1. 24 Jul, 2015 6 commits
    • danh-arm's avatar
      Merge pull request #341 from vwadekar/tegra-denver-plat-support-v3 · 7d4479a3
      danh-arm authored
      Tegra denver plat support v3
      7d4479a3
    • Varun Wadekar's avatar
      Tegra: modify 'BUILD_PLAT' to point to soc specific build dirs · 1f95e28c
      Varun Wadekar authored
      
      
      This patch modifies the 'BUILD_PLAT' makefile variable to point to the soc
      specific build directory in order to allow each Tegra soc to have its own
      build directory. This way we can keep the build outputs separate and can
      keep multiple soc specific builds alive at the same time.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      1f95e28c
    • Varun Wadekar's avatar
      Tegra: Support for Tegra's T132 platforms · e7d4caa2
      Varun Wadekar authored
      
      
      This patch implements support for T132 (Denver CPU) based Tegra
      platforms.
      
      The following features have been added:
      
      * SiP calls to switch T132 CPU's AARCH mode
      * Complete PSCI support, including 'System Suspend'
      * Platform specific MMIO settings
      * Locking of CPU vector registers
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e7d4caa2
    • Varun Wadekar's avatar
      Add "Project Denver" CPU support · 3a8c55f6
      Varun Wadekar authored
      
      
      Denver is NVIDIA's own custom-designed, 64-bit, dual-core CPU which is
      fully ARMv8 architecture compatible.  Each of the two Denver cores
      implements a 7-way superscalar microarchitecture (up to 7 concurrent
      micro-ops can be executed per clock), and includes a 128KB 4-way L1
      instruction cache, a 64KB 4-way L1 data cache, and a 2MB 16-way L2
      cache, which services both cores.
      
      Denver implements an innovative process called Dynamic Code Optimization,
      which optimizes frequently used software routines at runtime into dense,
      highly tuned microcode-equivalent routines. These are stored in a
      dedicated, 128MB main-memory-based optimization cache. After being read
      into the instruction cache, the optimized micro-ops are executed,
      re-fetched and executed from the instruction cache as long as needed and
      capacity allows.
      
      Effectively, this reduces the need to re-optimize the software routines.
      Instead of using hardware to extract the instruction-level parallelism
      (ILP) inherent in the code, Denver extracts the ILP once via software
      techniques, and then executes those routines repeatedly, thus amortizing
      the cost of ILP extraction over the many execution instances.
      
      Denver also features new low latency power-state transitions, in addition
      to extensive power-gating and dynamic voltage and clock scaling based on
      workloads.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      3a8c55f6
    • Varun Wadekar's avatar
      Tegra: implement per-SoC validate_power_state() handler · 93eafbca
      Varun Wadekar authored
      
      
      The validate_power_state() handler checks the power_state for a valid afflvl
      and state id. Although the afflvl check is common, the state ids are implementation
      defined.
      
      This patch moves the handler to the tegra/soc folder to allow each SoC to validate
      the power_state for supported parameters.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      93eafbca
    • Varun Wadekar's avatar
      Tegra: T210: include CPU files from SoC's platform.mk · fb11a62f
      Varun Wadekar authored
      
      
      This patch moves the inclusion of CPU code (A53, A57) to T210's
      makefile. This way we can reduce code size for Tegra platforms by
      including only the required CPU files.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      fb11a62f
  2. 17 Jul, 2015 12 commits
  3. 16 Jul, 2015 1 commit
    • Juan Castillo's avatar
      Fix bug in semihosting write function · 31833aff
      Juan Castillo authored
      The return value from the SYS_WRITE semihosting operation is 0 if
      the call is successful or the number of bytes not written, if there
      is an error. The implementation of the write function in the
      semihosting driver treats the return value as the number of bytes
      written, which is wrong. This patch fixes it.
      
