1. 31 Aug, 2017 2 commits
    • Soby Mathew's avatar
      cert_tool: Support for legacy RSA PKCS#1 v1.5 · a8eb286a
      Soby Mathew authored
      
      
      This patch enables choice of RSA version at run time to be used for
      generating signatures by the cert_tool. The RSA PSS as defined in
      PKCS#1 v2.1 becomes the default version and this patch enables to specify
      the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
      -a option. Also, the build option `KEY_ALG` can be used to pass this
      option from the build system. Please note that RSA PSS is mandated
      by Trusted Board Boot requirements (TBBR) and legacy RSA support is
      being added for compatibility reasons.
      
      Fixes ARM-Software/tf-issues#499
      Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
      Co-Authored-By: default avatarEleanor Bonnici <Eleanor.bonnici@arm.com>
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a8eb286a
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
  2. 12 May, 2017 2 commits
    • David Cunado's avatar
      mbedtls: Complete namespace for TF specific macros · 0aff7ad2
      David Cunado authored
      
      
      This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This
      completes the migration of TF specific macros so that they do not
      have the MBEDTLS_ suffix (see arm-trusted-firmware#874).
      
      Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      0aff7ad2
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
  3. 03 May, 2017 1 commit
  4. 22 Mar, 2017 1 commit
    • dp-arm's avatar
      mbedtls: Namespace TF specific macros · 66b4c166
      dp-arm authored
      
      
      These macros are not part of mbed TLS so they should not be prefixed
      with `MBEDTLS_` to avoid potential collision in the future. Use the
      `TBBR_` suffix to highlight that they only used in TF.
      
      `MBEDTLS_KEY_ALG` was not modified because that is documented and used
      by platforms to select the key algorithm.
      
      Change-Id: Ief224681715c481691c80810501830ce16e210b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      66b4c166
  5. 06 Jan, 2017 1 commit
    • Masahiro Yamada's avatar
      TBB: fix comment about MBEDTLS_KEY_ALG default · a56f87c8
      Masahiro Yamada authored
      This comment block says the default algorithm is ESDSA, while the
      code obviously sets the default to RSA:
      
        ifeq (${MBEDTLS_KEY_ALG},)
            MBEDTLS_KEY_ALG            :=      rsa
        endif
      
      The git log of commit 7d37aa17
      
       ("TBB: add mbedTLS authentication
      related libraries") states available options are:
      
        * 'rsa' (for RSA-2048) (default option)
        * 'ecdsa' (for ECDSA-SECP256R1)
      
      So, my best guess is the comment block is wrong.
      
      The mismatch between the code and the comment is confusing. Fix it.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      a56f87c8
  6. 10 Dec, 2015 1 commit
    • Juan Castillo's avatar
      Move up to mbed TLS 2.x · 649dbf6f
      Juan Castillo authored
      The mbed TLS library has introduced some changes in the API from
      the 1.3.x to the 2.x releases. Using the 2.x releases requires
      some changes to the crypto and transport modules.
      
      This patch updates both modules to the mbed TLS 2.x API.
      
      All references to the mbed TLS library in the code or documentation
      have been updated to 'mbed TLS'. Old references to PolarSSL have
      been updated to 'mbed TLS'.
      
      User guide updated to use mbed TLS 2.2.0.
      
      NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
      Applying this patch will require an mbed TLS 2.x release to be used.
      Also note that the mbed TLS license changed to Apache version 2.0.
      
      Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
      649dbf6f
  7. 25 Jun, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add mbedTLS authentication related libraries · 7d37aa17
      Juan Castillo authored
      This patch adds the following mbedTLS based libraries:
      
      * Cryptographic library
      
      It is used by the crypto module to verify a digital signature
      and a hash. This library relies on mbedTLS to perform the
      cryptographic operations. mbedTLS sources must be obtained
      separately.
      
