1. 12 Sep, 2019 2 commits
    • Justin Chadwell's avatar
      Remove RSA PKCS#1 v1.5 support from cert_tool · 6a415a50
      Justin Chadwell authored
      Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
      in SHA fe199e3b
      
      , however, cert_tool is still able to generate
      certificates in that form. This patch fully removes the ability for
      cert_tool to generate these certificates.
      
      Additionally, this patch also fixes a bug where the issuing certificate
      was a RSA and the issued certificate was EcDSA. In this case, the issued
      certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
      PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
      that PKCS#1 v1.5 support is removed, all certificates that are signed
      with RSA now use the more modern padding scheme.
      
      Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      6a415a50
    • Justin Chadwell's avatar
      Add documentation for new KEY_SIZE option · f29213d9
      Justin Chadwell authored
      
      
      This patch adds documentation for the new KEY_SIZE build option that is
      exposed by cert_create, and instructions on how to use it.
      
      Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      f29213d9
  2. 11 Sep, 2019 1 commit
    • Justin Chadwell's avatar
      Add UBSAN support and handlers · 1f461979
      Justin Chadwell authored
      
      
      This patch adds support for the Undefined Behaviour sanitizer. There are
      two types of support offered - minimalistic trapping support which
      essentially immediately crashes on undefined behaviour and full support
      with full debug messages.
      
      The full support relies on ubsan.c which has been adapted from code used
      by OPTEE.
      
      Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      1f461979
  3. 09 Sep, 2019 1 commit
  4. 04 Sep, 2019 1 commit
  5. 01 Aug, 2019 1 commit
  6. 10 Jul, 2019 1 commit
  7. 06 Jun, 2019 1 commit
  8. 30 May, 2019 1 commit
  9. 24 May, 2019 1 commit
    • Alexei Fedorov's avatar
      Add support for Branch Target Identification · 9fc59639
      Alexei Fedorov authored
      
      
      This patch adds the functionality needed for platforms to provide
      Branch Target Identification (BTI) extension, introduced to AArch64
      in Armv8.5-A by adding BTI instruction used to mark valid targets
      for indirect branches. The patch sets new GP bit [50] to the stage 1
      Translation Table Block and Page entries to denote guarded EL3 code
      pages which will cause processor to trap instructions in protected
      pages trying to perform an indirect branch to any instruction other
      than BTI.
      BTI feature is selected by BRANCH_PROTECTION option which supersedes
      the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
      and is disabled by default. Enabling BTI requires compiler support
      and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
      The assembly macros and helpers are modified to accommodate the BTI
      instruction.
      This is an experimental feature.
      Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
      is now made as an internal flag and BRANCH_PROTECTION flag should be
      used instead to enable Pointer Authentication.
      Note. USE_LIBROM=1 option is currently not supported.
      
      Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      9fc59639
  10. 22 May, 2019 4 commits
    • Paul Beesley's avatar
      doc: Use proper note and warning annotations · e1c5026a
      Paul Beesley authored
      
      
      The documentation contains plenty of notes and warnings. Enable
      special rendering of these blocks by converting the note prefix
      into a .. note:: annotation.
      
      Change-Id: I34e26ca6bf313d335672ab6c2645741900338822
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      e1c5026a
    • Paul Beesley's avatar
      doc: Set correct syntax highlighting style · 29c02529
      Paul Beesley authored
      
      
      Several code blocks do not specify a language for syntax
      highlighting. This results in Sphinx using a default highlighter
      which is Python.
      
      This patch adds the correct language to each code block that doesn't
      already specify it.
      
      Change-Id: Icce1949aabfdc11a334a42d49edf55fa673cddc3
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      29c02529
    • Paul Beesley's avatar
      doc: Remove per-page contents lists · 57354abb
      Paul Beesley authored
      
      
      These are no longer needed as there will always be a table of contents
      rendered to the left of every page.
      
      Some of these lists can be quite long and, when opening a page, the
      reader sees nothing but a huge list of contents! After this patch,
      the document contents are front-and-centre and the contents are
      nicely rendered in the sidebar without duplication.
      
      Change-Id: I444754d548ec91d00f2b04e861de8dde8856aa62
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      57354abb
    • Paul Beesley's avatar
      doc: Reword document titles · 8aa05055
      Paul Beesley authored
      
      
      This patch attempts to standardise the document titles as well as
      adding titles to documents that were missing one. The aim is to
      remove needless references to "TF-A" or "Trusted Firmware" in the
      title of every document and to make sure that the title matches
      with the document content.
      
      Change-Id: I9b93ccf43b5d57e8dc793a5311b8ed7c4dd245cc
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      8aa05055
  11. 21 May, 2019 1 commit
    • Paul Beesley's avatar
      doc: Move documents into subdirectories · 40d553cf
      Paul Beesley authored
      
      
      This change creates the following directories under docs/
      in order to provide a grouping for the content:
      
      - components
      - design
      - getting_started
      - perf
      - process
      
      In each of these directories an index.rst file is created
      and this serves as an index / landing page for each of the
      groups when the pages are compiled. Proper layout of the
      top-level table of contents relies on this directory/index
      structure.
      
      Without this patch it is possible to build the documents
      correctly with Sphinx but the output looks messy because
      there is no overall hierarchy.
      
