- 09 Oct, 2017 1 commit
-
-
Qixiang Xu authored
Commit a8eb286a introduced the following error when creating ECDSA certificates. ERROR: Error creating key 'Trusted World key' Makefile:634: recipe for target 'certificates' failed make: *** [certificates] Error 1 this patch adds the function to create PKCS#1 v1.5. Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 08 Oct, 2017 1 commit
-
-
Michalis Pappas authored
This patch fixes incompatibility issues that prevent building the cert_tool with OpenSSL >= v1.1.0. The changes introduced are still backwards compatible with OpenSSL v1.0.2. Fixes arm-software/trusted-fw#521 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
-
- 11 Sep, 2017 1 commit
-
-
Soby Mathew authored
Using the OIDs defined in tbbr_oids.h is the recommended way to build the cert_create tool. This patch hence sets default value of the build flag USE_TBBR_DEFS to 1 in the Makefile in `tools/cert_create` folder when cert_create is built from this folder. Fixes ARM-software/tf-issues#482 Change-Id: Id1d224826b3417770bccbefa1b68d9bdb3b567f0 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 31 Aug, 2017 1 commit
-
-
Soby Mathew authored
This patch enables choice of RSA version at run time to be used for generating signatures by the cert_tool. The RSA PSS as defined in PKCS#1 v2.1 becomes the default version and this patch enables to specify the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line -a option. Also, the build option `KEY_ALG` can be used to pass this option from the build system. Please note that RSA PSS is mandated by Trusted Board Boot requirements (TBBR) and legacy RSA support is being added for compatibility reasons. Fixes ARM-Software/tf-issues#499 Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73 Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 30 Aug, 2017 1 commit
-
-
Evan Lloyd authored
Unix does not distinguish binary and text modes. On Windows the 'b' flag (e.g. "rb" instead of "r") is used to indicate that files should be opened in binary mode. This has no impact on Unix, but is needed on Windows to avoid end-of-line issues. Change-Id: I69424c55735d5d563d36c50bedd6357b8e05137e Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
-
- 09 Aug, 2017 1 commit
-
-
Summer Qin authored
Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 31 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of system includes to meet the ARM TF coding standard whilst retaining header groupings. Change-Id: Ib91968f8e2cac9e96033d73d3ad9d0a2ae228b13 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 26 Jul, 2017 1 commit
-
-
Masahiro Yamada authored
All local headers in tools/fiptool are included by #include "..." notation instead of #include <...>, so there is no need to add the local directory to to the header search path. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 12 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of system includes to meet the ARM TF coding standard. There are some exceptions in order to retain header groupings, minimise changes to imported headers, and where there are headers within the #if and #ifndef statements. Change-Id: I65085a142ba6a83792b26efb47df1329153f1624 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 12 Jun, 2017 1 commit
-
-
dp-arm authored
When V is set from the command line, the value is passed to the tools' Makefiles as well. Change-Id: I91a1f66de5c1ae6f36b6c9f0a9bd550d4a30f092 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 05 Jun, 2017 1 commit
-
-
Soby Mathew authored
This patch modifies the `cert_create` tool to use RSASSA-PSS scheme for signing the certificates. This is compliant with RSA PKCS_2_1 standard as mandated by TBBR. Note that the certificates generated by using cert_create tool after this patch can be authenticated during TBB only if the corresponding mbedtls driver in ARM Trusted Firmware has the corresponding support. Change-Id: If224f41c76b3c4765ae2af5259e67f73602818a4 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 24 May, 2017 1 commit
-
-
dp-arm authored
Tools are built using the compiler specified in `HOSTCC` instead of reusing the `CC` variable. By default, gcc is used. Change-Id: I83636a375c61f4804b4e80784db9d061fe20af87 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 23 May, 2017 2 commits
-
-
Masahiro Yamada authored
Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Some header files need to be shared between TF and host programs. For fiptool, two headers are copied to the tools/fiptool directory, but it looks clumsy. This commit introduces a new directory, include/tools_share, which collects headers that should be shared between TF and host programs. This will clarify the interface exposed to host tools. We should add new headers to this directory only when we really need to do so. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 24 Apr, 2017 1 commit
-
-
Andreas Färber authored
An alignment value of 0x4000 is much easier to type than 16384, so enhance get_image_align() to recognize a 0x prefix for hexadecimals. Signed-off-by: Andreas Färber <afaerber@suse.de>
-
- 27 Feb, 2017 1 commit
-
-
dp-arm authored