      Change-Id: Id39dac3d17b5eac557408b8995abe90924c85b85
      31833aff
  4. 15 Jul, 2015 1 commit
    • Sandrine Bailleux's avatar
      Update user guide to use Linaro releases · 640af0ee
      Sandrine Bailleux authored
      Linaro produce monthly software releases for the Juno and AEMv8-FVP
      platforms. These provide an integrated set of software components
      that have been tested together on these platforms.
      
      From now on, it is recommend that Trusted Firmware developers use the
      Linaro releases (currently 15.06) as a baseline for the dependent
      software components: normal world firmware, Linux kernel and device
      tree, file system as well as any additional micro-controller firmware
      required by the platform.
      
      This patch updates the user guide to document this new process. It
      changes the instructions to get the source code of the full software
      stack (including Trusted Firmware) and updates the dependency build
      instructions to make use of the build scripts that the Linaro releases
      provide.
      
      Change-Id: Ia8bd043f4b74f1e1b10ef0d12cc8a56ed3c92b6e
      640af0ee
  5. 09 Jul, 2015 1 commit
    • Juan Castillo's avatar
      Use uintptr_t as base address type in ARM driver APIs · 02462972
      Juan Castillo authored
      This patch changes the type of the base address parameter in the
      ARM device driver APIs to uintptr_t (GIC, CCI, TZC400, PL011). The
      uintptr_t type allows coverage of the whole memory space and to
      perform arithmetic operations on the addresses. ARM platform code
      has also been updated to use uintptr_t as GIC base address in the
      configuration.
      
      Fixes ARM-software/tf-issues#214
      
      Change-Id: I1b87daedadcc8b63e8f113477979675e07d788f1
      02462972
  6. 07 Jul, 2015 1 commit
  7. 06 Jul, 2015 1 commit
  8. 02 Jul, 2015 1 commit
  9. 01 Jul, 2015 2 commits
    • Achin Gupta's avatar
      Merge pull request #326 from jcastillo-arm/jc/tbb_ecdsa · 1ea5233f
      Achin Gupta authored
      TBB: build 'cert_create' with ECDSA only if OpenSSL supports it
      1ea5233f
    • Juan Castillo's avatar
      TBB: build 'cert_create' with ECDSA only if OpenSSL supports it · ed2a76ea
      Juan Castillo authored
      Some Linux distributions include an OpenSSL library which has been
      built without ECDSA support. Trying to build the certificate
      generation tool on those distributions will result in a build error.
      
      This patch fixes that issue by including ECDSA support only if
      OpenSSL has been built with ECDSA. In that case, the OpenSSL
      configuration file does not define the OPENSSL_NO_EC macro. The tool
      will build successfully, although the resulting binary will not
      support ECDSA keys.
      
      Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
      ed2a76ea
  10. 25 Jun, 2015 14 commits
    • danh-arm's avatar
      Merge pull request #315 from jcastillo-arm/jc/tbb_tmp9 · 84f95bed
      danh-arm authored
      Authentication Framework
      84f95bed
    • Juan Castillo's avatar
      TBB: add authentication framework documentation · d337aaaf
      Juan Castillo authored
      This patch updates the user guide, adding instructions to build the
      Trusted Firmware with Trusted Board Support using the new framework.
      
      It also provides documentation about the framework itself, including
      a detailed section about the TBBR implementation using the framework.
      
      Change-Id: I0849fce9c5294cd4f52981e7a8423007ac348ec6
      d337aaaf
    • Juan Castillo's avatar
      TBB: delete deprecated plat_match_rotpk() · f04585f3
      Juan Castillo authored
      The authentication framework deprecates plat_match_rotpk()
      in favour of plat_get_rotpk_info(). This patch removes
      plat_match_rotpk() from the platform port.
      
      Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
      f04585f3
    • Juan Castillo's avatar
      TBB: delete deprecated PolarSSL authentication module · 962f7c51
      Juan Castillo authored
      After updating the main authentication module to use the transport
      and crypto modules and the CoT description, the PolarSSL
      authentication module is no longer required. This patch deletes it.
      
