
      among different images, thus saving memory. A default heap
      implementation is provided but it can be overridden by a platform
      specific, optimised implemenetation.
      
      Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      6d01a463
  8. 21 Nov, 2017 1 commit
  9. 25 Oct, 2017 1 commit
  10. 22 Sep, 2017 2 commits
  11. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  12. 05 Jun, 2017 1 commit
  13. 24 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Use `tf_snprintf` instead of `snprintf` · ab1794f5
      Antonio Nino Diaz authored
      
      
      The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
      This subset internally uses `snprintf`, but the only format specifier
      used is '%d', which is supported by `tf_snprintf`.
      
      This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
      saving 3 KB in both debug and release builds when TBBR is enabled.
      
      Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ab1794f5
  14. 12 May, 2017 1 commit
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
  15. 03 May, 2017 1 commit
  16. 22 Mar, 2017 1 commit
    • dp-arm's avatar
      mbedtls: Namespace TF specific macros · 66b4c166
      dp-arm authored
      
      
      These macros are not part of mbed TLS so they should not be prefixed
      with `MBEDTLS_` to avoid potential collision in the future. Use the
      `TBBR_` suffix to highlight that they only used in TF.
      
      `MBEDTLS_KEY_ALG` was not modified because that is documented and used
      by platforms to select the key algorithm.
      
      Change-Id: Ief224681715c481691c80810501830ce16e210b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      66b4c166
  17. 10 Dec, 2015 1 commit
    • Juan Castillo's avatar
      Move up to mbed TLS 2.x · 649dbf6f
      Juan Castillo authored
      The mbed TLS library has introduced some changes in the API from
      the 1.3.x to the 2.x releases. Using the 2.x releases requires
      some changes to the crypto and transport modules.
      
      This patch updates both modules to the mbed TLS 2.x API.
      
      All references to the mbed TLS library in the code or documentation
      have been updated to 'mbed TLS'. Old references to PolarSSL have
      been updated to 'mbed TLS'.
      
      User guide updated to use mbed TLS 2.2.0.
      
      NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
      Applying this patch will require an mbed TLS 2.x release to be used.
      Also note that the mbed TLS license changed to Apache version 2.0.
      
      Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
      649dbf6f
  18. 25 Jun, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add mbedTLS authentication related libraries · 7d37aa17
      Juan Castillo authored
      This patch adds the following mbedTLS based libraries:
      
      * Cryptographic library
      
      It is used by the crypto module to verify a digital signature
      and a hash. This library relies on mbedTLS to perform the
      cryptographic operations. mbedTLS sources must be obtained
      separately.
      
      Two key algorithms are currently supported:
      
          * RSA-2048
          * ECDSA-SECP256R1
      
      The platform is responsible for picking up the required
      algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
      platform makefile. Available options are:
      
          * 'rsa' (for RSA-2048) (default option)
          * 'ecdsa' (for ECDSA-SECP256R1)
      
      Hash algorithm currently supported is SHA-256.
      
      * Image parser library
      
      Used by the image parser module to extract the authentication
      parameters stored in X509v3 certificates.
      
      Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
      7d37aa17