GitLab

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

This patch enables Trusted Board Boot for warp7. A subsequent patch
contains build/run instructions.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Jun Nie <jun.nie@linaro.org>

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca339

 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This patch adds experimental support for TRUSTED_BOARD_BOOT to the
Hikey. This is adapted from the RPi3 and QEMU implementations.

Since the Hikey starts from BL2 the TRUSTED_BOARD_BOOT ROT begins there
too. When TRUSTED_BOARD_BOOT is defined, the BL1 build is skipped.

See the following example:

make \
 PLAT=hikey \
 BL33=u-boot.bin \
 SCP_BL2=mcuimage.bin \
 TRUSTED_BOARD_BOOT=1 \
 MBEDTLS_DIR=../../mbedtls \
 GENERATE_COT=1 \
 all fip
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>

This patch adds support for TBB to qemu. An RSA ROT keypair is generated at
build time and is included into BL1/BL2. The key and content certificates
are read over semihosting.

Fixes ARM-software/tf-issues#526
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>

Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
It is up to users how to retrieve ROTPK if the ROT verification is
desired.  This is not nice.

This commit improves plat_get_rotpk_info() implementation and automates
the ROTPK deployment.  UniPhier platform has no ROTPK storage, so it
should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
This makes sense because UniPhier platform implements its internal ROM
i.e. BL1 is used as updatable pseudo ROM.

Things work like this:

- ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
  Users can override ROT_KEY from the command line if they want to
  use a specific ROT key.

- ROTPK_HASH is generated based on ROT_KEY.

- ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.

- ROT_KEY is input to cert_create tool.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Initial commit for Socionext UniPhier SoC support.  BL1, Bl2, and
BL31 are supported.  Refer to docs/plat/socionext-uniphier.md for
more detais.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>