1. 31 Mar, 2015 1 commit
  2. 06 Mar, 2015 1 commit
  3. 05 Mar, 2015 4 commits
    • Juan Castillo's avatar
      TBB: use SHA256 to generate the certificate signatures · ea4ec3aa
      Juan Castillo authored
      This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
      certificate signatures are generated according to the NSA Suite B
      cryptographic algorithm requirements.
      
      Documentation updated accordingly.
      
      Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
      ea4ec3aa
    • danh-arm's avatar
      Merge pull request #261 from sandrine-bailleux/sb/coding-style · 5930eadb
      danh-arm authored
      Ignore C library files when checking coding style
      Fix violations to the coding style
      5930eadb
    • Sandrine Bailleux's avatar
      Fix violations to the coding style · ba592e28
      Sandrine Bailleux authored
      All coding style violations have been fixed in a previous patch and
      since then, each individual patch has been checked in this regard.
      However, the latest version of the checkpatch.pl script from the Linux
      kernel is more advanced and it is able to flag new errors in the
      Trusted Firmware codebase. This patch fixes them.
      
      Change-Id: I1f332f2440984be85d36b231bb83260368987077
      ba592e28
    • Sandrine Bailleux's avatar
      Ignore C library files when checking coding style · 95d5353c
      Sandrine Bailleux authored
      The C library source files embedded into the Trusted Firmware
      tree are not required to comply to the Linux Coding Style.
      Unfortunately, 'make checkpatch' does take them into account.
      
      This patch modifies the Makefile so that the C library source
      and header files are now ignored by 'make checkpatch'.
      
      It also instructs the checkpatch.pl script to not treat the
      presence of a 'Change-Id' line in the commit message as an error.
      
      Change-Id: I38196202efe518bae3a57c2affe2ed7758c9f69c
      95d5353c
  4. 25 Feb, 2015 2 commits
  5. 19 Feb, 2015 1 commit
  6. 16 Feb, 2015 1 commit
    • Robin Murphy's avatar
      Juno: clear DMA-330 SMMU security state · 75f8261c
      Robin Murphy authored
      By default the SMMU for the DMA-330 is configured to mark some stream IDs
      as always belonging to the Secure world. As a result, if EL1 software turns
      the SMMU on, certain Non-Secure accesses get rewritten as Secure, making
      them bypass translation and access Secure physical addresses directly.
      
      Since the current Juno board firmware configures the DMA-330 hardware as
      Non-Secure, rewrite the SMMU's default SSD table as well to prevent any
      unexpected behaviour in EL1.
      
      Change-Id: Iaa81d883eecf28d80eb182b9ce475684bf9c718c
      75f8261c
  7. 12 Feb, 2015 2 commits
    • Soby Mathew's avatar
      Export maximum affinity using PLATFORM_MAX_AFFLVL macro · 8c32bc26
      Soby Mathew authored
      This patch removes the plat_get_max_afflvl() platform API
      and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
      This is done because the maximum affinity level for a platform
      is a static value and it is more efficient for it to be defined
      as a platform macro.
      
      NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
      
      Fixes ARM-Software/tf-issues#265
      
      Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
      8c32bc26
    • Soby Mathew's avatar
      Minimize MAX_MMAP_REGIONS for each BL stage · ce41250e
      Soby Mathew authored
      This patch defines MAX_MMAP_REGIONS separately for each BL stage
      as per its requirements. This minimizes the size of the mmap[]
      array.
      
      Fixes ARM-Software/tf-issues#201
      
      Change-Id: I19b15e1a91a8365b2ecf24e2cd71937cb73916b2
      ce41250e
  8. 04 Feb, 2015 2 commits
  9. 03 Feb, 2015 4 commits
  10. 02 Feb, 2015 4 commits
  11. 30 Jan, 2015 2 commits
    • danh-arm's avatar
      Merge pull request #251 from soby-mathew/sm/reset_handler_fix_v2 · 6a4932bd
      danh-arm authored
      Fix the Cortex-A57 reset handler register usage v2
      6a4932bd
    • Soby Mathew's avatar
      Fix the Cortex-A57 reset handler register usage · 683f788f
      Soby Mathew authored
      The CPU specific reset handlers no longer have the freedom
      of using any general purpose register because it is being invoked
      by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
      specific reset handler was overwriting x20 register which was being
      used by the BL3-1 entry point to save the entry point information.
      This patch fixes this bug by reworking the register allocation in the
      Cortex-A57 reset handler to avoid using x20. The patch also
      explicitly mentions the register clobber list for each of the
      callee functions invoked by the reset handler
      
      Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
      683f788f
  12. 28 Jan, 2015 12 commits
    • danh-arm's avatar
      Merge pull request #249 from danh-arm/jc/tbb_prototype · 2d017e22
      danh-arm authored
      Trusted Board Boot Prototype
      2d017e22
    • Juan Castillo's avatar
      TBB: authenticate BL3-x images and certificates · dec840af
      Juan Castillo authored
      This patch adds support to authenticate the Trusted Key certificate
      and the BL3-x certificates and images at BL2.
      
