Skip to content

GitLab

Switch branch/tag
  1. 27 Jan, 2021 2 commits
    • Jimmy Brisson's avatar
      cert-tool: avoid duplicates in extension stack · 1ed941c0
      Jimmy Brisson authored 
      

This bug manifests itself as a segfault triggered by a double-free.

I noticed that right before the double-free, the sk list contained 2
elements with the same address.

    (gdb) p sk_X509_EXTENSION_value(sk, 1)
    $34 = (X509_EXTENSION *) 0x431ad0
    (gdb) p sk_X509_EXTENSION_value(sk, 0)
    $35 = (X509_EXTENSION *) 0x431ad0
    (gdb) p sk_X509_EXTENSION_num(sk)
    $36 = 2

This caused confusion; this should never happen.

I figured that this was caused by a ext_new_xxxx function freeing
something before it is added to the list, so I put a breakpoint on
each of them to step through. I was suprised to find that none of my
breakpoints triggered for the second element of the iteration through
the outer loop just before the double-free.

Looking through the code, I noticed that it's possible to avoid doing
a ext_new_xxxx, when either:
   * ext->type == NVCOUNTER and ext->arg == NULL
   * ext->type == HASH and ext->arg == NULL and ext->optional == false
So I put a breakpoint on both.

It turns out that it was the HASH version, but I added a fix for both.
The fix for the Hash case is simple, as it was a mistake. The fix for
the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
be optional, and when it's optional we can skip it. The other case,
when the NVCOUNTER is required (not optinal), the `check_cmd_params`
function has already verified that the `ext->arg` must be non-NULL.
We assert that before processing it to covert any possible segfaults
into more descriptive errors.

This should no longer cause double-frees by adding the same ext twice.

Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      1ed941c0
    • Manish V Badarkhe's avatar
      tools: cert_create: Create only requested certificates · 294e2656
      Manish V Badarkhe authored 
      

The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the command line parameters.

Code is optimized to avoid unnecessary attempts to create
non-requested certificates.
Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
      294e2656
  3. 13 Jan, 2021 1 commit
    • Ross Burton's avatar
      tools: don't clean when building · 69a91659
      Ross Burton authored 
      

Don't depend on clean when building, as the user is capable of cleaning
if required and this introduces a race where "all" depends on both the
compile and the clean in parallel.  It's quite possible for some of the
compile to happen in parallel with the clean, which results in the link
failing as objects just built are missing.

Change-Id: I710711eea7483cafa13251c5d94ec693148bd001
Signed-off-by: default avatarRoss Burton <ross.burton@arm.com>
      69a91659
  5. 20 Oct, 2020 4 commits
  7. 07 Sep, 2020 1 commit
  9. 23 Aug, 2020 1 commit
  11. 12 Aug, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add Platform owned secure partitions support · 23d5f03a
      Manish Pandey authored 
      

Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.

Platform RoT key pair is used for signing.
Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
      23d5f03a
  13. 24 Jun, 2020 1 commit
  15. 11 Jun, 2020 1 commit
  17. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add SiP owned secure partitions support · 0792dd7d
      Manish Pandey authored 
      

Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.

A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.

Following new options added to cert_tool:
 --sip-sp-cert --> SiP owned Secure Partition Content Certificate
 --sp-pkg1 --> Secure Partition Package1 file
 --sp-pkg2
 .....
 --sp-pkg8

Trusted world key pair is used for signing.

Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
      0792dd7d
  19. 24 Feb, 2020 1 commit
  21. 29 Jan, 2020 3 commits
  23. 14 Jan, 2020 1 commit
  25. 12 Sep, 2019 2 commits
    • Justin Chadwell's avatar
      Remove RSA PKCS#1 v1.5 support from cert_tool · 6a415a50
      Justin Chadwell authored 
      Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
in SHA fe199e3b

, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      6a415a50
    • Justin Chadwell's avatar
      Add cert_create tool support for RSA key sizes · dfe0f4c2
      Justin Chadwell authored 
      

cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.

Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      dfe0f4c2
  27. 16 Aug, 2019 1 commit
  29. 12 Mar, 2019 1 commit
  31. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored 
      

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  33. 04 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      tools: Make invocation of host compiler correct · 750e8d80
      Antonio Nino Diaz authored 
      

HOSTCC should be used in any of the tools inside the tools/ directory
instead of CC. That way it is possible to override both values from the
command line when building the Trusted Firmware and the tools at the
same time. Also, use HOSTCCFLAGS instead of CFLAGS.

Also, instead of printing the strings CC and LD in the console during
the compilation of the tools, HOSTCC and HOSTLD have to be used for
clarity. This is how it is done in other projects like U-Boot or Linux.

Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      750e8d80
  35. 06 Jul, 2018 1 commit
  37. 27 Jun, 2018 1 commit
  39. 18 May, 2018 1 commit
  41. 30 Apr, 2018 1 commit
  43. 05 Mar, 2018 1 commit
  45. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      Dynamic cfg: Update the tools · e24659df
      Soby Mathew authored 
      

This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.

Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e24659df
  47. 21 Nov, 2017 1 commit
  49. 09 Oct, 2017 1 commit
    • Qixiang Xu's avatar
      cert_tool: Fix ECDSA certificates create failure · 1727de0e
      Qixiang Xu authored 
      Commit a8eb286a

 introduced the
following error when creating ECDSA certificates.
    ERROR:   Error creating key 'Trusted World key'
    Makefile:634: recipe for target 'certificates' failed
    make: *** [certificates] Error 1

this patch adds the function to create PKCS#1 v1.5.

Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537
Signed-off-by: default avatarQixiang Xu <qixiang.xu@arm.com>
      1727de0e
  51. 08 Oct, 2017 1 commit
  53. 11 Sep, 2017 1 commit
    • Soby Mathew's avatar
      Set default value of USE_TBBR_DEFS · 4a2bf951
      Soby Mathew authored 
      

Using the OIDs defined in tbbr_oids.h is the recommended way to build
the cert_create tool. This patch hence sets default value of the build
flag USE_TBBR_DEFS to 1 in the Makefile in `tools/cert_create` folder
when cert_create is built from this folder.

Fixes ARM-software/tf-issues#482

Change-Id: Id1d224826b3417770bccbefa1b68d9bdb3b567f0
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      4a2bf951
  55. 31 Aug, 2017 1 commit
    • Soby Mathew's avatar
      cert_tool: Support for legacy RSA PKCS#1 v1.5 · a8eb286a
      Soby Mathew authored 
      

This patch enables choice of RSA version at run time to be used for
generating signatures by the cert_tool. The RSA PSS as defined in
PKCS#1 v2.1 becomes the default version and this patch enables to specify
the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
-a option. Also, the build option `KEY_ALG` can be used to pass this
option from the build system. Please note that RSA PSS is mandated
by Trusted Board Boot requirements (TBBR) and legacy RSA support is
being added for compatibility reasons.

Fixes ARM-Software/tf-issues#499
Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
Co-Authored-By: default avatarEleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a8eb286a
  57. 09 Aug, 2017 1 commit
  59. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored 
      

This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  61. 12 Jun, 2017 1 commit
  63. 05 Jun, 2017 1 commit
    • Soby Mathew's avatar
      cert_create: Use RSASSA-PSS signature scheme for certificates · 1f33ad4e
      Soby Mathew authored 
      

This patch modifies the `cert_create` tool to use RSASSA-PSS scheme for
signing the certificates. This is compliant with RSA PKCS_2_1 standard as
mandated by TBBR.

Note that the certificates generated by using cert_create tool after this
patch can be authenticated during TBB only if the corresponding mbedtls
driver in ARM Trusted Firmware has the corresponding support.

Change-Id: If224f41c76b3c4765ae2af5259e67f73602818a4
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1f33ad4e
  65. 24 May, 2017 1 commit