1. 11 Mar, 2020 1 commit
    • Madhukar Pappireddy's avatar
      fconf: enhancements to firmware configuration framework · 25d740c4
      Madhukar Pappireddy authored
      
      
      A populate() function essentially captures the value of a property,
      defined by a platform, into a fconf related c structure. Such a
      callback is usually platform specific and is associated to a specific
      configuration source.
      For example, a populate() function which captures the hardware topology
      of the platform can only parse HW_CONFIG DTB. Hence each populator
      function must be registered with a specific 'config_type' identifier.
      It broadly represents a logical grouping of configuration properties
      which is usually a device tree source file.
      
      Example:
      > TB_FW: properties related to trusted firmware such as IO policies,
      	 base address of other DTBs, mbedtls heap info etc.
      > HW_CONFIG: properties related to hardware configuration of the SoC
      	 such as topology, GIC controller, PSCI hooks, CPU ID etc.
      
      This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate()
      to register and invoke the appropriate callbacks selectively based on
      configuration type.
      
      Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      25d740c4
  2. 10 Mar, 2020 4 commits
  3. 09 Mar, 2020 18 commits
  4. 08 Mar, 2020 1 commit
  5. 06 Mar, 2020 10 commits
    • Manish Pandey's avatar
      TSP: corrected log information · a16bc845
      Manish Pandey authored
      
      
      In CPU resume function, CPU suspend count was printed instead of CPU
      resume count.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I0c081dc03a4ccfb2129687f690667c5ceed00a5f
      a16bc845
    • Masahiro Yamada's avatar
      uniphier: shrink UNIPHIER_ROM_REGION_SIZE · 548654bc
      Masahiro Yamada authored
      
      
      Currently, the ROM region is needlessly too large.
      
      The on-chip SRAM region of the next SoC will start from 0x04000000,
      and this will cause the region overlap.
      
      Mapping 0x04000000 for the ROM is enough.
      
      Change-Id: I85ce0bb1120ebff2e3bc7fd13dc0fd15dfff5ff6
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      548654bc
    • Alexei Fedorov's avatar
      03ea84c3
    • Sumit Garg's avatar
      qemu: Support optional encryption of BL31 and BL32 images · 51857762
      Sumit Garg authored
      
      
      Enable encryption IO layer to be stacked above FIP IO layer for optional
      encryption of Bl31 and BL32 images in case ENCRYPT_BL31 or ENCRYPT_BL32
      build flag is set.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I24cba64728861e833abffc3d5d9807599c49feb6
      51857762
    • Sumit Garg's avatar
      qemu: Update flash address map to keep FIP in secure FLASH0 · a886bbec
      Sumit Garg authored
      
      
      Secure FLASH0 memory map looks like:
      - Offset: 0 to 256K -> bl1.bin
      - Offset: 256K to 4.25M -> fip.bin
      
      FLASH1 is normally used via UEFI/edk2 to keep varstore.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I6883f556c22d6a5d3fa3846c703bebc2abe36765
      a886bbec
    • Sumit Garg's avatar
      Makefile: Add support to optionally encrypt BL31 and BL32 · c6ba9b45
      Sumit Garg authored
      
      
      Following build flags have been added to support optional firmware
      encryption:
      
      - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
          0: Encryption is done with Secret Symmetric Key (SSK) which is
             common for a class of devices.
          1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
             is unique per device.
      
      - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
          could be SSK or BSSK depending on FW_ENC_STATUS flag.
      
      - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
          (IV) in hex string format.
      
      - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
      
      - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
      
      Similar flags can be added to encrypt other firmwares as well depending
      on use-cases.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
      c6ba9b45
    • Sumit Garg's avatar
      tools: Add firmware authenticated encryption tool · 90aa901f
      Sumit Garg authored
      
      
      Add firmware authenticated encryption tool which utilizes OpenSSL
      library to encrypt firmwares using a key provided via cmdline. Currently
      this tool supports AES-GCM as an authenticated encryption algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
      90aa901f
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored
      
      
      Add framework for autheticated decryption of data. Currently this
      patch optionally imports mbedtls library as a backend if build option
      "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
      using AES-GCM algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb
    • Olivier Deprez's avatar
      Merge changes from topic "spmd-sel2" into integration · d95f7a72
      Olivier Deprez authored
      * changes:
        SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
        SPMD: smc handler qualify secure origin using booleans
        SPMD: SPMC init, SMC handler cosmetic changes
        SPMD: [tegra] rename el1_sys_regs structure to sys_regs
        SPMD: Adds partially supported EL2 registers.
        SPMD: save/restore EL2 system registers.
      d95f7a72
  6. 05 Mar, 2020 5 commits
  7. 04 Mar, 2020 1 commit