Skip to content

GitLab

Switch branch/tag
  1. 11 Mar, 2020 1 commit
  3. 06 Mar, 2020 2 commits
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored 
      

TBBR spec advocates for optional encryption of firmwares (see optional
requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
support firmware decryption that can be stacked above any underlying IO/
packaging layer like FIP etc. It aims to provide a framework to load any
encrypted IO payload.

Also, add plat_get_enc_key_info() to be implemented in a platform
specific manner as handling of encryption key may vary from one platform
to another.
Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored 
      

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb
  5. 04 Mar, 2020 1 commit
    • Manish Pandey's avatar
      SPMD: loading Secure Partition payloads · cb3b5344
      Manish Pandey authored 
      

This patch implements loading of Secure Partition packages using
existing framework of loading other bl images.

The current framework uses a statically defined array to store all the
possible image types and at run time generates a link list and traverse
through it to load different images.

To load SPs, a new array of fixed size is introduced which will be
dynamically populated based on number of SPs available in the system
and it will be appended to the loadable images list.

Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      cb3b5344
  7. 03 Mar, 2020 4 commits
  9. 02 Mar, 2020 1 commit
  11. 01 Mar, 2020 1 commit
  13. 27 Feb, 2020 1 commit
    • Louis Mayencourt's avatar
      fconf: Fix misra issues · 845db722
      Louis Mayencourt authored 
      

MISRA C-2012 Rule 20.7:
Macro parameter expands into an expression without being wrapped by parentheses.

MISRA C-2012 Rule 12.1:
Missing explicit parentheses on sub-expression.

MISRA C-2012 Rule 18.4:
Essential type of the left hand operand is not the same as that of the right
operand.

Include does not provide any needed symbols.

Change-Id: Ie1c6451cfbc8f519146c28b2cf15c50b1f36adc8
Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      845db722
  15. 25 Feb, 2020 9 commits
  17. 24 Feb, 2020 1 commit
    • Petre-Ionut Tudor's avatar
      Read-only xlat tables for BL31 memory · 60e8f3cf
      Petre-Ionut Tudor authored 
      

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.

The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.

To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.

Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.

The caches are also flushed.
Signed-off-by: default avatarPetre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
      60e8f3cf
  19. 20 Feb, 2020 4 commits
    • Varun Wadekar's avatar
      Tegra: delay_timer: support for physical secure timer · dd4f0885
      Varun Wadekar authored 
      

This patch modifies the delay timer driver to switch to the ARM
secure physical timer instead of using Tegra's on-chip uS timer.

The secure timer is not accessible to the NS world and so eliminates
an important attack vector, where the Tegra timer source gets switched
off from the NS world leading to a DoS attack for the trusted world.

This timer is shared with the S-EL1 layer for now, but later patches
will mark it as exclusive to the EL3 exception mode.

Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      dd4f0885
    • Varun Wadekar's avatar
      include: move MHZ_TICKS_PER_SEC to utils_def.h · d4b29105
      Varun Wadekar authored 
      

This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h
for other platforms to use.
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
Change-Id: I6c4dc733f548d73cfdb3515ec9ad89a9efaf4407
      d4b29105
    • Varun Wadekar's avatar
      cpus: higher performance non-cacheable load forwarding · cd0ea184
      Varun Wadekar authored 
      

The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
non-cacheable streaming enhancement. Platforms can set this bit only
if their memory system meets the requirement that cache line fill
requests from the Cortex-A57 processor are atomic.

This patch adds support to enable higher performance non-cacheable load
forwarding for such platforms. Platforms must enable this support by
setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
makefiles. This flag is disabled by default.

Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      cd0ea184
    • Manish V Badarkhe's avatar
      Use consistent SMCCC error code · af10d224
      Manish V Badarkhe authored 
      

Removed duplicate error code present for SMCCC and used
proper error code for "SMCCC_ARCH_WORKAROUND_2" call.
Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I76fc7c88095f78a7e2c3d205838f8eaf3132ed5c
      af10d224
  21. 19 Feb, 2020 3 commits
  23. 18 Feb, 2020 3 commits
  25. 10 Feb, 2020 4 commits
    • Achin Gupta's avatar
      SPMD: add SPM dispatcher based upon SPCI Beta 0 spec · bdd2596d
      Achin Gupta authored 
      

This patch adds a rudimentary SPM dispatcher component in EL3.
It does the following:

- Consumes the TOS_FW_CONFIG to determine properties of the SPM core
  component
- Initialises the SPM core component which resides in the BL32 image
- Implements a handler for SPCI calls from either security state. Some
  basic validation is done for each call but in most cases it is simply
  forwarded as-is to the "other" security state.
Signed-off-by: default avatarAchin Gupta <achin.gupta@arm.com>
Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I7d116814557f7255f4f4ebb797d1619d4fbab590
      bdd2596d
    • Achin Gupta's avatar
      SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP · 64758c97
      Achin Gupta authored 
      

This patch reserves and maps the Trusted DRAM for SPM core execution.
It also configures the TrustZone address space controller to run BL31
in secure DRAM.
Signed-off-by: default avatarAchin Gupta <achin.gupta@arm.com>
Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I7e1bb3bbc61a0fec6a9cb595964ff553620c21dc
      64758c97
    • Achin Gupta's avatar
      SPMD: add support for an example SPM core manifest · 0cb64d01
      Achin Gupta authored 
      

This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: default avatarAchin Gupta <achin.gupta@arm.com>
Signed-off-by: default avatarArtsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
      0cb64d01
    • Manish Pandey's avatar
      SPM: modify sptool to generate individual SP blobs · 3977a825
      Manish Pandey authored 
      

Currently sptool generates a single blob containing all the Secure
Partitions, with latest SPM implementation, it is desirable to have
individual blobs for each Secure Partition. It allows to leverage
packaging and parsing of SP on existing FIP framework. It also allows
SP packages coming from different sources.

This patch modifies sptool so that it takes number of SP payload pairs
as input and generates number of SP blobs instead of a single blob.

Each SP blob can optionally have its own header containing offsets and
sizes of different payloads along with a SP magic number and version.
It is also associated in FIP with a UUID, provided by SP owner.

Usage example:
sptool -i sp1.bin:sp1.dtb -o sp1.pkg -i sp2.bin:sp2.dtb -o sp2.pkg ...
Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
Change-Id: Ie2db8e601fa1d4182d0a1d22e78e9533dce231bc
      3977a825
  27. 07 Feb, 2020 5 commits