      Change-Id: I69a8c13a14c8da8b75f93097d3a4576aed71c5dd
      dec840af
    • Juan Castillo's avatar
      FVP: initialize IO framework in bl2_early_platform_setup() · bed82ac9
      Juan Castillo authored
      This patch moves fvp_io_setup() to bl2_early_platform_setup() in order
      to allow BL2 to use the IO framework before bl2_platform_setup().
      
      Change-Id: I75e1a772ab5f9b4727f6727822a2527c30f3c63d
      bed82ac9
    • Juan Castillo's avatar
      TBB: authenticate BL2 image and certificate · 01df3c14
      Juan Castillo authored
      This patch adds support to authenticate the BL2 content certificate
      and image using the authentication module in BL1.
      
      The FIP driver has been extended to include the BL2 certificate
      UUID.
      
      FVP and Juno ports include the BL2 certificate FIP file
      definition.
      
      Change-Id: I32680e9bd123c8db4a4193c14448c9b32b0e9325
      01df3c14
    • Juan Castillo's avatar
      TBB: add authentication module interface · 40febc3a
      Juan Castillo authored
      This patch provides an API to access the authentication module that
      will be used to verify the authenticity of the images loaded into
      memory as part of the Trusted Board Boot process.
      
      To include the authentication module as part of the build, set the
      boolean build option TRUSTED_BOARD_BOOT. One single authentication
      module must be registered at build time by setting the build option
      AUTH_MOD=<mod_name>. All authentication modules will be located in
      'common/auth/<mod_name>' and must present the <mod_name>.mk file that
      will be included by the build system to compile the module sources.
      
      To create an authentication module, an instance of auth_mod_t called
      'auth_mod' must be declared in the module sources. The initialization
      and verification functions provided by the module will be exported
      through the function pointers specified when declaring this instance.
      
      If an authentication module includes third party sources that do not
      adhere to the C99 standard, the -pedantic option may be removed from
      the build options by setting the flag DISABLE_PEDANTIC in the module
      file <mod_name>.mk.
      
      Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
      40febc3a
    • Juan Castillo's avatar
      TBB: add PolarSSL based authentication module · db6071c9
      Juan Castillo authored
      This patch implements an authentication module based on the
      PolarSSL library (v1.3.9) to verify the Chain of Trust when
      Trusted Boot is enabled.
      
      PolarSSL sources must be fetched separately. The POLARSSL_DIR
      build option may be used to indicate the path to the PolarSSL
      main directory (this directory must contain the 'include' and
      'library' subdirectories).
      
      To be able to build PolarSSL sources as a part of the Trusted
      Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
      will tell the build system to remove the -pedantic option from
      the CFLAGS.
      
      Inclusion of PolarSSL increases the memory requirements of the BL1
      and BL2 images. The following are the changes made to the FVP and
      Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
      defined:
      
      Changes on FVP:
      
        - BL1 and BL2 stacks have been increased to 4 KB
        - BL1(rw) section has been increased to 32 KB.
        - BL2 memory region has been increased to 112 KB
      
      Changes on Juno:
      
        - BL1 and BL2 stacks have been increased to 4 KB
        - BL1(rw) section has been increased to 32 KB.
        - Trusted ROM region in Flash has been increased to 128 KB.
        - BL2 memory region has been increased to 116 KB
      
      Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
      db6071c9
    • Juan Castillo's avatar
      stdlib: add missing features to build PolarSSL · e509d057
      Juan Castillo authored
      This patch adds the missing features to the C library included
      in the Trusted Firmware to build PolarSSL:
      
        - strcasecmp() function
        - exit() function
        - sscanf()* function
        - time.h header file (and its dependencies)
      
      * NOTE: the sscanf() function is not a real implementation. It just
      returns the number of expected arguments by counting the number of
      '%' characters present in the formar string. This return value is
      good enough for PolarSSL because during the certificate parsing
      only the return value is checked. The certificate validity period
      is ignored.
      
      Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d
      e509d057
    • Juan Castillo's avatar
      TBB: add a platform specific function to validate the ROTPK · 6eadf762
      Juan Castillo authored
      This patch adds the function plat_match_rotpk() to the platform
      porting layer to provide a Root Of Trust Public key (ROTPK)
      verification mechanism. This function is called during the
      Trusted Board Boot process and receives a supposed valid copy
      of the ROTPK as a parameter, usually obtained from an external
      source (for instance, a certificate). It returns 0 (success) if
      that key matches the actual ROTPK stored in the system or any
      other value otherwise.
      