Currently, fiptool uses two linked lists. One to chain together all the images and one for all the image descriptors. Initially this was done because not all images had a corresponding image descriptor. This was the case for unknown images which existed in the FIP but there was no descriptor in the builtin table for them. When support for the --blob option came in, we started building descriptors for the unknown images on the fly. As a result every image now has a corresponding image descriptor and therefore it is no longer necessary to keep track of them separately. To simplify the design, maintain only a single linked list of image descriptors. An image descriptor contains a pointer to the corresponding image. If the pointer is NULL, then the descriptor is skipped in all the operations. This approach simplifies the traversal code and avoids redundant lookups. The linked list of image descriptors is populated based on the `toc_entries` array. This means that the order of the images in the FIP file remains the same across add/remove or create/update operations. This is true for all standard images (those specified in `toc_entries`) but not for those specified via the --blob option. Change-Id: Ic29a263c86c8f1efdad322b430368c7623782e2d Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 14 Feb, 2017 1 commit
-
-
dp-arm authored
cppcheck highlighted variables that were initialized but then later reassigned. Change-Id: Ie12742c01fd3bf48b2d6c05a3b448da91d57a2e4 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 11 Feb, 2017 6 commits
-
-
Masahiro Yamada authored
These functions are defined above any calls. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We should follow the Linux coding style, which is clearly stated in the docs/user-guide.mk: When making changes to the source for submission to the project, the source must be in compliance with the Linux style guide and Documentation/process/coding-style.rst of Linux Kernel says: The limit on the length of lines is 80 columns and this is a strongly preferred limit. [ snip ] However, never break user-visible strings such as printk messages, because that breaks the ability to grep for them. The strings for printf() are user-visible, and can exceed the 80 column limit. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The strings in usage functions are sent to stdout by printf(), but some new lines are sent to stderr by fputc(..., stderr). This inconsistency will break the usage format when users re-direct stdout or stderr. Just use printf() for consistency. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
These variables store return values of functions. Remove all of meaningless initializers. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The ext_new_nvcounter() function calls i2d_ASN1_INTEGER() twice; the first call to get the return value "sz", and the second one for writing data into the buffer. This is actually redundant. We can do both by one function call. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 28 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
The current fiptool packs all the images without any padding between them. So, the offset to each image has no alignment. This is not efficient, for example, when the FIP is read from a block-oriented device. For example, (e)MMC is accessed by block-addressing. The block size is 512 byte. So, the best case is each image is aligned by 512 byte since the DMA engine can transfer the whole of the image to its load address directly. The worst case is the offset does not have even DMA-capable alignment (this is where we stand now). In this case, we need to transfer every block to a bounce buffer, then do memcpy() from the bounce buffer to our final destination. At least, this should work with the abstraction by the block I/O layer, but the CPU-intervention for the whole data transfer makes it really slow. This commit adds a new option --align to the fiptool. This option, if given, requests the tool to align each component in the FIP file by the specified byte. Also, add a new Make option FIP_ALIGN for easier access to this feature; users can give something like FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to their platform.mk file. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The struct image has "uuid" and "size" to memorize the field values they had in the TOC entry. So, parse_fip() copies them from struct fip_toc_entry to struct image, then pack_images() copies them back to struct fip_toc_entry. The next commit (support --align option) will require to save the "offset" field as well. This makes me realize that struct image can embed struct fip_toc_entry. This commit will allow the "flags" field to persevere the "update" command. At this moment, the "flags" is not used in a useful way. (Yet, platforms can save their own parameters in the flags field.) It makes sense to save it unless users explicitly replace the image. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 27 Jan, 2017 8 commits
-
-
Masahiro Yamada authored
We have same patterns for fwrite(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The global option --verbose should come after the "fiptool". Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We need not mention like [--force], [--out <path>] because they are included in [opts]. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We need not handle the image_head as a special case. Just use a double-pointer to simplify the traverse. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