      Change-Id: I8ba1e13fc1cc7b2fa9df14ff59eb798f0460b878
      962f7c51
    • Juan Castillo's avatar
      TBB: switch to the new authentication framework · 1779ba6b
      Juan Castillo authored
      This patch modifies the Trusted Board Boot implementation to use
      the new authentication framework, making use of the authentication
      module, the cryto module and the image parser module to
      authenticate the images in the Chain of Trust.
      
      A new function 'load_auth_image()' has been implemented. When TBB
      is enabled, this function will call the authentication module to
      authenticate parent images following the CoT up to the root of
      trust to finally load and authenticate the requested image.
      
      The platform is responsible for picking up the right makefiles to
      build the corresponding cryptographic and image parser libraries.
      ARM platforms use the mbedTLS based libraries.
      
      The platform may also specify what key algorithm should be used
      to sign the certificates. This is done by declaring the 'KEY_ALG'
      variable in the platform makefile. FVP and Juno use ECDSA keys.
      
      On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
      each to accommodate the ECDSA code.
      
      REMOVED BUILD OPTIONS:
      
        * 'AUTH_MOD'
      
      Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
      1779ba6b
    • Juan Castillo's avatar
      TBB: add ECDSA support to the certificate generation tool · ccbf890e
      Juan Castillo authored
      This patch extends the 'cert_create' tool to support ECDSA keys
      to sign the certificates. The '--key-alg' command line option
      can be used to specify the key algorithm when invoking the tool.
      Available options are:
      
          * 'rsa': create RSA-2048 keys (default option)
          * 'ecdsa': create ECDSA-SECP256R1 keys
      
      The TF Makefile has been updated to allow the platform to specify
      the key algorithm by declaring the 'KEY_ALG' variable in the
      platform makefile.
      
      The behaviour regarding key management has changed. After applying
      this patch, the tool will try first to open the keys from disk. If
      one key does not exist or no key is specified, and the command line
      option to create keys has been specified, new keys will be created.
      Otherwise an error will be generated and the tool will exit. This
      way, the user may specify certain keys while the tool will create
      the remaining ones. This feature is useful for testing purposes
      and CI infrastructures.
      
      The OpenSSL directory may be specified using the build option
      'OPENSSL_DIR' when building the certificate generation tool.
      Default is '/usr'.
      
      Change-Id: I98bcc2bfab28dd7179f17f1177ea7a65698df4e7
      ccbf890e
    • Juan Castillo's avatar
      TBB: add TBBR Chain of Trust · dff93c86
      Juan Castillo authored
      This patch adds a CoT based on the Trusted Board Boot Requirements
      document*. The CoT consists of an array of authentication image
      descriptors indexed by the image identifiers.
      
      A new header file with TBBR image identifiers has been added.
      Platforms that use the TBBR (i.e. ARM platforms) may reuse these
      definitions as part of their platform porting.
      
      PLATFORM PORT - IMPORTANT:
      
      Default image IDs have been removed from the platform common
      definitions file (common_def.h). As a consequence, platforms that
      used those common definitons must now either include the IDs
      provided by the TBBR header file or define their own IDs.
      
      *The NVCounter authentication method has not been implemented yet.
      
      Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
      dff93c86
    • Juan Castillo's avatar
      TBB: add mbedTLS authentication related libraries · 7d37aa17
      Juan Castillo authored
      This patch adds the following mbedTLS based libraries:
      
      * Cryptographic library
      
      It is used by the crypto module to verify a digital signature
      and a hash. This library relies on mbedTLS to perform the
      cryptographic operations. mbedTLS sources must be obtained
      separately.
      
