1. 31 Aug, 2017 1 commit
    • Soby Mathew's avatar
      cert_tool: Support for legacy RSA PKCS#1 v1.5 · a8eb286a
      Soby Mathew authored
      
      
      This patch enables choice of RSA version at run time to be used for
      generating signatures by the cert_tool. The RSA PSS as defined in
      PKCS#1 v2.1 becomes the default version and this patch enables to specify
      the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
      -a option. Also, the build option `KEY_ALG` can be used to pass this
      option from the build system. Please note that RSA PSS is mandated
      by Trusted Board Boot requirements (TBBR) and legacy RSA support is
      being added for compatibility reasons.
      
      Fixes ARM-Software/tf-issues#499
      Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
      Co-Authored-By: default avatarEleanor Bonnici <Eleanor.bonnici@arm.com>
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a8eb286a
  2. 09 Aug, 2017 1 commit
  3. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  4. 03 May, 2017 1 commit
  5. 11 Feb, 2017 1 commit
    • Masahiro Yamada's avatar
      cert_create: fix memory leak bug caused by key container overwrite · 762f1ebe
      Masahiro Yamada authored
      
      
      In the current code, both key_load() and key_create() call key_new()
      to allocate a key container (and they do not free it even if they
      fail).  If a specific key is not given by the command option,
      key_load() fails, then key_create() is called.  At this point, the
      key container that has been allocated in key_load() is still alive,
      and it is overwritten by a new key container created by key_create().
      
      Move the key_new() call to the main() function to make sure it is
      called just once for each descriptor.
      
      While we are here, let's fix one more bug; the error handling code
        ERROR("Malloc error while loading '%s'\n", keys[i].fn);
      is wrong because keys[i].fn is NULL pointer unless a specific key is
      given by the command option.  This code could be run in either case.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      762f1ebe
  6. 30 Mar, 2016 1 commit
    • Juan Castillo's avatar
      cert_create: add non-volatile counter support · 96103d5a
      Juan Castillo authored
      This patch adds non-volatile counter support to the Certificate
      Generation tool. The TBBR Chain of Trust definition in the tool
      has been extended to include the counters as certificate extensions.
      The counter values can be specified in the command line.
      
      The following default counter values are specified in the build
      system:
      
        * Trusted FW Non-Volatile counter = 0
        * Non-Trusted FW Non-Volatile counter = 0
      
      These values can be overridden by the platform at build time.
      
      Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c
      96103d5a
  7. 07 Jan, 2016 1 commit
    • Juan Castillo's avatar
      cert_create: update help message · 159807e2
      Juan Castillo authored
      The help message printed by the cert_create tool using the command
      line option -h (or --help) does not correctly list all the available
      command line options.
      
      This patch reworks the print_help() function to print the help
      messages in a data driven approach. For each command line option
      registered, an optional help message can be specified, which will
      be printed by print_help().
      
      Help messages for the TBBR options (certificates, keys and images)
      are also provided.
      
      Fix a small bug in the short options string passed to getopt_long:
      the ':' was missing in the '-a' option (this option must take an
      argument).
      
      Fixes ARM-software/tf-issues#337
      
      Change-Id: I9d08c2dfd349022808fcc884724f677eefdc1452
      159807e2
  8. 05 Jan, 2016 1 commit
    • Sandrine Bailleux's avatar
      Always build with '-pedantic' · aa856917
      Sandrine Bailleux authored
      By default ARM TF is built with the '-pedantic' compiler flag, which
      helps detecting violations of the C standard. However, the mbed TLS
      library and its associated authentication module in TF used to fail
      building with this compiler flag. As a workaround, the mbed TLS
      authentication module makefile used to set the 'DISABLE_PEDANTIC'
      TF build flag.
      
      The compiler errors flagged by '-pedantic' in the mbed TLS library
      have been fixed between versions 1.3.9 and 2.2.0 and the library now
      properly builds with this compiler flag.
      
      This patch fixes the remaining compiler errors in the mbed TLS
      authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
      build flag. This means that TF is now always built with '-pedantic'.
      
      In particular, this patch:
      
       * Removes the final semi-colon in REGISTER_COT() macro.
      
         This semi-colon was causing the following error message:
      
         drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
         extra ';' outside of a function [-Werror=pedantic]
      
         This has been fixed both in the mbed TLS authentication module
         as well as in the certificate generation tool. Note that the latter
         code didn't need fixing since it is not built with '-pedantic' but
         the change has been propagated for consistency.
      
         Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
         which were suffering from the same issue.
      
       * Fixes a pointer type.
      
         It was causing the following error message:
      
         drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
         drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
         type 'void *' used in arithmetic [-Werror=pointer-arith]
      
      Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
      aa856917
  9. 14 Dec, 2015 1 commit
    • Juan Castillo's avatar
      TBB: apply TBBR naming convention to certificates and extensions · 516beb58
      Juan Castillo authored
      This patch applies the TBBR naming convention to the certificates
      and the corresponding extensions defined by the CoT:
      
          * Certificate UUID names
          * Certificate identifier names
          * OID names
      
      Changes apply to:
      
          * Generic code (variables and defines)
          * The default certificate identifiers provided in the generic
            code
          * Build system
          * ARM platforms port
          * cert_create tool internal definitions
          * fip_create and cert_create tools command line options
          * Documentation
      
      IMPORTANT: this change breaks the compatibility with platforms
      that use TBBR. The platform will need to adapt the identifiers
      and OIDs to the TBBR naming convention introduced by this patch:
      
      Certificate UUIDs:
      
          UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
          UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
          UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
          UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
          UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
          UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
          UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
          UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
          UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
      
      Certificate identifiers:
      
          BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
          BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
          BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
          BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
          BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
          BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
          BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
          BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
          BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
      
      OIDs:
      
          TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
          NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
          BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
          TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
          NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
          BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
          BL30_HASH_OID --> SCP_FW_HASH_OID
          BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
          BL31_HASH_OID --> SOC_AP_FW_HASH_OID
          BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
          BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
          BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
          BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
          BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
          SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
          NS_BL2U_HASH_OID --> FWU_HASH_OID
      
      Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
      516beb58
  10. 09 Dec, 2015 1 commit
    • Yatharth Kochar's avatar
      FWU: Add FWU support to `cert_create` tool · cebe1f23
      Yatharth Kochar authored
      Firmware Update requires an X509v3 certificate which contains
      hashes for SCP_BL2U, BL2U and NS_BL2U images as extensions.
      
