- 25 Jun, 2015 3 commits
-
-
Juan Castillo authored
This patch modifies the Trusted Board Boot implementation to use the new authentication framework, making use of the authentication module, the cryto module and the image parser module to authenticate the images in the Chain of Trust. A new function 'load_auth_image()' has been implemented. When TBB is enabled, this function will call the authentication module to authenticate parent images following the CoT up to the root of trust to finally load and authenticate the requested image. The platform is responsible for picking up the right makefiles to build the corresponding cryptographic and image parser libraries. ARM platforms use the mbedTLS based libraries. The platform may also specify what key algorithm should be used to sign the certificates. This is done by declaring the 'KEY_ALG' variable in the platform makefile. FVP and Juno use ECDSA keys. On ARM platforms, BL2 and BL1-RW regions have been increased 4KB each to accommodate the ECDSA code. REMOVED BUILD OPTIONS: * 'AUTH_MOD' Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
-
Juan Castillo authored
This patch extends the platform port by adding an API that returns either the Root of Trust public key (ROTPK) or its hash. This is usually stored in ROM or eFUSE memory. The ROTPK returned must be encoded in DER format according to the following ASN.1 structure: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } In case the platform returns a hash of the key: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, keyDigest OCTET STRING } An implementation for ARM development platforms is provided in this patch. When TBB is enabled, the ROTPK hash location must be specified using the build option 'ARM_ROTPK_LOCATION'. Available options are: - 'regs' : return the ROTPK hash stored in the Trusted root-key storage registers. - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and BL2 binaries. This hash has been obtained from the development RSA public key located in 'plat/arm/board/common/rotpk'. On FVP, the number of MMU tables has been increased to map and access the ROTPK registers. A new file 'board_common.mk' has been added to improve code sharing in the ARM develelopment platforms. Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
-
Juan Castillo authored
This patch adds a boolean build option 'SAVE_KEYS' to indicate the certificate generation tool that it must save the private keys used to establish the chain of trust. This option depends on 'CREATE_KEYS' to be enabled. Default is '0' (do not save). Because the same filenames are used as outputs to save the keys, they are no longer a dependency to the cert_tool. This dependency has been removed from the Makefile. Documentation updated accordingly. Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
-
- 08 Jun, 2015 1 commit
-
-
Juan Castillo authored
The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide corresponds to the internal definition not visible to the final user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This patch fixes it. Fixes ARM-software/tf-issues#308 Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
-
- 04 Jun, 2015 1 commit
-
-
Sandrine Bailleux authored
This patch introduces a new platform build option, called PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has a programmable or fixed reset vector address. If the reset vector address is fixed then the code relies on the platform_get_entrypoint() mailbox mechanism to figure out where it is supposed to jump. On the other hand, if it is programmable then it is assumed that the platform code will program directly the right address into the RVBAR register (instead of using the mailbox redirection) so the mailbox is ignored in this case. Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
-
- 29 Apr, 2015 1 commit
-
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.21) * EDK2 (to v3.0) * Linux Kernel (to 1.6-Juno) * Linaro file-system (to 15.03) * Juno SCP binary (to v1.7.0 within board recovery image 0.11.3). Change-Id: Ieb09e633acc2b33823ddf35f77f44e7da60b99ba
-
- 28 Apr, 2015 2 commits
-
-
Sandrine Bailleux authored
There has been a breaking change in the communication protocols used between the AP cores and the SCP on CSS based platforms like Juno. This means both the AP Trusted Firmware and SCP firmware must be updated at the same time. In case the user forgets to update the SCP ROM firmware, this patch detects when it still uses the previous version of the communication protocol. It will then output a comprehensive error message that helps trouble-shoot the issue. Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
-
Dan Handley authored
Update the User Guide, Porting Guide and Firmware Design documents to align them with the recent changes made to the FVP and Juno platform ports. Also fix some other historical inaccuracies. Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