      Change-Id: I3c9f4443ec98571a56a6edf775f2c8d74d7f429f
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      40d553cf
  12. 20 May, 2019 1 commit
  13. 08 May, 2019 1 commit
  14. 03 May, 2019 1 commit
    • John Tsichritzis's avatar
      Add compile-time errors for HW_ASSISTED_COHERENCY flag · 076b5f02
      John Tsichritzis authored
      This patch fixes this issue:
      https://github.com/ARM-software/tf-issues/issues/660
      
      
      
      The introduced changes are the following:
      
      1) Some cores implement cache coherency maintenance operation on the
      hardware level. For those cores, such as - but not only - the DynamIQ
      cores, it is mandatory that TF-A is compiled with the
      HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
      unpredictable. To prevent this, compile time checks have been added and
      compilation errors are generated, if needed.
      
      2) To enable this change for FVP, a logical separation has been done for
      the core libraries. A system cannot contain cores of both groups, i.e.
      cores that manage coherency on hardware and cores that don't do it. As
      such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
      libraries only of the relevant cores.
      
      3) The neoverse_e1.S file has been added to the FVP sources.
      
      Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      076b5f02
  15. 02 May, 2019 1 commit
    • Christoph Müllner's avatar
      build_macros: Add mechanism to prevent bin generation. · 9e4609f1
      Christoph Müllner authored
      
      
      On certain platforms it does not make sense to generate
      TF-A binary images. For example a platform could make use of serveral
      memory areas, which are non-continuous and the resulting binary
      therefore would suffer from the padding-bytes.
      Typically these platforms use the ELF image.
      
      This patch introduces a variable DISABLE_BIN_GENERATION, which
      can be set to '1' in the platform makefile to prevent the binary
      generation.
      Signed-off-by: default avatarChristoph Müllner <christophm30@gmail.com>
      Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
      9e4609f1
  16. 30 Apr, 2019 1 commit
    • Louis Mayencourt's avatar
      Add support for default stack-protector flag · fd7b287c
      Louis Mayencourt authored
      
      
      The current stack-protector support is for none, "strong" or "all".
      The default use of the flag enables the stack-protection to all
      functions that declare a character array of eight bytes or more in
      length on their stack.
      This option can be tuned with the --param=ssp-buffer-size=N option.
      
      Change-Id: I11ad9568187d58de1b962b8ae04edd1dc8578fb0
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      fd7b287c
  17. 11 Apr, 2019 1 commit
  18. 08 Apr, 2019 1 commit
  19. 02 Apr, 2019 1 commit
  20. 29 Mar, 2019 1 commit
  21. 28 Mar, 2019 1 commit
  22. 26 Mar, 2019 1 commit
  23. 19 Mar, 2019 1 commit
  24. 18 Mar, 2019 1 commit
    • Alexei Fedorov's avatar
      Declare PAuth for Secure world as experimental · 06715f85
      Alexei Fedorov authored
      
      
      Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
      build options as experimental.
      Pointer Authentication is enabled for Non-secure world
      irrespective of the value of these build flags if the
      CPU supports it.
      The patch also fixes the description of fiptool 'help' command.
      
      Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      06715f85
  25. 14 Mar, 2019 1 commit
  26. 28 Feb, 2019 1 commit
  27. 27 Feb, 2019 3 commits
    • Varun Wadekar's avatar
      Tegra: Support for scatterfile for the BL31 image · c2ad38ce
      Varun Wadekar authored
      
      
      This patch provides support for using the scatterfile format as
      the linker script with the 'armlink' linker for Tegra platforms.
      
      In order to enable the scatterfile usage the following changes
      have been made:
      
      * provide mapping for ld.S symbols in bl_common.h
      * include bl_common.h from all the affected files
      * update the makefile rules to use the scatterfile and armlink
        to compile BL31
      * update pubsub.h to add sections to the scatterfile
      
      NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
      
      Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      c2ad38ce
    • Antonio Nino Diaz's avatar
      Add support for pointer authentication · b86048c4
      Antonio Nino Diaz authored
      
      
      The previous commit added the infrastructure to load and save
      ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
      didn't actually enable pointer authentication in the firmware.
      
      This patch adds the functionality needed for platforms to provide
      authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
      enable pointer authentication in the firmware itself. This option is
      disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
      enabled.
      
      Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b86048c4
    • Antonio Nino Diaz's avatar
      Add ARMv8.3-PAuth registers to CPU context · 5283962e
      Antonio Nino Diaz authored
      
      
      ARMv8.3-PAuth adds functionality that supports address authentication of
      the contents of a register before that register is used as the target of
      an indirect branch, or as a load.
      
      This feature is supported only in AArch64 state.
      
      This feature is mandatory in ARMv8.3 implementations.
      
      This feature adds several registers to EL1. A new option called
      CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
      them during Non-secure <-> Secure world switches. This option must be
      enabled if the hardware has the registers or the values will be leaked
      during world switches.
      
      To prevent leaks, this patch also disables pointer authentication in the
      Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
      be trapped in EL3.
      
      Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      5283962e
  28. 08 Feb, 2019 3 commits
  29. 05 Feb, 2019 1 commit
  30. 31 Jan, 2019 1 commit
  31. 30 Jan, 2019 1 commit
  32. 29 Jan, 2019 1 commit