lookup_image(_desc)_from_uuid() traverses the linked list, so it is not efficient. We just want to make sure *p points to NULL here. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Commit e0f083a0 ("fiptool: Prepare ground for expanding the set of images at runtime") introduced another side effect; the "update" command now changes the image order in the FIP. Let's say you have an FIP with BL2, BL31, BL32, BL33. If you update for example, BL32 with the "update" command, you will get a new FIP with BL2, BL31, BL33, BL32, in this order. It happens like this; remove_image() removes the old image from the linked list, add_image() adds the new image at the tail of the list, then images are packed in the new order. Prior to that commit, images were updated by replace_image(), but it was deleted by the re-work. Revive replace_image() that is re-implemented to work with the linked list. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
The conditional if (desc != NULL) ... is always true here because we assert it 6 lines above: assert(desc != NULL); Remove the if-conditional and concatenate the printf() calls. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
This line should check the existence of the input file, but it is actually checking the output file. When -o option is given to the "update" command, the outfile is unlikely to exist, then parse_fip() is skipped and an empty FIP file is output. This is wrong behavior. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 14 Jan, 2017 2 commits
-
-
Masahiro Yamada authored
The "make fip" shows the content of the generated FIP at the end of the build. (This is shown by "fiptool info" command.) Prior to commit e0f083a0 ("fiptool: Prepare ground for expanding the set of images at runtime"), the last part of the build log of make CROSS_COMPILE=aarch64-linux-gnu- BL33=../u-boot/u-boot.bin fip was like follows: Trusted Boot Firmware BL2: offset=0xB0, size=0x4188, cmdline="--tb-fw" EL3 Runtime Firmware BL31: offset=0x4238, size=0x6090, cmdline="--soc-fw" Non-Trusted Firmware BL33: offset=0xA2C8, size=0x58B51, cmdline="--nt-fw" With that commit, now it is displayed like follows: Non-Trusted Firmware BL33: offset=0xB0, size=0x58B51, cmdline="--nt-fw" EL3 Runtime Firmware BL31: offset=0x58C01, size=0x6090, cmdline="--soc-fw" Trusted Boot Firmware BL2: offset=0x5EC91, size=0x4188, cmdline="--tb-fw" You will notice two differences: - the contents are displayed in BL33, BL31, BL2 order - the offset values are wrong The latter is more serious, and means "fiptool info" is broken. Another interesting change is "fiptool update" every time reverses the image order. For example, if you input FIP with BL2, BL31, BL33 in this order, the command will pack BL33, BL31, BL2 into FIP, in this order. Of course, the order of components is not a big deal except that users will have poor impression about this. The root cause is in the implementation of add_image(); the image_head points to the last added image. For example, if you call add_image() for BL2, BL31, BL33 in this order, the resulted image chain is: image_head -> BL33 -> BL31 -> BL2 Then, they are processed from the image_head in "for" loops: for (image = image_head; image != NULL; image = image->next) { This means images are handled in Last-In First-Out manner. Interestingly, "fiptool create" is still correct because add_image_desc() also reverses the descriptor order and the command works as before due to the double reverse. The implementation of add_image() is efficient, but it made the situation too complicated. Let's make image_head point to the first added image. This will add_image() inefficient because every call of add_image() follows the ->next chain to get the tail. We can solve it by adopting a nicer linked list structure, but I am not doing as far as that because we handle only limited number of images anyway. Do likewise for add_image_desc(). Fixes: e0f083a0 ("fiptool: Prepare ground for expanding the set of images at runtime") Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
We often want to zero out allocated memory. My main motivation for this commit is to set image::next and image_desc::next to NULL automatically in the next commit. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 30 Dec, 2016 4 commits
-
-
dp-arm authored
An image descriptor contains an action and an argument. The action indicates the intended operation, as requested by the user. It can be pack, unpack or remove. Factor out setting those fields to a separate function to minimize code duplication across the various commands that modify these fields. Change-Id: I1682958e8e83c4884e435cff6d0833c67726461f Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Change-Id: If279680a71e7fa1f801d79b8bc2cd47cd9905d33 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Change-Id: Ife8f198b4c45961e85ed6f4d463daa59009dab1c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
Previously, fiptool only understood a fixed set of images as specified in tbbr_config.c. It preserved unknown images during the update, unpack and remove operations but it was not possible to explicitly refer to one of those unknown images. Add a new --blob option to create/update/unpack/remove images that are not known at compile time. This is accomplished by specifying the UUID and filename pair as shown below: $ ./fiptool create --blob uuid=01234567-89ab-cdef-0123-456789abcdef,file=foo.bin fip.bin $ ./fiptool info fip.bin 01234567-89ab-cdef-0123-456789abcdef: offset=0x60, size=0x1AA68 Fixes ARM-software/tf-issues#420 Change-Id: Iaac2504b9a4252289c09e73d29645cbe240f3a82 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-