1. 12 Sep, 2019 2 commits
    • Justin Chadwell's avatar
      Remove RSA PKCS#1 v1.5 support from cert_tool · 6a415a50
      Justin Chadwell authored
      Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
      in SHA fe199e3b
      
      , however, cert_tool is still able to generate
      certificates in that form. This patch fully removes the ability for
      cert_tool to generate these certificates.
      
      Additionally, this patch also fixes a bug where the issuing certificate
      was a RSA and the issued certificate was EcDSA. In this case, the issued
      certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
      PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
      that PKCS#1 v1.5 support is removed, all certificates that are signed
      with RSA now use the more modern padding scheme.
      
      Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      6a415a50
    • Justin Chadwell's avatar
      Support larger RSA key sizes when using MBEDTLS · aacff749
      Justin Chadwell authored
      
      
      Previously, TF-A could not support large RSA key sizes as the
      configuration options passed to MBEDTLS prevented storing and performing
      calculations with the larger, higher-precision numbers required. With
      these changes to the arguments passed to MBEDTLS, TF-A now supports
      using 3072 (3K) and 4096 (4K) keys in certificates.
      
      Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      aacff749
  2. 25 Jul, 2019 2 commits
    • Gilad Ben-Yossef's avatar
      cryptocell: add product version awareness support · 76f3c7dc
      Gilad Ben-Yossef authored
      
      
      Add support for multiple Cryptocell revisions which
      use different APIs.
      
      This commit only refactors the existing code in preperation to the addition
      of another Cryptocell revisions later on.
      Signed-off-by: default avatarGilad Ben-Yossef <gilad.benyossef@arm.com>
      Change-Id: I16d80b31afb6edd56dc645fee5ea619cc74f09b6
      76f3c7dc
    • Gilad Ben-Yossef's avatar
      cryptocell: move Cryptocell specific API into driver · 36ec2bb0
      Gilad Ben-Yossef authored
      
      
      Code using Cryptocell specific APIs was used as part of the
      arm common board ROT support, instead of being abstracted
      in Cryptocell specific driver code, creating two problems:
      - Any none arm board that uses Cryptocell wuld need to
        copy and paste the same code.
      - Inability to cleanly support multiple versions of Cryptocell
        API and products.
      
      Move over Cryptocell specific API calls into the Cryptocell
      driver, creating abstraction API where needed.
      Signed-off-by: default avatarGilad Ben-Yossef <gilad.benyossef@arm.com>
      Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
      36ec2bb0
  3. 13 Jun, 2019 1 commit
    • Sandrine Bailleux's avatar
      Fix type of cot_desc_ptr · 2efb7ddc
      Sandrine Bailleux authored
      
      
      The chain of trust description and the pointer pointing to its first
      element were incompatible, thus requiring an explicit type cast for
      the assignment.
      
      - cot_desc was an array of
        const pointers to const image descriptors.
      
      - cot_desc_ptr was a const pointer to
        (non-constant) pointers to const image descriptors.
      
      Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would
      generate the following compiler warning:
      
      drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards
        ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
       REGISTER_COT(cot_desc);
                    ^~~~~~~~
      
      Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      2efb7ddc
  4. 12 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Mbed TLS: Remove weak heap implementation · 2374ab17
      Ambroise Vincent authored
      
      
      The implementation of the heap function plat_get_mbedtls_heap() becomes
      mandatory for platforms supporting TRUSTED_BOARD_BOOT.
      
      The shared Mbed TLS heap default weak function implementation is
      converted to a helper function get_mbedtls_heap_helper() which can be
      used by the platforms for their own function implementation.
      
      Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      2374ab17
  5. 09 Apr, 2019 1 commit
  6. 08 Apr, 2019 2 commits
    • Joel Hutton's avatar
      cot-desc: optimise memory further · 30070427
      Joel Hutton authored
      
      
      This changes the auth_img_desc_t struct to have pointers to struct
      arrays instead of struct arrays. This saves memory as many of these
      were never used, and can be NULL pointers. Note the memory savings are
      only when these arrays are not initialised, as it is assumed these
      arrays are fixed length. A possible future optimisation could allow for
      variable length.
      
      memory diff:
      bl1:        bl2:
          text        text
            -12         -12
          bss         bss
            -1463       0
          data        data
            -56         -48
          rodata      rodata
            -5688       -2592
          total       total
            -7419       -2652
      
      Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      30070427
    • Joel Hutton's avatar
      Reduce memory needed for CoT description · 0b6377d1
      Joel Hutton authored
      
      
      When Trusted Board Boot is enabled, we need to specify the Chain of
      Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
      of image descriptors. The authentication module assumes that each
      image descriptor in this array is indexed by its unique image
      identifier. For example, the Trusted Boot Firmware Certificate has to
      be at index [TRUSTED_BOOT_FW_CERT_ID].
      
      Unique image identifiers may not necessarily be consecutive. Also,
      a given BL image might not use all image descriptors. For example, BL1
      does not need any of the descriptors related to BL31. As a result, the
      CoT array might contain holes, which unnecessarily takes up space in
      the BL binary.
      
      Using pointers to auth_img_desc_t structs (rather than structs
      themselves) means these unused elements only use 1 pointer worth of
      space, rather than one struct worth of space. This patch also changes
      the code which accesses this array to reflect the change to pointers.
      
      Image descriptors not needed in BL1 or BL2 respectively are also
      ifdef'd out in this patch. For example, verifying the BL31 image is
      the responsibility of BL2 so BL1 does not need any of the data
      structures describing BL31.
      
      memory diff:
      bl1:        bl2:
          text        text
            -20         -20
          bss         bss
            -1463       0
          data        data
            -256        -48
          rodata      rodata
            -5240       -1952
          total       total
            -6979       -2020
      
      Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      0b6377d1
  7. 01 Apr, 2019 1 commit
  8. 28 Feb, 2019 1 commit
  9. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  10. 28 Sep, 2018 1 commit
  11. 04 Sep, 2018 1 commit
    • John Tsichritzis's avatar
      Prepare Mbed TLS drivers for shared heap · 6d01a463
      John Tsichritzis authored
      
      
      The Mbed TLS drivers, in order to work, need a heap for internal usage.
      This heap, instead of being directly referenced by the drivers, now it
      is being accessed indirectly through a pointer. Also, the heap, instead
      of being part of the drivers, now it is being received through the
      plat_get_mbedtls_heap() function. This function requests a heap from the
      current BL image which utilises the Mbed TLS drivers.
      
      Those changes create the opportunity for the Mbed TLS heap to be shared
      among different images, thus saving memory. A default heap
      implementation is provided but it can be overridden by a platform
      specific, optimised implemenetation.
      
      Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      6d01a463
  12. 22 Aug, 2018 1 commit
  13. 03 Aug, 2018 3 commits
  14. 18 Jun, 2018 1 commit
  15. 18 May, 2018 1 commit
  16. 13 Apr, 2018 2 commits
    • Roberto Vargas's avatar
      Fix MISRA rule 8.4 Part 4 · 3b94189a
      Roberto Vargas authored
      
      
      Rule 8.4: A compatible declaration shall be visible when
                an object or function with external linkage is defined
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
      	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
      	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
      
      Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      3b94189a
    • Roberto Vargas's avatar
      Fix MISRA rule 8.3 Part 4 · 735181b6
      Roberto Vargas authored
      
      
      Rule 8.3: All declarations of an object or function shall
                use the same names and type qualifiers
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
      	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
      	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
      
      Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      735181b6
  17. 27 Mar, 2018 1 commit
    • Joel Hutton's avatar
      Clean usage of void pointers to access symbols · 9f85f9e3
      Joel Hutton authored
      
      
      Void pointers have been used to access linker symbols, by declaring an
      extern pointer, then taking the address of it. This limits symbols
      values to aligned pointer values. To remove this restriction an
      IMPORT_SYM macro has been introduced, which declares it as a char
      pointer and casts it to the required type.
      