      Two key algorithms are currently supported:
      
          * RSA-2048
          * ECDSA-SECP256R1
      
      The platform is responsible for picking up the required
      algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
      platform makefile. Available options are:
      
          * 'rsa' (for RSA-2048) (default option)
          * 'ecdsa' (for ECDSA-SECP256R1)
      
      Hash algorithm currently supported is SHA-256.
      
      * Image parser library
      
      Used by the image parser module to extract the authentication
      parameters stored in X509v3 certificates.
      
      Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
      7d37aa17
  8. 28 Apr, 2015 2 commits
    • Sandrine Bailleux's avatar
      Detect SCP version incompatibility · 556b966f
      Sandrine Bailleux authored
      There has been a breaking change in the communication protocols used
      between the AP cores and the SCP on CSS based platforms like Juno.
      This means both the AP Trusted Firmware and SCP firmware must be
      updated at the same time.
      
      In case the user forgets to update the SCP ROM firmware, this patch
      detects when it still uses the previous version of the communication
      protocol. It will then output a comprehensive error message that helps
      trouble-shoot the issue.
      
      Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
      556b966f
    • Dan Handley's avatar
      Add common ARM and CSS platform code · b4315306
      Dan Handley authored
      This major change pulls out the common functionality from the
      FVP and Juno platform ports into the following categories:
      
      *   (include/)plat/common. Common platform porting functionality that
      typically may be used by all platforms.
      
      *   (include/)plat/arm/common. Common platform porting functionality
      that may be used by all ARM standard platforms. This includes all
      ARM development platforms like FVP and Juno but may also include
      non-ARM-owned platforms.
      
      *   (include/)plat/arm/board/common. Common platform porting
      functionality for ARM development platforms at the board
      (off SoC) level.
      
      *   (include/)plat/arm/css/common. Common platform porting
      functionality at the ARM Compute SubSystem (CSS) level. Juno
      is an example of a CSS-based platform.
      
      *   (include/)plat/arm/soc/common. Common platform porting
      functionality at the ARM SoC level, which is not already defined
      at the ARM CSS level.
      
      No guarantees are made about the backward compatibility of
      functionality provided in (include/)plat/arm.
      
      Also remove any unnecessary variation between the ARM development
      platform ports, including:
      
      *   Unify the way BL2 passes `bl31_params_t` to BL3-1. Use the
      Juno implementation, which copies the information from BL2 memory
      instead of expecting it to persist in shared memory.
      
      *   Unify the TZC configuration. There is no need to add a region
      for SCP in Juno; it's enough to simply not allow any access to
      this reserved region. Also set region 0 to provide no access by
      default instead of assuming this is the case.
      
      *   Unify the number of memory map regions required for ARM
      development platforms, although the actual ranges mapped for each
      platform may be different. For the FVP port, this reduces the
      mapped peripheral address space.
      
      These latter changes will only be observed when the platform ports
      are migrated to use the new common platform code in subsequent
      patches.
      
      Change-Id: Id9c269dd3dc6e74533d0e5116fdd826d53946dc8
      b4315306
  9. 31 Mar, 2015 1 commit
  10. 20 Aug, 2014 1 commit
    • Soby Mathew's avatar
      Introduce framework for CPU specific operations · 9b476841
      Soby Mathew authored
      This patch introduces a framework which will allow CPUs to perform
      implementation defined actions after a CPU reset, during a CPU or cluster power
      down, and when a crash occurs. CPU specific reset handlers have been implemented
      in this patch. Other handlers will be implemented in subsequent patches.
      
      Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/.
      
      Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
      9b476841
  11. 06 May, 2014 2 commits
    • Dan Handley's avatar
      Remove vpath usage in makefiles · bee82417
      Dan Handley authored
      Remove all usage of the vpath keyword in makefiles as it was prone
      to mistakes. Specify the relative paths to source files instead.
      
      Also reorder source files in makefiles alphabetically.
      
