GitLab

This patch adds non-volatile counter support to the Certificate
Generation tool. The TBBR Chain of Trust definition in the tool
has been extended to include the counters as certificate extensions.
The counter values can be specified in the command line.

The following default counter values are specified in the build
system:

  * Trusted FW Non-Volatile counter = 0
  * Non-Trusted FW Non-Volatile counter = 0

These values can be overridden by the platform at build time.

Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c

This allows reproducible builds (same source and same compiler produce
bit-identical results) and also allows coordinating the timestamp across
multiple projects, eg. with another firmware.
Signed-off-by: Patrick Georgi <pgeorgi@google.com>

The fip_create tool specifies images in the command line using the
ARM TF naming convention (--bl2, --bl31, etc), while the cert_create
tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double
convention is confusing and should be aligned.

This patch updates the fip_create command line options to follow the
TBBR naming convention. Usage examples in the User Guide have been
also updated.

NOTE: users that build the FIP by calling the fip_create tool directly
from the command line must update the command line options in their
scripts. Users that build the FIP by invoking the main ARM TF Makefile
should not notice any difference.

Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f

This patch removes the dash character from the image name, to
follow the image terminology in the Trusted Firmware Wiki page:

    https://github.com/ARM-software/arm-trusted-firmware/wiki

Changes apply to output messages, comments and documentation.

non-ARM platform files have been left unmodified.

Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76

This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):

    BL0          -->  SCP_BL1
    BL30, BL3-0  -->  SCP_BL2
    bl30         -->  scp_bl2

This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.

IMPORTANT: build option to specify the SCP FW image has changed:

    BL30 --> SCP_BL2

IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:

    BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
    BL30_BASE --> SCP_BL2_BASE
    bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
    bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()

Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58

This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:

    * Certificate UUID names
    * Certificate identifier names
    * OID names

Changes apply to:

    * Generic code (variables and defines)
    * The default certificate identifiers provided in the generic
      code
    * Build system
    * ARM platforms port
    * cert_create tool internal definitions
    * fip_create and cert_create tools command line options
    * Documentation

IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:

Certificate UUIDs:

    UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
    UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
    UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
    UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
    UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
    UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
    UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
    UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
    UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT

Certificate identifiers:

    BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
    BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
    BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
    BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
    BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
    BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
    BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
    BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
    BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID

OIDs:

    TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
    NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
    BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
    TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
    NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
    BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
    BL30_HASH_OID --> SCP_FW_HASH_OID
    BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
    BL31_HASH_OID --> SOC_AP_FW_HASH_OID
    BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
    BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
    BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
    BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
    BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
    SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
    NS_BL2U_HASH_OID --> FWU_HASH_OID

Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079

Firmware update feature needs a new FIP called `fwu_fip.bin` that
includes Secure(SCP_BL2U, BL2U) and Normal world(NS_BL2U) images
along with the FWU_CERT certificate in order for NS_BL1U to load
the images and help the Firmware update process to complete.

This patch adds the capability to support the new target `fwu_fip`
which includes above mentioned FWU images in the make files.

The new target of `fwu_fip` and its dependencies are included for
compilation only when `TRUSTED_BOARD_BOOT` is defined.

Change-Id: Ie780e3aac6cbd0edfaff3f9af96a2332bd69edbc

The Firmware Update (FWU) feature needs support for an optional
secure world image, BL2U, to allow additional secure world
initialization required by FWU, for example DDR initialization.

This patch adds generic framework support to create BL2U.

NOTE: A platform makefile must supply additional `BL2U_SOURCES`
      to build the bl2u target. A subsequent patch adds bl2u
      support for ARM platforms.

Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413

This patch adds `uppercase` macro to prepare IMAGE_BLxx defines
used for conditional compilation and to prepare variables used
for defining BL source and linker file names.

This change is needed for upcoming BL images that can have names
which uses both letters and numbers.

Change-Id: I05ce9bcd0d221a54db92c0fe3ad28e9e0080ed2e

If an SPD wants to use a prebuilt binary as BL32 image (for example,
the OPTEE Dispatcher), it must point the `BL32` variable to the
image file. This dependency should apply only to the `fip` target.
However, it also applies to the `all` target at the moment. If the
user tries to build all individual TF images using `make all`
without setting BL32, the build fails. The following command will
throw the error:

    make CROSS_COMPILE=aarch64-linux-gnu- SPD=opteed all
    ...
    ...
    aarch64-linux-gnu-gcc: fatal error: no input files
    compilation terminated.
    make: *** [build/fvp/release/bl32/bl32.ld] Error 1

The reason is that the build system checks if BL32 is defined, and
if it is not, it will try to build BL32 from source. If the SPD
makefile does not provide support for that (as is the case of the
OPTEE Dispatcher, since OPTEE is provided as an external binary),
the build will fail.

This patch fixes the issue by checking if `BL32_SOURCES` has been
defined by the SPD before attempting to build BL32 from source.
If neither `BL32` nor `BL32_SOURCES` is defined when building the
FIP, a warning message will be printed and the process aborted.

Fixes ARM-software/tf-issues#333

Change-Id: I5e801ad333103ed9b042e5c4757424c8df2ff6e4

Currently, if no make goal is specified in the command line, 'all'
is assumed by default, but the dependency files are not generated.
This might lead to a successful but inconsistent build. This patch
provides a fix to the problem.

Change-Id: I0148719e114dbdbe46f8a57c7d05da7cbc212c92

This patch is a complete rework of the main Makefile. Functionality
remains the same but the code has been reorganized in sections in
order to improve readability and facilitate adding future extensions.

A new file 'build_macros.mk' has been created and will contain common
definitions (variables, macros, etc) that may be used from the main
Makefile and other platform specific makefiles.

A new macro 'FIP_ADD_IMG' has been introduced and it will allow the
platform to specify binary images and the necessary checks for a
successful build. Platforms that require a BL30 image no longer need
to specify the NEED_BL30 option. The main Makefile is now completely
unaware of additional images not built as part of Trusted Firmware,
like BL30. It is the platform responsibility to specify images using
the macro 'FIP_ADD_IMG'. Juno uses this macro to include the BL30
image in the build.

BL33 image is specified in the main Makefile to preserve backward
compatibility with the NEED_BL33 option. Otherwise, platform ports
that rely on the definition of NEED_BL33 might break.

All Trusted Board Boot related definitions have been moved to a
separate file 'tbbr_tools.mk'. The main Makefile will include this
file unless the platform indicates otherwise by setting the variable
'INCLUDE_TBBR_MK := 0' in the corresponding platform.mk file. This
will keep backward compatibility but ideally each platform should
include the corresponding TBB .mk file in platform.mk.

Change-Id: I35e7bc9930d38132412e950e20aa2a01e2b26801