-
- 16 Mar, 2015 1 commit
-
-
Vikram Kanigiri authored
Even though both CCI-400 and CCI-500 IPs have different configurations with respect to the number and types of supported interfaces, their register offsets and programming sequences are similar. This patch creates a common driver for enabling and disabling snoop transactions and DVMs with both the IPs. New platform ports which implement one of these IPs should use this common driver. Existing platform ports which implement CCI-400 should migrate to the common driver as the standalone CCI-400 will be deprecated in the future. Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556
-
- 10 Mar, 2015 1 commit
-
-
Sandrine Bailleux authored
The 'libssl-dev' package must be installed on the host to build the certificate generation tool. This patch adds it to the list of required tools in the User Guide. Change-Id: I018381fb14b7c2d2bd6f2b7929aaad0571f7eb2e
-
- 04 Feb, 2015 1 commit
-
-
Achin Gupta authored
The command line options specified in the User Guide to run the AEMv8 Base FVP with the legacy VE memory map apply only when the model is configured to use GIC v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure that the right version of GIC is used. Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891
-
- 03 Feb, 2015 1 commit
-
-
Achin Gupta authored
This patch updates the user-guide.md with the various build options related to Trusted Board Boot and steps to build a FIP image which includes this support. It also adds a trusted-board-boot.md which describes the scope and design of this feature. Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
-
- 02 Feb, 2015 2 commits
-
-
Sandrine Bailleux authored
Move up the version numbers in the user guide of: * DS-5 (to v5.20) * EDK2 (to v2.1-rc0) * Linux Kernel (to 1.3-Juno) * Linaro file-system (to 14.12) * Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1). Also remove duplicate information that is available from the ARM Connected Community website. * Base FVP (to 6.2) * Foundation FVP (to 9.1). Also update the name of the Foundation FVP binary since it has changed since version 2.1. Co-Authored-By: Dan Handley <dan.handley@arm.com> Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0
-
Sandrine Bailleux authored
Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
-
- 26 Jan, 2015 2 commits
-
-
Soby Mathew authored
This patch provides an option to specify a interrupt routing model where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1. When such an interrupt occurs, the TSPD arranges a return to the normal world after saving any necessary context. The interrupt routing model to route IRQs to EL3 is enabled only during STD SMC processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC and Secure Interrupt processing. A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change the non secure interrupt target execution level to EL3. Fixes ARM-software/tf-issues#225 Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
-
Juan Castillo authored
This patch allows the secure payload (BL3-2) to be loaded in the DRAM region secured by the TrustZone controller (top 16 MB of DRAM1). The location of BL3-2 can be selected at build time by setting the build flag FVP_TSP_RAM_LOCATION to one of the following options: - 'tsram' : Trusted SRAM (this is the default option) - 'tdram' : Trusted DRAM - 'dram' : Secure region in DRAM1 (top 16MB configured by the TrustZone controller) The number of MMU tables in BL3-2 depends on its location in memory: 3 in case it is loaded in DRAM, 2 otherwise. Documentation updated accordingly. Fixes ARM-software/tf-issues#212 Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
-
- 22 Jan, 2015 1 commit
-
-
Soby Mathew authored
This patch extends the build option `USE_COHERENT_MEMORY` to conditionally remove coherent memory from the memory maps of all boot loader stages. The patch also adds necessary documentation for coherent memory removal in firmware-design, porting and user guides. Fixes ARM-Software/tf-issues#106 Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
-
- 12 Jan, 2015 1 commit
-
-
Juan Castillo authored
Patch 20d51cad moved the shared data page from the top of the Trusted SRAM to the bottom, changing the load addresses of BL3-1 and BL3-2. This patch updates BL3-1 and BL3-2 addresses in the instructions to run the Trusted Firmware on FVP using BL3-1 as reset vector. This patch is similar to but distinct from bfb1dd51 and 7ea4c437. Change-Id: I6b467f9a82360a5e2181db99fea881487de52704
-
- 09 Jan, 2015 1 commit
-
-
Sandrine Bailleux authored
Previously, the User Guide recommended launching the Foundation FVP with the parameter --no-secure-memory, which disabled security control of the address map. This was due to missing support for secure memory regions in v1 of the Foundation FVP. This is no longer needed as secure memory is now supported on the Foundation FVP. This patch updates the User Guide to recommend enabling secure memory instead. Change-Id: Ifae53c10ff6e1c7c6724af20e05a3d3a88f6a5ad