      Change-Id: I89877fc3b13ed311817bb8ba79d4872b89bfd3b0
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      9f85f9e3
  18. 26 Feb, 2018 1 commit
  19. 18 Jan, 2018 1 commit
  20. 21 Nov, 2017 1 commit
  21. 22 Sep, 2017 2 commits
  22. 31 Aug, 2017 2 commits
    • Soby Mathew's avatar
      cert_tool: Support for legacy RSA PKCS#1 v1.5 · a8eb286a
      Soby Mathew authored
      
      
      This patch enables choice of RSA version at run time to be used for
      generating signatures by the cert_tool. The RSA PSS as defined in
      PKCS#1 v2.1 becomes the default version and this patch enables to specify
      the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
      -a option. Also, the build option `KEY_ALG` can be used to pass this
      option from the build system. Please note that RSA PSS is mandated
      by Trusted Board Boot requirements (TBBR) and legacy RSA support is
      being added for compatibility reasons.
      
      Fixes ARM-Software/tf-issues#499
      Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
      Co-Authored-By: default avatarEleanor Bonnici <Eleanor.bonnici@arm.com>
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a8eb286a
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
  23. 09 Aug, 2017 1 commit
  24. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  25. 28 Jun, 2017 2 commits
    • Soby Mathew's avatar
      Do basic CryptoCell LCS check · fd2b42f4
      Soby Mathew authored
      
      
      This patch implements the basic lifecycle state check when CryptoCell
      SBROM is initialized. Currently the check ensures that if the lifecycle
      state is Security Disabled (SD), the boot process does not proceed
      further.
      
      Change-Id: I5101335453cd3ea413e97bcfb9138a96c05e1aea
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      fd2b42f4
    • Soby Mathew's avatar
      Add CC crypto driver to the Auth module · 4eb20d99
      Soby Mathew authored
      
      
      This patch adds a crypto driver which utilizes the ARM® TrustZone®
      CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
      with this driver, the CryptoCell SBROM library is required to successfully
      build the BL image. The path to this library is specified via
      the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required
      to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for
      signature and hash verification.
      
      Change-Id: If82dfbae0d7772ba1c64839f0b27850c103fe253
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      4eb20d99
  26. 06 Jun, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Don't use tf_snprintf if option not defined · c46c18c5
      Antonio Nino Diaz authored
      
      
      If `MBEDTLS_PLATFORM_SNPRINTF_ALT` isn't used, the function
      `mbedtls_platform_set_snprintf()` isn't defined.
      
      In case a platform uses a different mbed TLS configuration file than
      the one provided by the Trusted Firmware, and it doesn't define the
      mentioned build option, this will result in a build error.
      
      This patch modifies the initialization code so that
      `mbedtls_platform_set_snprintf()` is only used if
      `MBEDTLS_PLATFORM_SNPRINTF_ALT` is defined, allowing platforms to use
      it or not depending on their needs.
      
      Change-Id: I1d5c86d57e9b2871ba463030bf89210ebec5178e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c46c18c5
  27. 05 Jun, 2017 2 commits
  28. 31 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Define optimized mbed TLS heap size · 05fd893e
      Antonio Nino Diaz authored
      
      
      mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()`
      to analyse the RAM usage of the library.
      
      When RSA is selected as algorithm, the maximum heap usage in FVP and
      Juno has been determined empirically to be approximately 5.5 KiB.
      However, The default heap size used when RSA is selected is 8 KiB.
      
      This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS
      sections of both BL1 and BL2 are 2 KiB smaller when the firmware is
      compiled with TBB support.
      
      Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      05fd893e
  29. 24 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Use `tf_snprintf` instead of `snprintf` · ab1794f5
      Antonio Nino Diaz authored
      
      
      The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
      This subset internally uses `snprintf`, but the only format specifier
      used is '%d', which is supported by `tf_snprintf`.
      
      This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
      saving 3 KB in both debug and release builds when TBBR is enabled.
      
      Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ab1794f5
  30. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a