      The mechanism to access the actual ROTPK stored in the system
      is platform specific and should be implemented as part of this
      function. The format of the ROTPK is also platform specific
      (to save memory, some platforms might store a hash of the key
      instead of the whole key).
      
      TRUSTED_BOARD_BOOT build option has been added to allow the user
      to enable the Trusted Board Boot features. The implementation of
      the plat_match_rotpk() funtion is mandatory when Trusted Board
      Boot is enabled.
      
      For development purposes, FVP and Juno ports provide a dummy
      function that returns always success (valid key). A safe trusted
      boot implementation should provide a proper matching function.
      
      Documentation updated accordingly.
      
      Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
      6eadf762
    • Juan Castillo's avatar
      TBB: add support to include certificates in a FIP image · b7124ea7
      Juan Castillo authored
      This patch extends the FIP tool to include the certificates
      generated by the 'cert_create' tool.
      
      If GENERATE_COT build option is enabled, the Makefile adds the
      certificates as dependencies to create the FIP file. Thus, make
      target 'fip' will also build the certificates as part of the
      Trusted Firmware build process.
      
      Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
      b7124ea7
    • Juan Castillo's avatar
      TBB: add tool to generate certificates · 6f971622
      Juan Castillo authored
      This patch adds a tool that generates all the necessary elements
      to establish the chain of trust (CoT) between the images.
      
      The tool reads the binary images and signing keys and outputs the
      corresponding certificates that will be used by the target at run
      time to verify the authenticity of the images.
      
      Note: the platform port must provide the file platform_oid.h. This
      file will define the OIDs of the x509 extensions that will be added
      to the certificates in order to establish the CoT.
      
      Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
      6f971622
    • Juan Castillo's avatar
      Skip reserving memory for non-executable and BL3-0 images · c5fb47c3
      Juan Castillo authored
      This patch adds support to not reserve the memory where an image is
      loaded if the image is:
      
        1. A non-executable image e.g. a certificate
        2. An executable image which is not meant to run on the
           application CPU (e.g. BL3-0)
      
      Both types of images are characterized by a NULL entrypoint argument
      to the load_image() function. It is used to distinguish them from
      other type of images.
      
      Important: Use this feature carefully. The caller is responsible for
      providing a valid entrypoint while loading images which will execute
      on the application CPU to prevent a potential overwrite of the
      corresponding memory region.
      
      Change-Id: Ied482280d9db714c529ec12c33a6c1d918d77a4e
      c5fb47c3
    • danh-arm's avatar
      Merge pull request #248 from jcastillo-arm/jc/tf-issues/212_1 · 03b23703
      danh-arm authored
      Allow BL3-2 to be loaded into the secure region of DRAM
      03b23703
  13. 27 Jan, 2015 1 commit
  14. 26 Jan, 2015 3 commits
    • Yatharth Kochar's avatar
      Call reset handlers upon BL3-1 entry. · 79a97b2e
      Yatharth Kochar authored
      This patch adds support to call the reset_handler() function in BL3-1 in the
      cold and warm boot paths when another Boot ROM reset_handler() has already run.
      
      This means the BL1 and BL3-1 versions of the CPU and platform specific reset
      handlers may execute different code to each other. This enables a developer to
      perform additional actions or undo actions already performed during the first
      call of the reset handlers e.g. apply additional errata workarounds.
      
      Typically, the reset handler will be first called from the BL1 Boot ROM. Any
      additional functionality can be added to the reset handler when it is called
      from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
      to identify whether this is the first version of the reset handler code to be
      executed or an overridden version of the code.
      
      The Cortex-A57 errata workarounds are applied only if they have not already been
      applied.
      
      Fixes ARM-software/tf-issue#275
      
      Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
      79a97b2e
    • danh-arm's avatar
      Merge pull request #246 from soby-mathew/sm/route_IRQ_EL3 · 9d212557
      danh-arm authored
      Demonstrate model for routing IRQs to EL3
      9d212557
    • Soby Mathew's avatar
      Demonstrate model for routing IRQs to EL3 · f4f1ae77
      Soby Mathew authored
      This patch provides an option to specify a interrupt routing model
      where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
      When such an interrupt occurs, the TSPD arranges a return to
      the normal world after saving any necessary context. The interrupt
      routing model to route IRQs to EL3 is enabled only during STD SMC
      processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
      and Secure Interrupt processing.
      
      A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
      the non secure interrupt target execution level to EL3.
      
      Fixes ARM-software/tf-issues#225
      
      Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32
      f4f1ae77