-
- 07 Jan, 2015 1 commit
-
-
Joakim Bech authored
Fixes arm-software/tf-issues#276
-
- 06 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch allows to define the name of the FIP at build time by defining the FIP_NAME variable. If FIP_NAME is not defined, default name 'fip.bin' is used. Documentation updated accordingly. Change-Id: Ic41f42aac379b0c958b3dfd02863ba8ba7108710
-
- 22 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch deprecates the build option to relocate the shared data into Trusted DRAM in FVP. After this change, shared data is always located at the base of Trusted SRAM. This reduces the complexity of the memory map and the number of combinations in the build options. Fixes ARM-software/tf-issues#257 Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
-
- 14 Oct, 2014 1 commit
-
-
Juan Castillo authored
This patch configures the TrustZone Controller in Juno to split the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure regions: - Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are used by the SCP for DDR retraining - Non-Secure DDR-DRAM: remaining DRAM starting at base address Build option PLAT_TSP_LOCATION selects the location of the secure payload (BL3-2): - 'tsram' : Trusted SRAM (default option) - 'dram' : Secure region in the DDR-DRAM (set by the TrustZone controller) The MMU memory map has been updated to give BL2 permission to load BL3-2 into the DDR-DRAM secure region. Fixes ARM-software/tf-issues#233 Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
-
- 16 Sep, 2014 1 commit
-
-
Soby Mathew authored
This patch adds support for supplying pre-built BL binaries for BL2, BL3-1 and BL3-2 during trusted firmware build. Specifying BLx = <path_to_BLx> in the build command line, where 'x' is any one of BL2, BL3-1 or BL3-2, will skip building that BL stage from source and include the specified binary in final fip image. This patch also makes BL3-3 binary for FIP optional depending on the value of 'NEED_BL33' flag which is defined by the platform. Fixes ARM-software/tf-issues#244 Fixes ARM-software/tf-issues#245 Change-Id: I3ebe1d4901f8b857e8bb51372290978a3323bfe7
-
- 28 Aug, 2014 1 commit
-
-
Dan Handley authored
* Fix broken link to SCP download. * Remove requirement to install `ia32-libs`. This package is no longer available in current versions of Ubuntu and is no longer required when using the Linaro toolchain. Change-Id: I9823d535a1d69136685754b7707b73e1eef0978d
-
- 27 Aug, 2014 3 commits
-
-
Sandrine Bailleux authored
This patch gathers miscellaneous minor fixes to the documentation, and comments in the source code. Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b Co-Authored-By: Soby Mathew <soby.mathew@arm.com> Co-Authored-By: Dan Handley <dan.handley@arm.com>
-
Juan Castillo authored
This patch makes the Trusted Firmware build instructions in the user guide platform independent. FVP specific instructions have been grouped together under a new section dedicated to FVP. Juno specific instructions to build and run the Trusted Firmware, UEFI and Linux have been added. Change-Id: I9bfb1b9d732b1f73abbe29f68ac931e1773a4fd5
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#100 (commit 186c1d4b). This is distinct from the similar issue fixed in commit bfb1dd51. Also clarify the dependence on the FVP_SHARED_DATA_LOCATION and FVP_TSP_RAM_LOCATION build options, and tidy up the "Notes regarding Base FVP configuration options" section. Change-Id: I6b03452a71f0c69efa169852712bcb184242696e
-
- 21 Aug, 2014 1 commit
-
-
Dan Handley authored
Move up the version numbers of the following Trusted Firmware dependencies in the user guide: * Foundation and Base FVPs (latest publically available versions). * EDK2 implementation. The guide now uses the latest version from https://github.com/ARM-software/edk2.git. This requires the `iasl` package to also be installed. * Linux kernel. The guide now uses the latest version from https://github.com/ARM-software/linux.git. * Linaro OpenEmbedded file system. * ARM Development Studio 5. Change-Id: I95bb863a61e47b9ef8be3d110f7087375ee78add
-
- 14 Aug, 2014 1 commit
-
-
Juan Castillo authored
This patch groups the current contents of the Trusted DRAM region at address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in a single shared memory area that may be allocated to Trusted SRAM (default) or Trusted DRAM at build time by setting the FVP_SHARED_DATA_LOCATION make variable. The size of this shared memory is 4096 bytes. The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM' is not currently supported due to restrictions in the maximum number of mmu tables that can be created. Documentation has been updated to reflect these changes. Fixes ARM-software/tf-issues#100 Change-Id: I26ff04d33ce4cacf8d770d1a1e24132b4fc53ff0
