1. 13 Jan, 2016 1 commit
  2. 06 Jan, 2016 3 commits
  3. 05 Jan, 2016 2 commits
    • Juan Castillo's avatar
      Apply TBBR naming convention to the fip_create options · 8f0617ef
      Juan Castillo authored
      The fip_create tool specifies images in the command line using the
      ARM TF naming convention (--bl2, --bl31, etc), while the cert_create
      tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double
      convention is confusing and should be aligned.
      
      This patch updates the fip_create command line options to follow the
      TBBR naming convention. Usage examples in the User Guide have been
      also updated.
      
      NOTE: users that build the FIP by calling the fip_create tool directly
      from the command line must update the command line options in their
      scripts. Users that build the FIP by invoking the main ARM TF Makefile
      should not notice any difference.
      
      Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f
      8f0617ef
    • Sandrine Bailleux's avatar
      Always build with '-pedantic' · aa856917
      Sandrine Bailleux authored
      By default ARM TF is built with the '-pedantic' compiler flag, which
      helps detecting violations of the C standard. However, the mbed TLS
      library and its associated authentication module in TF used to fail
      building with this compiler flag. As a workaround, the mbed TLS
      authentication module makefile used to set the 'DISABLE_PEDANTIC'
      TF build flag.
      
      The compiler errors flagged by '-pedantic' in the mbed TLS library
      have been fixed between versions 1.3.9 and 2.2.0 and the library now
      properly builds with this compiler flag.
      
      This patch fixes the remaining compiler errors in the mbed TLS
      authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
      build flag. This means that TF is now always built with '-pedantic'.
      
      In particular, this patch:
      
       * Removes the final semi-colon in REGISTER_COT() macro.
      
         This semi-colon was causing the following error message:
      
         drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
         extra ';' outside of a function [-Werror=pedantic]
      
         This has been fixed both in the mbed TLS authentication module
         as well as in the certificate generation tool. Note that the latter
         code didn't need fixing since it is not built with '-pedantic' but
         the change has been propagated for consistency.
      
         Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
         which were suffering from the same issue.
      
       * Fixes a pointer type.
      
         It was causing the following error message:
      
         drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
         drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
         type 'void *' used in arithmetic [-Werror=pointer-arith]
      
      Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
      aa856917
  4. 04 Jan, 2016 1 commit
  5. 22 Dec, 2015 4 commits
  6. 21 Dec, 2015 5 commits
    • Sandrine Bailleux's avatar
      Update `change-log.md` for v1.2 release · ed5e011f
      Sandrine Bailleux authored
      Change-Id: I23a852fc7d91f91923bb84bc3167a830d1bb7463
      ed5e011f
    • Sandrine Bailleux's avatar
      Miscellaneous doc fixes for v1.2 · 1645d3ee
      Sandrine Bailleux authored
      Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
      1645d3ee
    • Dan Handley's avatar
      Clarify "Getting the TF source code" in user guide · 3f61835b
      Dan Handley authored
      Remove the following redundant sentence from the user guide, which
      implies the user should use the TF version from the Linaro release,
      which was not the intention:
      
      "However, the rest of this document assumes that you got the
      Trusted Firmware as part of the Linaro release."
      
      Also, tidied up the grammar in this section.
      
      Change-Id: I5dae0b68d3683e2a85a7b3c6a31222182a66f6c8
      3f61835b
    • Dan Handley's avatar
      Update `contributing.md` CLA instructions · f162c536
      Dan Handley authored
      Update `contributing.md` to make it clear that contributors should
      wait for ARM to confirm acceptance of the completed CLA before
      making contributions.
      
      Change-Id: Ide62d893ad8cc0d2a0949c16605cd8689d9624bf
      f162c536
    • Sandrine Bailleux's avatar
      Remove out-dated comment in FVP PWRC code · 0f09c8f7
      Sandrine Bailleux authored
      fvp_pwr_domain_on() used to program the CPUs mailbox. This changed
      with commit 804040d1 but the comment documenting this code still
      refers to the mailbox programming. This patch removes this out-dated
      information.
      
      Change-Id: Ibfe2a426bdda6e71f20c83a99cb223ceca9c559c
      0f09c8f7
  7. 17 Dec, 2015 5 commits
  8. 16 Dec, 2015 2 commits
  9. 15 Dec, 2015 6 commits
    • danh-arm's avatar
      Merge pull request #470 from danh-arm/dh/fwu-done-fix · 9831154f
      danh-arm authored
      FWU: Pass client cookie to FWU_SMC_UPDATE_DONE
      9831154f
    • Sandrine Bailleux's avatar
      Introduce the ARM TF reset design document · c2f0260c
      Sandrine Bailleux authored
      This patch introduces a new document presenting the ARM Trusted
      Firmware Reset Design. It shows the reset code flow, lists the
      different build options that affect it, in which case to use them
      and what their exact effect is.
      
      The section about using BL31 entrypoint as the reset address has
      been moved from the general firmware design document to this one.
      It's also been improved to explain why the FVP port supports the
      RESET_TO_BL31 configuration, even though the reset vector address
      can't be programmed dynamically.
      
