- 09 Mar, 2020 2 commits
-
-
Sumit Garg authored
Update qemu documentation with instructions to boot using FIP image. Also, add option to build TF-A with TBBR and firmware encryption enabled. Signed-off-by:Sumit Garg <sumit.garg@linaro.org> Change-Id: Ib3af485d413cd595352034c82c2268d7f4cb120a
-
Sumit Garg authored
Update documentation with optional firmware encryption feature. Signed-off-by:
-
- 06 Mar, 2020 7 commits
-
-
Sumit Garg authored
Enable encryption IO layer to be stacked above FIP IO layer for optional encryption of Bl31 and BL32 images in case ENCRYPT_BL31 or ENCRYPT_BL32 build flag is set. Signed-off-by: -
Sumit Garg authored
Secure FLASH0 memory map looks like: - Offset: 0 to 256K -> bl1.bin - Offset: 256K to 4.25M -> fip.bin FLASH1 is normally used via UEFI/edk2 to keep varstore. Signed-off-by: -
Sumit Garg authored
Following build flags have been added to support optional firmware encryption: - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values: 0: Encryption is done with Secret Symmetric Key (SSK) which is common for a class of devices. 1: Encryption is done with Binding Secret Symmetric Key (BSSK) which is unique per device. - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It could be SSK or BSSK depending on FW_ENC_STATUS flag. - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector (IV) in hex string format. - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware. - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload. Similar flags can be added to encrypt other firmwares as well depending on use-cases. Signed-off-by: -
Sumit Garg authored
Add firmware authenticated encryption tool which utilizes OpenSSL library to encrypt firmwares using a key provided via cmdline. Currently this tool supports AES-GCM as an authenticated encryption algorithm. Signed-off-by: -
Sumit Garg authored
TBBR spec advocates for optional encryption of firmwares (see optional requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to support firmware decryption that can be stacked above any underlying IO/ packaging layer like FIP etc. It aims to provide a framework to load any encrypted IO payload. Also, add plat_get_enc_key_info() to be implemented in a platform specific manner as handling of encryption key may vary from one platform to another. Signed-off-by: -
Sumit Garg authored
Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by: -
Olivier Deprez authored
* changes: SPMD: add command line parameter to run SPM at S-EL2 or S-EL1 SPMD: smc handler qualify secure origin using booleans SPMD: SPMC init, SMC handler cosmetic changes SPMD: [tegra] rename el1_sys_regs structure to sys_regs SPMD: Adds partially supported EL2 registers. SPMD: save/restore EL2 system registers.
-
- 05 Mar, 2020 4 commits
-
-
Manish Pandey authored
* changes: imx: console: Use CONSOLE_T_BASE for UART base address Tegra: spe: use CONSOLE_T_BASE to save MMIO base address
-
Andre Przywara authored
Since commit ac71344e we have the UART base address in the generic console_t structure. For most platforms the platform-specific struct console is gone, so we *must* use the embedded base address, since there is no storage behind the generic console_t anymore. Replace the usage of CONSOLE_T_DRVDATA with CONSOLE_T_BASE to fix this. Change-Id: I6d2ab0bc2c845c71f98b9dd64d89eef3252f4591 Reported-by:
Varun Wadekar <vwadekar@nvidia.com> Signed-off-by:
Andre Przywara <andre.przywara@arm.com>
-
Varun Wadekar authored
Commit ac71344e moved the base address for the MMIO aperture of the console inside the console_t struct. As a result, the driver should now save the MMIO base address to console_t at offset marked by the CONSOLE_T_BASE macro. This patch updates the SPE console driver to use the CONSOLE_T_BASE macro to save/access the MMIO base address. Signed-off-by:
-
Olivier Deprez authored
* changes: SPMD: loading Secure Partition payloads fvp: add Cactus/Ivy Secure Partition information fconf: Add Secure Partitions information as property
-
- 04 Mar, 2020 1 commit
-
-
Manish Pandey authored
This patch implements loading of Secure Partition packages using existing framework of loading other bl images. The current framework uses a statically defined array to store all the possible image types and at run time generates a link list and traverse through it to load different images. To load SPs, a new array of fixed size is introduced which will be dynamically populated based on number of SPs available in the system and it will be appended to the loadable images list. Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4 Signed-off-by:Manish Pandey <manish.pandey2@arm.com>