      Two key algorithms are currently supported:
      
          * RSA-2048
          * ECDSA-SECP256R1
      
      The platform is responsible for picking up the required
      algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
      platform makefile. Available options are:
      
          * 'rsa' (for RSA-2048) (default option)
          * 'ecdsa' (for ECDSA-SECP256R1)
      
      Hash algorithm currently supported is SHA-256.
      
      * Image parser library
      
      Used by the image parser module to extract the authentication
      parameters stored in X509v3 certificates.
      
      Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
      7d37aa17
    • Juan Castillo's avatar
      TBB: add authentication framework · 05799ae0
      Juan Castillo authored
      This patch adds the authentication framework that will be used as
      the base to implement Trusted Board Boot in the Trusted Firmware.
      The framework comprises the following modules:
      
      - Image Parser Module (IPM)
      
          This module is responsible for interpreting images, check
          their integrity and extract authentication information from
          them during Trusted Board Boot.
      
          The module currently supports three types of images i.e.
          raw binaries, X509v3 certificates and any type specific to
          a platform. An image parser library must be registered for
          each image type (the only exception is the raw image parser,
          which is included in the main module by default).
      
          Each parser library (if used) must export a structure in a
          specific linker section which contains function pointers to:
      
              1. Initialize the library
              2. Check the integrity of the image type supported by
                 the library
              3. Extract authentication information from the image
      
      - Cryptographic Module (CM)
      
          This module is responsible for verifying digital signatures
          and hashes. It relies on an external cryptographic library
          to perform the cryptographic operations.
      
          To register a cryptographic library, the library must use the
          REGISTER_CRYPTO_LIB macro, passing function pointers to:
      
              1. Initialize the library
              2. Verify a digital signature
              3. Verify a hash
      
          Failing to register a cryptographic library will generate
          a build time error.
      
      - Authentication Module (AM)
      
          This module provides methods to authenticate an image, like
          hash comparison or digital signatures. It uses the image parser
          module to extract authentication parameters, the crypto module
          to perform cryptographic operations and the Chain of Trust to
          authenticate the images.
      
          The Chain of Trust (CoT) is a data structure that defines the
          dependencies between images and the authentication methods
          that must be followed to authenticate an image.
      
      The Chain of Trust, when added, must provide a header file named
      cot_def.h with the following definitions:
      
      - COT_MAX_VERIFIED_PARAMS
      
          Integer value indicating the maximum number of authentication
          parameters an image can present. This value will be used by the
          authentication module to allocate the memory required to load
          the parameters in the image descriptor.
      
      Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
      05799ae0
    • Juan Castillo's avatar
      TBB: add platform API to read the ROTPK information · 95cfd4ad
      Juan Castillo authored
      This patch extends the platform port by adding an API that returns
      either the Root of Trust public key (ROTPK) or its hash. This is
      usually stored in ROM or eFUSE memory. The ROTPK returned must be
      encoded in DER format according to the following ASN.1 structure:
      
          SubjectPublicKeyInfo  ::=  SEQUENCE  {
              algorithm           AlgorithmIdentifier,
              subjectPublicKey    BIT STRING
          }
      
      In case the platform returns a hash of the key:
      
          DigestInfo  ::= SEQUENCE {
              digestAlgorithm     AlgorithmIdentifier,
              keyDigest           OCTET STRING
          }
      
      An implementation for ARM development platforms is provided in this
      patch. When TBB is enabled, the ROTPK hash location must be specified
      using the build option 'ARM_ROTPK_LOCATION'. Available options are:
      
          - 'regs' : return the ROTPK hash stored in the Trusted
            root-key storage registers.
      
          - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
            BL2 binaries. This hash has been obtained from the development
            RSA public key located in 'plat/arm/board/common/rotpk'.
      
      On FVP, the number of MMU tables has been increased to map and
      access the ROTPK registers.
      
      A new file 'board_common.mk' has been added to improve code sharing
      in the ARM develelopment platforms.
      
      Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
      95cfd4ad
    • Juan Castillo's avatar
      Use numbers to identify images instead of names · 16948ae1
      Juan Castillo authored
      The Trusted firmware code identifies BL images by name. The platform
      port defines a name for each image e.g. the IO framework uses this
      mechanism in the platform function plat_get_image_source(). For
      a given image name, it returns the handle to the image file which
      involves comparing images names. In addition, if the image is
      packaged in a FIP, a name comparison is required to find the UUID
      for the image. This method is not optimal.
      
      This patch changes the interface between the generic and platform
      code with regard to identifying images. The platform port must now
      allocate a unique number (ID) for every image. The generic code will
      use the image ID instead of the name to access its attributes.
      
      As a result, the plat_get_image_source() function now takes an image
      ID as an input parameter. The organisation of data structures within
      the IO framework has been rationalised to use an image ID as an index
      into an array which contains attributes of the image such as UUID and
      name. This prevents the name comparisons.
      
      A new type 'io_uuid_spec_t' has been introduced in the IO framework
      to specify images identified by UUID (i.e. when the image is contained
      in a FIP file). There is no longer need to maintain a look-up table
      [iname_name --> uuid] in the io_fip driver code.
      
      Because image names are no longer mandatory in the platform port, the
      debug messages in the generic code will show the image identifier
      instead of the file name. The platforms that support semihosting to
      load images (i.e. FVP) must provide the file names as definitions
      private to the platform.
      
      The ARM platform ports and documentation have been updated accordingly.
      All ARM platforms reuse the image IDs defined in the platform common
      code. These IDs will be used to access other attributes of an image in
      subsequent patches.
      
      IMPORTANT: applying this patch breaks compatibility for platforms that
      use TF BL1 or BL2 images or the image loading code. The platform port
      must be updated to match the new interface.
      
      Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
      16948ae1
    • Juan Castillo's avatar
      TBB: replace assert() with runtime checks in PolarSSL module · d5e0a933
      Juan Castillo authored
      Using assert() to check the length of keys and hashes included in
      a certificate is not a safe approach because assert() only applies
      to debug builds. A malformed certificate could exploit security
      flaws in release binaries due to buffer overflows.
      
      This patch replaces assert() with runtime checkings in the PolarSSL
      authentication module, so malformed certificates can not cause a
      memory overflow.
      
      Change-Id: I42ba912020595752c806cbd242fe3c74077d993b
      d5e0a933
    • Juan Castillo's avatar
      TBB: use ASN.1 type DigestInfo to represent hashes · c3da66b1
      Juan Castillo authored
      The cert_create tool calculates the hash of each BL image and includes
      it as an ASN.1 OCTET STRING in the corresponding certificate extension.
      Without additional information, the firmware running on the platform
      has to know in advance the algorithm used to generate the hash.
      
      This patch modifies the cert_create tool so the certificate extensions
      that include an image hash are generated according to the following
      ASN.1 structure:
      
          DigestInfo ::= SEQUENCE {
              digestAlgorithm  AlgorithmIdentifier,
              digest           OCTET STRING
          }
      
          AlgorithmIdentifier ::=  SEQUENCE  {
              algorithm        OBJECT IDENTIFIER,
              parameters       ANY DEFINED BY algorithm OPTIONAL
          }
      
      The PolarSSL module has been updated to extract the image hash
      from the certificate extension according to this structure.
      
      Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
      c3da66b1
    • Juan Castillo's avatar
      TBB: add build option to save private keys · fd34e7ba
      Juan Castillo authored
      This patch adds a boolean build option 'SAVE_KEYS' to indicate the
      certificate generation tool that it must save the private keys used
      to establish the chain of trust. This option depends on 'CREATE_KEYS'
      to be enabled. Default is '0' (do not save).
      
      Because the same filenames are used as outputs to save the keys,
      they are no longer a dependency to the cert_tool. This dependency
      has been removed from the Makefile.
      
      Documentation updated accordingly.
      
      Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
      fd34e7ba