-
- 13 Aug, 2014 1 commit
-
-
Dan Handley authored
Fix the instructions for resetting to the BL3-1 entrypoint in the user guide. The BL3-1 and BL3-2 image locations changed in the fix to ARM-software/tf-issues#117 (commit a1b6db6c). Fixes ARM-software/tf-issues#237 Change-Id: I764eb17c66034511efb984c0e7cfda29bd99198f
-
- 12 Aug, 2014 2 commits
-
-
Dan Handley authored
Create new LOG_LEVEL build option, which controls the amount of console output compiled into the build. This should be one of the following: 0 (LOG_LEVEL_NONE) 10 (LOG_LEVEL_NOTICE) 20 (LOG_LEVEL_ERROR) 30 (LOG_LEVEL_WARNING) 40 (LOG_LEVEL_INFO) 50 (LOG_LEVEL_VERBOSE) All log output up to and including the log level is compiled into the build. The default value is 40 in debug builds and 20 in release builds. Complement the existing INFO, WARN and ERROR console output macros with NOTICE and VERBOSE macros, which are conditionally compiled in depending on the value of LOG_LEVEL. Fixes ARM-software/tf-issues#232 Change-Id: I951e2f333e7b90fc4b1060741d9a6db699d5aa72
-
Juan Castillo authored
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM BLn_BASE and BLn_LIMIT definitions have been updated and are based on these new memory regions. The available memory for each bootloader in the linker script is defined by BLn_BASE and BLn_LIMIT, instead of the complete memory region. TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of the platform porting. FVP common definitions are defined in fvp_def.h while platform_def.h contains exclusively (with a few exceptions) the definitions that are mandatory in the porting guide. Therefore, platform_def.h now includes fvp_def.h instead of the other way around. Porting guide has been updated to reflect these changes. Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
-
- 07 Aug, 2014 1 commit
-
-
Juan Castillo authored
Tests show a slight reduction in code size compared to 13.11. User guide updated. Fixes ARM-software/tf-issues#207 Change-Id: I9b80a5d7820cdfd443cac4d4b63f925b74a8c3a3
-
- 01 Aug, 2014 1 commit
-
-
Vikram Kanigiri authored
This patch adds support for BL3-2 initialization by asynchronous method where BL3-1 transfers control to BL3-2 using world switch. After BL3-2 initialization, it transfers control to BL3-3 via SPD service handler. The SPD service handler initializes the CPU context to BL3-3 entrypoint depending on the return function indentifier from TSP initialization. Fixes ARM-software/TF-issues#184 Change-Id: I7b135c2ceeb356d3bb5b6a287932e96ac67c7a34
-
- 28 Jul, 2014 1 commit
-
-
Soby Mathew authored
The patch implements a macro ASM_ASSERT() which can be invoked from assembly code. When assertion happens, file name and line number of the check is written to the crash console. Fixes ARM-software/tf-issues#95 Change-Id: I6f905a068e1c0fa4f746d723f18df60daaa00a86
-
- 10 Jul, 2014 1 commit
-
-
Sandrine Bailleux authored
- Add support for loading a BL3-0 image in BL2. Information about memory extents is populated by platform-specific code. Subsequent handling of BL3-0 is also platform specific. The BL2 main function has been broken down to improve readability. The BL3-2 image is now loaded before the BL3-3 image to align with the boot flow. - Build system: Add support for specifying a BL3-0 image that will be included into the FIP image. - IO FIP driver: Add support for identifying a BL3-0 image inside a FIP image. - Update the documentation to reflect the above changes. Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
-
- 09 Jul, 2014 1 commit
-
-
Dan Handley authored
Refactor the FVP gic code in plat/fvp/fvp_gic.c to be a generic ARM GIC driver in drivers/arm/gic/arm_gic.c. Provide the platform specific inputs in the arm_gic_setup() function so that the driver has no explicit dependency on platform code. Provide weak implementations of the platform interrupt controller API in a new file, plat/common/plat_gic.c. These simply call through to the ARM GIC driver. Move the only remaining FVP GIC function, fvp_gic_init() to plat/fvp/aarch64/fvp_common.c and remove plat/fvp/fvp_gic.c Fixes ARM-software/tf-issues#182 Change-Id: Iea82fe095fad62dd33ba9efbddd48c57717edd21
-
- 11 Jun, 2014 1 commit
-
-
Andrew Thoelke authored
This patch makes the console crash dump of processor register state optional based on the CRASH_REPORTING make variable. This defaults to only being enabled for DEBUG builds. This can be overridden by setting a different value in the platform makefile or on the make command line. Change-Id: Icfa1b2d7ff0145cf0a85e8ad732f9cee7e7e993f
-
- 03 Jun, 2014 1 commit
-
-
Vikram Kanigiri authored
Update documentation with BL3-1 hardening interface changes and for using BL3-1 as a reset vector feature Change-Id: Iafdd05e7a8e66503409f2acc934372efef5bc51b
-