      This document includes some images, which have been generated using
      Dia version 0.97.2. This tool can be obtained from:
      https://wiki.gnome.org/Apps/Dia/Download
      This patch provides:
       - the image files describing the different reset flow diagrams;
       - the source '.dia' file;
       - a script automating the generation of the images from the '.dia'
         file.
      Note that the 2 latter files are not actually needed for the document
      and are provided for convenience only, in case the reset images need
      to be modified.
      
      Change-Id: Ib6302e8209d418a5b31c4e85e55fd9e83caf2ca2
      c2f0260c
    • danh-arm's avatar
      Merge pull request #469 from danh-arm/dh/fwu-resume-fix · e551c5bf
      danh-arm authored
      FWU: Remove image_id arg from FWU_SMC_IMAGE_RESUME
      e551c5bf
    • Dan Handley's avatar
      FWU: Pass client cookie to FWU_SMC_UPDATE_DONE · 1f37b944
      Dan Handley authored
      The current FWU_SMC_UPDATE_DONE implementation incorrectly passes
      an unused framework cookie through to the 1st argument in the
      platform function `bl1_plat_fwu_done`. The intent is to allow
      the SMC caller to pass a cookie through to this function.
      
      This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller
      through to `bl1_plat_fwu_done`. The argument names are updated
      for clarity.
      
      Upstream platforms currently do not use this argument so no
      impact is expected.
      
      Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
      1f37b944
    • Dan Handley's avatar
      FWU: Remove image_id arg from FWU_SMC_IMAGE_RESUME · 28955d57
      Dan Handley authored
      The current implementation of FWU_SMC_IMAGE_RESUME when called
      from the normal world, uses the provided image_id argument to
      determine which secure image to resume into. This implies that
      the normal world has a choice of which secure image to resume
      into when in fact it is only possible to resume into the
      previously interrupted secure image.
      
      This patch removes the argument, tightens up the pre-conditions
      for the SMC and adds additional asserts.
      
      The pre-conditions for FWU_SMC_SEC_IMAGE_DONE are also
      tightened up.
      
      Change-Id: Ia5a46753bb01e8f8dad8a2999314f90db8f300e8
      28955d57
    • Soby Mathew's avatar
      Documentation updates for the new GIC drivers · 81123e82
      Soby Mathew authored
      This patch updates the relevant documentation in ARM Trusted Firmware
      for the new GIC drivers. The user-guide.md and porting-guide.md have been
      updated as follows:
      
      *  The build option to compile Trusted Firmware with different GIC drivers
         for FVP has been explained in the user-guide.md.
      
      *  The implementation details of interrupt management framework porting
         APIs for GICv3 have been added in porting-guide.md.
      
      *  The Linaro tracking kernel release does not work OOB in GICv3 mode.
         The instructions for changing UEFI configuration in order to run with
         the new GICv3 driver in ARM TF have been added to user-guide.md.
      
      The interrupt-framework-design.md has been updated as follows:
      
      *  Describes support for registering and handling interrupts targeted to EL3
         e.g. Group 0 interrupts in GICv3.
      
      *  Describes the build option `TSP_NS_INTR_ASYNC_PREEMPT` in detail.
      
      *  Describes preemption of TSP in S-EL1 by non secure interrupts and
         also possibly by higher priority EL3 interrupts.
      
      *  Describes the normal world sequence for issuing `standard` SMC calls.
      
      *  Modifies the document to correspond to the current state of interrupt
         handling in TSPD and TSP.
      
      *  Modifies the various functions names in the document to reflect
         the current names used in code.
      
      Change-Id: I78c9514b5be834f193405aad3c1752a4a9e27a6c
      81123e82
  10. 14 Dec, 2015 6 commits
    • danh-arm's avatar
      Merge pull request #468 from danh-arm/dh/fwu-tweaks · 8e4f8291
      danh-arm authored
      FWU: Fix secure memory check in image auth
      8e4f8291
    • danh-arm's avatar
      Merge pull request #467 from jcastillo-arm/jc/tbb_oid · 31d5e7f5
      danh-arm authored
      Apply new image terminology
      31d5e7f5
    • Dan Handley's avatar
      FWU: Fix secure memory check in image auth · 03131c85
      Dan Handley authored
      The implementation of FWU_SMC_IMAGE_AUTH performs a number of
      pre-condition checks before authenticating the image. One of
      these checks calls `bl1_plat_mem_check()` to ensure the image
      source is mapped in when authenticating an image in place.
      The framework incorrectly passes the security state of the
      caller into this function instead of the security state of
      the source image.
      
      This patch corrects the defect. The defect would only
      manifest itself for secure world callers authenticating
      non-secure images in place, which is not done by current
      upstream platforms.
      
      Change-Id: I617c7b43e02ac7149f266aeaf3874316e62f3003
      03131c85
    • Juan Castillo's avatar
      Remove dashes from image names: 'BL3-x' --> 'BL3x' · d178637d
      Juan Castillo authored
      This patch removes the dash character from the image name, to
      follow the image terminology in the Trusted Firmware Wiki page:
      
          https://github.com/ARM-software/arm-trusted-firmware/wiki
      
      Changes apply to output messages, comments and documentation.
      
      non-ARM platform files have been left unmodified.
      
      Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
      d178637d
    • Juan Castillo's avatar
      Replace all SCP FW (BL0, BL3-0) references · f59821d5
      Juan Castillo authored
      This patch replaces all references to the SCP Firmware (BL0, BL30,
      BL3-0, bl30) with the image terminology detailed in the TF wiki
      (https://github.com/ARM-software/arm-trusted-firmware/wiki):
      
          BL0          -->  SCP_BL1
          BL30, BL3-0  -->  SCP_BL2
          bl30         -->  scp_bl2
      
      This change affects code, documentation, build system, tools and
      platform ports that load SCP firmware. ARM plaforms have been
      updated to the new porting API.
      
      IMPORTANT: build option to specify the SCP FW image has changed:
      
          BL30 --> SCP_BL2
      
      IMPORTANT: This patch breaks compatibility for platforms that use BL2
      to load SCP firmware. Affected platforms must be updated as follows:
      
          BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
          BL30_BASE --> SCP_BL2_BASE
          bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
          bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
      
      Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
      f59821d5
    • Juan Castillo's avatar
      TBB: apply TBBR naming convention to certificates and extensions · 516beb58
      Juan Castillo authored
      This patch applies the TBBR naming convention to the certificates
      and the corresponding extensions defined by the CoT:
      
          * Certificate UUID names
          * Certificate identifier names
          * OID names
      
      Changes apply to:
      
          * Generic code (variables and defines)
          * The default certificate identifiers provided in the generic
            code
          * Build system
          * ARM platforms port
          * cert_create tool internal definitions
          * fip_create and cert_create tools command line options
          * Documentation
      
      IMPORTANT: this change breaks the compatibility with platforms
      that use TBBR. The platform will need to adapt the identifiers
      and OIDs to the TBBR naming convention introduced by this patch:
      
      Certificate UUIDs:
      
          UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
          UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
          UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
          UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
          UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
          UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
          UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
          UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
          UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
      
      Certificate identifiers:
      
          BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
          BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
          BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
          BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
          BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
          BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
          BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
          BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
          BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
      
      OIDs:
      
          TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
          NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
          BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
          TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
          NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
          BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
          BL30_HASH_OID --> SCP_FW_HASH_OID
          BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
          BL31_HASH_OID --> SOC_AP_FW_HASH_OID
          BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
          BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
          BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
          BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
          BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
          SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
          NS_BL2U_HASH_OID --> FWU_HASH_OID
      
      Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
      516beb58
  11. 10 Dec, 2015 5 commits
    • danh-arm's avatar
      Merge pull request #465 from jcastillo-arm/jc/tbb_mbedtls_2_x · a84deb9c
      danh-arm authored
      Move up to mbed TLS 2.x
      a84deb9c
    • Juan Castillo's avatar
      Move up to mbed TLS 2.x · 649dbf6f
      Juan Castillo authored
      The mbed TLS library has introduced some changes in the API from
      the 1.3.x to the 2.x releases. Using the 2.x releases requires
      some changes to the crypto and transport modules.
      
      This patch updates both modules to the mbed TLS 2.x API.
      
      All references to the mbed TLS library in the code or documentation
      have been updated to 'mbed TLS'. Old references to PolarSSL have
      been updated to 'mbed TLS'.
      
      User guide updated to use mbed TLS 2.2.0.
      
      NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
      Applying this patch will require an mbed TLS 2.x release to be used.
      Also note that the mbed TLS license changed to Apache version 2.0.
      
      Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
      649dbf6f
    • danh-arm's avatar
      Merge pull request #464 from sandrine-bailleux/sb/update-deps · 9692ee13
      danh-arm authored
      Move up dependency versions in user guide
      9692ee13
    • Sandrine Bailleux's avatar
      Move up dependency versions in user guide · 92a0ac43
      Sandrine Bailleux authored
      Move up the version numbers in the user guide of:
      
       * DS-5 (to v5.22)
       * Base FVP (to 7.0)
       * Foundation FVP (to 9.4)
       * Linaro release (to 15.10)
      
      Note that, starting from Linaro release 15.10, the related release
      instructions have migrated from http://releases.linaro.org to the
      ARM Connected Community website. The URLs in the User Guide have
      been updated accordingly.
      
      The 'libssl-dev' package has been removed from the list of
      prerequisite tools, as it is already referenced on the ARM Connected
      Community page. Also, the 'device-tree-compiler' package has been
      marked as an optional dependency, since the Trusted Firmware
      repository provides the prebuilt DTB files. Hence, this tool is
      needed only when the user wants to rebuild the DTS files.
      
      Change-Id: I4a172ece60bf90437131c6b96e73a9f1e9b40117
      92a0ac43
    • danh-arm's avatar
      Merge pull request #463 from jcastillo-arm/jc/tf-issues/216 · 0c3a0b91
      danh-arm authored
      De-feature PL011 UART driver to match generic UART spec
      0c3a0b91