      Fixes ARM-software/tf-issues#121
      
      Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
      bee82417
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  12. 26 Mar, 2014 1 commit
    • Sandrine Bailleux's avatar
      Separate out BL2, BL3-1 and BL3-2 early exception vectors from BL1 · 6c595b3d
      Sandrine Bailleux authored
      bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and
      BL3-2.  There was some early SMC handling code in there that was not
      required by the other bootloader stages.  Therefore this patch
      introduces an even simpler exception vector source file for BL2,
      BL3-1 and BL3-2.
      
      Fixes ARM-software/tf-issues#38
      
      Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
      6c595b3d
  13. 20 Mar, 2014 1 commit
    • Jeenu Viswambharan's avatar
      Specify image entry in linker script · 9f98aa1a
      Jeenu Viswambharan authored
      At present, the entry point for each BL image is specified via the
      Makefiles and provided on the command line to the linker. When using a
      link script the entry point should rather be specified via the ENTRY()
      directive in the link script.
      
      This patch updates linker scripts of all BL images to specify the entry
      point using the ENTRY() directive. It also removes the --entry flag
      passed to the linker through Makefile.
      
      Fixes issue ARM-software/tf-issues#66
      
      Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
      9f98aa1a
  14. 05 Mar, 2014 1 commit
    • Jon Medhurst's avatar
      Update Makefiles to get proper dependency checking working. · 6d55d109
      Jon Medhurst authored
      
      
      This change requires all platforms to now specify a list of source files
      rather than object files.
      
      New source files should preferably be specified by using the path as
      well and we should add this in the future for all files so we can remove
      use of vpath. This is desirable because vpath hides issues like the fact
      that BL2 currently pulls in a BL1 file bl1/aarch64/early_exceptions.S
      and if in the future we added bl2/aarch64/early_exceptions.S then it's
      likely only one of the two version would be used for both bootloaders.
      
      This change also removes the 'dump' build target and simply gets
      bootloaders to always generate a dump file. At the same time the -x
      option is added so the section headers and symbols table are listed.
      
      Fixes ARM-software/tf-issues#11
      
      Change-Id: Ie38f7be76fed95756c8576cf3f3ea3b7015a18dc
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      6d55d109
  15. 20 Feb, 2014 1 commit
    • Achin Gupta's avatar
      Factor out translation table setup in ARM FVP port · a0cd989d
      Achin Gupta authored
      This patch factors out the ARM FVP specific code to create MMU
      translation tables so that it is possible for a boot loader stage to
      create a different set of tables instead of using the default ones.
      The default translation tables are created with the assumption that
      the calling boot loader stage executes out of secure SRAM. This might
      not be true for the BL3_2 stage in the future.
      
      A boot loader stage can define the `fill_xlation_tables()` function as
      per its requirements. It returns a reference to the level 1
      translation table which is used by the common platform code to setup
      the TTBR_EL3.
      
      This patch is a temporary solution before a larger rework of
      translation table creation logic is introduced.
      
      Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
      a0cd989d
  16. 20 Jan, 2014 2 commits
  17. 17 Jan, 2014 1 commit
  18. 20 Dec, 2013 1 commit
    • Harry Liebel's avatar
      Create local C library implementation (1/2) · c81b1d0f
      Harry Liebel authored
      - This change is split into two separate patches in order to
        simplify the history as interpreted by 'git'. The split is
        between the move/rename and addition of new files.
      - Remove dependency on toolchain C library headers and functions in
        order to ensure behavioural compatibility between toolchains.
      - Use FreeBSD as reference for C library implementation.
      - Do not let GCC use default library include paths.
      - Remove unused definitions in modified headers and implementations.
      - Move C library files to 'lib/stdlib' and 'include/stdlib'.
      - Break std.c functions out into separate files.
      
      Change-Id: I91cddfb3229775f770ad781589670c57d347a154
      c81b1d0f
  19. 05 Dec, 2013 1 commit
    • Dan Handley's avatar
      Enable third party contributions · ab2d31ed
      Dan Handley authored
      - Add instructions for contributing to ARM Trusted Firmware.
      
      - Update copyright text in all files to acknowledge contributors.
      
      Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
      ab2d31ed
  20. 25 Oct, 2013 1 commit