-
- 03 Mar, 2020 8 commits
-
-
Sandrine Bailleux authored
-
Max Shvetsov authored
Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by:
Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by:
Max Shvetsov <maksims.svecovs@arm.com>
-
Olivier Deprez authored
Change-Id: Icc8f73660453a2cbb2241583684b615d5d1af9d4 Signed-off-by:Olivier Deprez <olivier.deprez@arm.com>
-
Max Shvetsov authored
Change-Id: I8881d489994aea667e3dd59932ab4123f511d6ba Signed-off-by:
-
Max Shvetsov authored
Renamed the structure according to a SPMD refactoring introduced in <c585d07aa> since this structure is used to service both EL1 and EL2 as opposed to serving only EL1. Change-Id: I23b7c089e53f617157a4b4e6443acce50d85c3b5 Signed-off-by: -
Max Shvetsov authored
This patch adds EL2 registers that are supported up to ARMv8.6. ARM_ARCH_MINOR has to specified to enable save/restore routine. Note: Following registers are still not covered in save/restore. * AMEVCNTVOFF0<n>_EL2 * AMEVCNTVOFF1<n>_EL2 * ICH_AP0R<n>_EL2 * ICH_AP1R<n>_EL2 * ICH_LR<n>_EL2 Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1 Signed-off-by: -
Manish Pandey authored
Add load address and UUID in fw config dts for Cactus and Ivy which are example SP's in tf-test repository. For prototype purpose these information is added manually but later on it will be updated at compile time from SP layout file and SP manifests provided by platform. Change-Id: I41f485e0245d882c7b514bad41fae34036597ce4 Signed-off-by: -
Olivier Deprez authored
Use the firmware configuration framework to retrieve information about Secure Partitions to facilitate loading them into memory. To load a SP image we need UUID look-up into FIP and the load address where it needs to be loaded in memory. This patch introduces a SP populator function which gets UUID and load address from firmware config device tree and updates its C data structure. Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd Signed-off-by:
-
- 02 Mar, 2020 3 commits
-
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
In commit 516beb58 ("TBB: apply TBBR naming convention to certificates and extensions"), some of the variables used in the TBBR chain of trust got renamed but the documentation did not get properly updated everywhere to reflect these changes. Change-Id: Ie8e2146882c2d3538c5b8c968d1bdaf5ea2a6e53 Signed-off-by:
Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Max Shvetsov authored
NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by:
Jose Marinho <jose.marinho@arm.com> Signed-off-by:
-
- 28 Feb, 2020 6 commits
-
-
Manish Pandey authored
* changes: board/rddaniel: intialize tzc400 controllers plat/arm/tzc: add support to configure multiple tzc400 plat/arm: allow boards to specify second DRAM Base address plat/arm: allow boards to define PLAT_ARM_TZC_FILTERS
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
- 27 Feb, 2020 8 commits
-
-
Sandrine Bailleux authored
-
Louis Mayencourt authored
MISRA C-2012 Rule 20.7: Macro parameter expands into an expression without being wrapped by parentheses. MISRA C-2012 Rule 12.1: Missing explicit parentheses on sub-expression. MISRA C-2012 Rule 18.4: Essential type of the left hand operand is not the same as that of the right operand. Include does not provide any needed symbols. Change-Id: Ie1c6451cfbc8f519146c28b2cf15c50b1f36adc8 Signed-off-by:Louis Mayencourt <louis.mayencourt@arm.com>
-
Imre Kis authored
Cortex-A65x4 and Cortex-A65AEx8 is now included in the list of the supported Arm Fixed Virtual Platforms. Signed-off-by:Imre Kis <imre.kis@arm.com> Change-Id: Ibfcaec11bc75549d60455e96858d79b679e71e5e
-
Abdul Halim, Muhammad Hadi Asyrafi authored
Modify RSU driver error code for backward-compatibility with Linux RSU driver Signed-off-by:Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: Ib9e38d4017efe35d3aceeee27dce451fbd429fb5
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
Masahiro Yamada authored
The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32. Fix the comments. Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71 Signed-off-by:Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 26 Feb, 2020 1 commit
-
-
Sandrine Bailleux authored
The maintainers.rst file lists files and directories that each contributor looks after in the TF-A source tree. As files and directories move around over time, some pathnames had become invalid. Fix them, either by updating the path if it has just moved, or deleting it altogether if it doesn't seem to exist anymore. Change-Id: Idb6ff4d8d0b593138d4f555ec206abcf68b0064f Signed-off-by:
-
