- 16 Aug, 2019 1 commit
-
-
Justin Chadwell authored
The valgrind checks for cert_create have not been run in a long while - as such there are a few memory leaks present. This patch fixes a few of the major ones reported by valgrind. However, a few do remain. Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 08 Oct, 2017 1 commit
-
-
Michalis Pappas authored
This patch fixes incompatibility issues that prevent building the cert_tool with OpenSSL >= v1.1.0. The changes introduced are still backwards compatible with OpenSSL v1.0.2. Fixes arm-software/trusted-fw#521 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 14 Feb, 2017 1 commit
-
-
dp-arm authored
cppcheck highlighted variables that were initialized but then later reassigned. Change-Id: Ie12742c01fd3bf48b2d6c05a3b448da91d57a2e4 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 11 Feb, 2017 2 commits
-
-
Masahiro Yamada authored
These variables store return values of functions. Remove all of meaningless initializers. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The ext_new_nvcounter() function calls i2d_ASN1_INTEGER() twice; the first call to get the return value "sz", and the second one for writing data into the buffer. This is actually redundant. We can do both by one function call. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 07 Jan, 2016 1 commit
-
-
Juan Castillo authored
The help message printed by the cert_create tool using the command line option -h (or --help) does not correctly list all the available command line options. This patch reworks the print_help() function to print the help messages in a data driven approach. For each command line option registered, an optional help message can be specified, which will be printed by print_help(). Help messages for the TBBR options (certificates, keys and images) are also provided. Fix a small bug in the short options string passed to getopt_long: the ':' was missing in the '-a' option (this option must take an argument). Fixes ARM-software/tf-issues#337 Change-Id: I9d08c2dfd349022808fcc884724f677eefdc1452
-
- 23 Oct, 2015 1 commit
-
-
Juan Castillo authored
This patch introduces a new API that allows to specify command line options in the Chain of Trust description. These command line options may be used to specify parameters related to the CoT (i.e. keys or certificates), instead of keeping a hardcoded list of options in main.c. Change-Id: I282b0b01cb9add557b26bddc238a28253ce05e44
-
- 16 Jul, 2015 1 commit
-
-
Juan Castillo authored
This patch reworks the certificate generation tool to follow a data driven approach. The user may specify at build time the certificates, keys and extensions defined in the CoT, register them using the appropiate macros and the tool will take care of creating the certificates corresponding to the CoT specified. Change-Id: I29950b39343c3e1b71718fce0e77dcf2a9a0be2f
-
- 25 Jun, 2015 1 commit
-
-
Juan Castillo authored
The cert_create tool calculates the hash of each BL image and includes it as an ASN.1 OCTET STRING in the corresponding certificate extension. Without additional information, the firmware running on the platform has to know in advance the algorithm used to generate the hash. This patch modifies the cert_create tool so the certificate extensions that include an image hash are generated according to the following ASN.1 structure: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, digest OCTET STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } The PolarSSL module has been updated to extract the image hash from the certificate extension according to this structure. Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
-
- 28 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch adds a tool that generates all the necessary elements to establish the chain of trust (CoT) between the images. The tool reads the binary images and signing keys and outputs the corresponding certificates that will be used by the target at run time to verify the authenticity of the images. Note: the platform port must provide the file platform_oid.h. This file will define the OIDs of the x509 extensions that will be added to the certificates in order to establish the CoT. Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
-