GitLab

This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.

Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Include x509.h header file explicitly. Update docs.

Change-Id: If2e52c2cd3056654406b7b6779b67eea5cc04a48
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271

This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.

Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
in SHA fe199e3b

, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.

Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Due to the shared Mbed TLS heap optimisation introduced in 6d01a463

,
common code files were depending on Mbed TLS specific headers. This
dependency is now removed by moving the default, unoptimised heap
implementation inside the Mbed TLS specific files.

Change-Id: I11ea3eb4474f0d9b6cb79a2afd73a51a4a9b8994
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca339

 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The Mbed TLS drivers, in order to work, need a heap for internal usage.
This heap, instead of being directly referenced by the drivers, now it
is being accessed indirectly through a pointer. Also, the heap, instead
of being part of the drivers, now it is being received through the
plat_get_mbedtls_heap() function. This function requests a heap from the
current BL image which utilises the Mbed TLS drivers.

Those changes create the opportunity for the Mbed TLS heap to be shared
among different images, thus saving memory. A default heap
implementation is provided but it can be overridden by a platform
specific, optimised implemenetation.

Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.

Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

We had exit but we didn't have atexit, and we were calling panic and
tf_printf from exit, which generated a dependency from exit to them.
Having atexit allows to set a different function pointer in every image.

Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

Mbebtls include paths are controlled by the user using the variable
MBEDTLS_DIR and they are out of the TF source tree. Since these
includes have a different origin it is better to move them to a
different variable.

This change makes easier for the romlib Makefile to parse the include
paths.

Change-Id: I3e4c99300f1012bc7f88c6b9f5bc0ec1f7b5aa8d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

TF Makefile was linking all the objects files generated for the
Mbed TLS library instead of creating a static library that could be
used in the linking stage.

Change-Id: I8e4cd843ef56033c9d3faeee71601d110b7e4c12
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

To build with the new release, we pick couple of more files from mbedTLS
library.

Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Rule 8.4: A compatible declaration shall be visible when
          an object or function with external linkage is defined

Fixed for:
	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all

Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

This patch modifies the makefiles to avoid the definition
of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and
it lets to the platform makefiles to define them if they
actually need these images. In the case of BL2_AT_EL3
BL1 will not be needed usually because the Boot ROM will
jump directly to BL2.

Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

The flag support the following values:
    - sha256 (default)
    - sha384
    - sha512

Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects
rsa or ecdsa depending on the certificate used.

Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

    - fixed compile error when KEY_ALG=ecdsa
    - add new option ecdsa for TF_MBEDTLS_KEY_ALG
    - add new option devel_ecdsa for ARM_ROTPK_LOCATION
    - add ecdsa key at plat/arm/board/common/rotpk/
    - reduce the mbedtls heap memory size to 13k

Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

This patch enables choice of RSA version at run time to be used for
generating signatures by the cert_tool. The RSA PSS as defined in
PKCS#1 v2.1 becomes the default version and this patch enables to specify
the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
-a option. Also, the build option `KEY_ALG` can be used to pass this
option from the build system. Please note that RSA PSS is mandated
by Trusted Board Boot requirements (TBBR) and legacy RSA support is
being added for compatibility reasons.

Fixes ARM-Software/tf-issues#499
Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

The `KEY_ALG` variable is used to select the algorithm for key
generation by `cert_create` tool for signing the certificates. This
variable was previously undocumented and did not have a global default
value. This patch corrects this and also adds changes to derive the
value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
platform. The corresponding assignment of these variables are also now
removed from the `arm_common.mk` makefile.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4

This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

If `MBEDTLS_PLATFORM_SNPRINTF_ALT` isn't used, the function
`mbedtls_platform_set_snprintf()` isn't defined.

In case a platform uses a different mbed TLS configuration file than
the one provided by the Trusted Firmware, and it doesn't define the
mentioned build option, this will result in a build error.

This patch modifies the initialization code so that
`mbedtls_platform_set_snprintf()` is only used if
`MBEDTLS_PLATFORM_SNPRINTF_ALT` is defined, allowing platforms to use
it or not depending on their needs.

Change-Id: I1d5c86d57e9b2871ba463030bf89210ebec5178e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This patch adds support for RSASSA-PSS Signature Algorithm for
X509 certificates in mbedtls crypto driver. Now the driver supports
RSA PKCS2_1 standard as mandated by TBBR.

NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
is deprecated.

Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

The mbedTLS library requires larger heap memory for verification of RSASSA-PSS
signature in certificates during Trusted Board Boot. This patch increases the
heap memory for the same.

Change-Id: I3c3123d7142b7b7b01463516ec436734895da159
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()`
to analyse the RAM usage of the library.

When RSA is selected as algorithm, the maximum heap usage in FVP and
Juno has been determined empirically to be approximately 5.5 KiB.
However, The default heap size used when RSA is selected is 8 KiB.

This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS
sections of both BL1 and BL2 are 2 KiB smaller when the firmware is
compiled with TBB support.

Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
This subset internally uses `snprintf`, but the only format specifier
used is '%d', which is supported by `tf_snprintf`.

This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
saving 3 KB in both debug and release builds when TBBR is enabled.

Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This
completes the migration of TF specific macros so that they do not
have the MBEDTLS_ suffix (see arm-trusted-firmware#874).

Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00
Signed-off-by: David Cunado <david.cunado@arm.com>

An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
macros to have a TBBR_ suffix to avoid any potential clash with future
mbedtls macros.

But on reflection the TBBR_ suffix could be confusing as the macros
are used to drive TF-specific configuration of mbedtls. As such
this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
suffix which more accurately conveys their use.

Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
Signed-off-by: David Cunado <david.cunado@arm.com>

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/



Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

These macros are not part of mbed TLS so they should not be prefixed
with `MBEDTLS_` to avoid potential collision in the future. Use the
`TBBR_` suffix to highlight that they only used in TF.

`MBEDTLS_KEY_ALG` was not modified because that is documented and used
by platforms to select the key algorithm.

Change-Id: Ief224681715c481691c80810501830ce16e210b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

This reverts commit b621fb50

.

Because of the Trusted Firmware design, timing-safe functions are not
needed. Using them may be misleading as it could be interpreted as being
a protection against private data leakage, which isn't the case here.

For each image, the SHA-256 hash is calculated. Some padding is appended
and the result is encrypted with a private key using RSA-2048. This is
the signature of the image. The public key is stored along with BL1 in
read-only memory and the encrypted hash is stored in the FIP.

When authenticating an image, the TF decrypts the hash stored in the FIP
and recalculates the hash of the image. If they don't match, the boot
sequence won't continue.

A constant-time comparison does not provide additional security as all
the data involved in this process is already known to any attacker.
There is no private data that can leaked through a timing attack when
authenticating an image.

`timingsafe_bcmp()` is kept in the codebase because it could be useful
in the future.

Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Replace all use of memset by zeromem when zeroing moderately-sized
structure by applying the following transformation:
memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x))

As the Trusted Firmware is compiled with -ffreestanding, it forbids the
compiler from using __builtin_memset and forces it to generate calls to
the slow memset implementation. Zeromem is a near drop in replacement
for this use case, with a more efficient implementation on both AArch32
and AArch64.

Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

To avoid timing side-channel attacks, it is needed to use a constant
time memory comparison function when comparing hashes. The affected
code only cheks for equality so it isn't needed to use any variant of
memcmp(), bcmp() is enough.

Also, timingsafe_bcmp() is as fast as memcmp() when the two compared
regions are equal, so this change incurrs no performance hit in said
case. In case they are unequal, the boot sequence wouldn't continue as
normal, so performance is not an issue.

Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

In mbedtls_x509_parser.c there are some static arrays that are filled
during the integrity check and then read whenever an authentication
parameter is requested. However, they aren't cleared in case of an
integrity check failure, which can be problematic from a security
point of view. This patch clears these arrays in the case of failure.

Change-Id: I9d48f5bc71fa13e5a75d6c45b5e34796ef13aaa2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This comment block says the default algorithm is ESDSA, while the
code obviously sets the default to RSA:

  ifeq (${MBEDTLS_KEY_ALG},)
      MBEDTLS_KEY_ALG            :=      rsa
  endif

The git log of commit 7d37aa17

 ("TBB: add mbedTLS authentication
related libraries") states available options are:

  * 'rsa' (for RSA-2048) (default option)
  * 'ecdsa' (for ECDSA-SECP256R1)

So, my best guess is the comment block is wrong.

The mismatch between the code and the comment is confusing. Fix it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.

The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.

** NEW PLATFORM APIs (mandatory when TBB is enabled) **

int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);

    This API returns the non-volatile counter value stored
    in the platform. The cookie in the first argument may be
    used to select the counter in case the platform provides
    more than one (i.e. TBSA compliant platforms must provide
    trusted and non-trusted counters). This cookie is specified
    in the CoT.

int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);

    This API sets a new counter value. The cookie may be
    used to select the counter to be updated.

An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.

** IMPORTANT **

THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.

Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a

By default ARM TF is built with the '-pedantic' compiler flag, which
helps detecting violations of the C standard. However, the mbed TLS
library and its associated authentication module in TF used to fail
building with this compiler flag. As a workaround, the mbed TLS
authentication module makefile used to set the 'DISABLE_PEDANTIC'
TF build flag.

The compiler errors flagged by '-pedantic' in the mbed TLS library
have been fixed between versions 1.3.9 and 2.2.0 and the library now
properly builds with this compiler flag.

This patch fixes the remaining compiler errors in the mbed TLS
authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
build flag. This means that TF is now always built with '-pedantic'.

In particular, this patch:

 * Removes the final semi-colon in REGISTER_COT() macro.

   This semi-colon was causing the following error message:

   drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
   extra ';' outside of a function [-Werror=pedantic]

   This has been fixed both in the mbed TLS authentication module
   as well as in the certificate generation tool. Note that the latter
   code didn't need fixing since it is not built with '-pedantic' but
   the change has been propagated for consistency.

   Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
   which were suffering from the same issue.

 * Fixes a pointer type.

   It was causing the following error message:

   drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
   drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
   type 'void *' used in arithmetic [-Werror=pointer-arith]

Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d