1. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add SiP owned secure partitions support · 0792dd7d
      Manish Pandey authored
      
      
      Add support to generate certificate "sip-sp-cert" for Secure
      Partitions(SP) owned by Silicon provider(SiP).
      To avoid deviation from TBBR specification the support is only added for
      dualroot CoT and not for TBBR CoT.
      
      A single certificate file is generated containing hash of individual
      packages. Maximum 8 secure partitions are supported.
      
      Following new options added to cert_tool:
       --sip-sp-cert --> SiP owned Secure Partition Content Certificate
       --sp-pkg1 --> Secure Partition Package1 file
       --sp-pkg2
       .....
       --sp-pkg8
      
      Trusted world key pair is used for signing.
      
      Going forward, this feature can be extended for Platfrom owned
      Partitions, if required.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
      0792dd7d
  2. 06 Mar, 2020 1 commit
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
  3. 24 Feb, 2020 1 commit
    • Sandrine Bailleux's avatar
      Introduce a new "dualroot" chain of trust · 5ab8b717
      Sandrine Bailleux authored
      
      
      This new chain of trust defines 2 independent signing domains:
      
      1) One for the silicon firmware (BL1, BL2, BL31) and optionally the
         Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR
         CoT.
      
      2) One for the Normal World Bootloader (BL33). It is rooted in a new key
         called Platform ROTPK, or PROTPK for short.
      
      In terms of certificates chain,
      
      - Signing domain 1) is similar to what TBBR advocates (see page 21 of
        the TBBR specification), except that the Non-Trusted World Public Key
        has been removed from the Trusted Key Certificate.
      
      - Signing domain 2) only contains the Non-Trusted World Content
        certificate, which provides the hash of the Non-Trusted World
        Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World
        Key certificate for simplicity.
      
      Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      5ab8b717
  4. 10 Feb, 2020 1 commit
    • Manish Pandey's avatar
      SPM: modify sptool to generate individual SP blobs · 3977a825
      Manish Pandey authored
      
      
      Currently sptool generates a single blob containing all the Secure
      Partitions, with latest SPM implementation, it is desirable to have
      individual blobs for each Secure Partition. It allows to leverage
      packaging and parsing of SP on existing FIP framework. It also allows
      SP packages coming from different sources.
      
      This patch modifies sptool so that it takes number of SP payload pairs
      as input and generates number of SP blobs instead of a single blob.
      
      Each SP blob can optionally have its own header containing offsets and
      sizes of different payloads along with a SP magic number and version.
      It is also associated in FIP with a UUID, provided by SP owner.
      
      Usage example:
      sptool -i sp1.bin:sp1.dtb -o sp1.pkg -i sp2.bin:sp2.dtb -o sp2.pkg ...
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ie2db8e601fa1d4182d0a1d22e78e9533dce231bc
      3977a825
  5. 07 Feb, 2020 1 commit
    • Louis Mayencourt's avatar
      fconf: Move platform io policies into fconf · 0a6e7e3b
      Louis Mayencourt authored
      
      
      Use the firmware configuration framework to store the io_policies
      information inside the configuration device tree instead of the static
      structure in the code base.
      
      The io_policies required by BL1 can't be inside the dtb, as this one is
      loaded by BL1, and only available at BL2.
      
      This change currently only applies to FVP platform.
      
      Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      0a6e7e3b
  6. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  7. 11 Dec, 2018 1 commit
  8. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  9. 14 Jun, 2018 1 commit
    • Roberto Vargas's avatar
      Make TF UUID RFC 4122 compliant · 03364865
      Roberto Vargas authored
      
      
      RFC4122 defines that fields are stored in network order (big endian),
      but TF-A stores them in machine order (little endian by default in TF-A).
      We cannot change the future UUIDs that are already generated, but we can store
      all the bytes using arrays and modify fiptool to generate the UUIDs with
      the correct byte order.
      
      Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      03364865
  10. 18 May, 2018 1 commit
  11. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      Dynamic cfg: Update the tools · e24659df
      Soby Mathew authored
      
      
      This patch updates the `fiptool` and `cert_create` for the
      `hw_config` and `tb_fw_config` dynamic configuration files.
      The necessary UUIDs and OIDs are assigned to these files and
      the `cert_create` is updated to generate appropriate hashes
      and include them in the "Trusted Boot FW Certificate". The
      `fiptool` is updated to allow the configs to be specified
      via cmdline and included in the generated FIP.
      
      Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e24659df
  12. 09 Aug, 2017 1 commit
  13. 23 May, 2017 2 commits
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
    • Masahiro Yamada's avatar
      fip: move headers shared between TF and fiptool to include/tools_share · 2a6c1a8f
      Masahiro Yamada authored
      
      
      Some header files need to be shared between TF and host programs.
      For fiptool, two headers are copied to the tools/fiptool directory,
      but it looks clumsy.
      
      This commit introduces a new directory, include/tools_share, which
      collects headers that should be shared between TF and host programs.
      
      This will clarify the interface exposed to host tools.  We should
      add new headers to this directory only when we really need to do so.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      2a6c1a8f