      This patch extends the Chain of Trust definition in the
      'cert_create' tool to include the Firmware Update certificate
      and the required extensions (including command line options).
      A new field in the extension structure will be used to indicate
      that the extension is optional. In the case of an image hash
      extension, this field will tell the tool that the hash should
      be included in the certificate, but filled with zeros.
      
      Change-Id: I1f77a66b018826b71745910771f38d9cf6050388
      cebe1f23
  11. 23 Oct, 2015 1 commit
    • Juan Castillo's avatar
      cert_create: specify command line options in the CoT · ad2c1a9a
      Juan Castillo authored
      This patch introduces a new API that allows to specify command
      line options in the Chain of Trust description. These command line
      options may be used to specify parameters related to the CoT (i.e.
      keys or certificates), instead of keeping a hardcoded list of
      options in main.c.
      
      Change-Id: I282b0b01cb9add557b26bddc238a28253ce05e44
      ad2c1a9a
  12. 16 Jul, 2015 1 commit
    • Juan Castillo's avatar
      TBB: rework cert_create tool to follow a data driven approach · 55e291a4
      Juan Castillo authored
      This patch reworks the certificate generation tool to follow a data
      driven approach. The user may specify at build time the certificates,
      keys and extensions defined in the CoT, register them using the
      appropiate macros and the tool will take care of creating the
      certificates corresponding to the CoT specified.
      
      Change-Id: I29950b39343c3e1b71718fce0e77dcf2a9a0be2f
      55e291a4
  13. 01 Jul, 2015 1 commit
    • Juan Castillo's avatar
      TBB: build 'cert_create' with ECDSA only if OpenSSL supports it · ed2a76ea
      Juan Castillo authored
      Some Linux distributions include an OpenSSL library which has been
      built without ECDSA support. Trying to build the certificate
      generation tool on those distributions will result in a build error.
      
      This patch fixes that issue by including ECDSA support only if
      OpenSSL has been built with ECDSA. In that case, the OpenSSL
      configuration file does not define the OPENSSL_NO_EC macro. The tool
      will build successfully, although the resulting binary will not
      support ECDSA keys.
      
      Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
      ed2a76ea
  14. 25 Jun, 2015 2 commits
    • Juan Castillo's avatar
      TBB: add ECDSA support to the certificate generation tool · ccbf890e
      Juan Castillo authored
      This patch extends the 'cert_create' tool to support ECDSA keys
      to sign the certificates. The '--key-alg' command line option
      can be used to specify the key algorithm when invoking the tool.
      Available options are:
      
          * 'rsa': create RSA-2048 keys (default option)
          * 'ecdsa': create ECDSA-SECP256R1 keys
      
      The TF Makefile has been updated to allow the platform to specify
      the key algorithm by declaring the 'KEY_ALG' variable in the
      platform makefile.
      
      The behaviour regarding key management has changed. After applying
      this patch, the tool will try first to open the keys from disk. If
      one key does not exist or no key is specified, and the command line
      option to create keys has been specified, new keys will be created.
      Otherwise an error will be generated and the tool will exit. This
      way, the user may specify certain keys while the tool will create
      the remaining ones. This feature is useful for testing purposes
      and CI infrastructures.
      
      The OpenSSL directory may be specified using the build option
      'OPENSSL_DIR' when building the certificate generation tool.
      Default is '/usr'.
      
      Change-Id: I98bcc2bfab28dd7179f17f1177ea7a65698df4e7
      ccbf890e
    • Juan Castillo's avatar
      TBB: use ASN.1 type DigestInfo to represent hashes · c3da66b1
      Juan Castillo authored
      The cert_create tool calculates the hash of each BL image and includes
      it as an ASN.1 OCTET STRING in the corresponding certificate extension.
      Without additional information, the firmware running on the platform
      has to know in advance the algorithm used to generate the hash.
      
      This patch modifies the cert_create tool so the certificate extensions
      that include an image hash are generated according to the following
      ASN.1 structure:
      
          DigestInfo ::= SEQUENCE {
              digestAlgorithm  AlgorithmIdentifier,
              digest           OCTET STRING
          }
      
          AlgorithmIdentifier ::=  SEQUENCE  {
              algorithm        OBJECT IDENTIFIER,
              parameters       ANY DEFINED BY algorithm OPTIONAL
          }
      
      The PolarSSL module has been updated to extract the image hash
      from the certificate extension according to this structure.
      
      Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
      c3da66b1
  15. 28 Jan, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add tool to generate certificates · 6f971622
      Juan Castillo authored
      This patch adds a tool that generates all the necessary elements
      to establish the chain of trust (CoT) between the images.
      
      The tool reads the binary images and signing keys and outputs the
      corresponding certificates that will be used by the target at run
      time to verify the authenticity of the images.
      
      Note: the platform port must provide the file platform_oid.h. This
      file will define the OIDs of the x509 extensions that will be added
      to the certificates in order to establish the CoT.
      
      Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
      6f971622