- 08 Apr, 2019 2 commits
-
-
Joel Hutton authored
This changes the auth_img_desc_t struct to have pointers to struct arrays instead of struct arrays. This saves memory as many of these were never used, and can be NULL pointers. Note the memory savings are only when these arrays are not initialised, as it is assumed these arrays are fixed length. A possible future optimisation could allow for variable length. memory diff: bl1: bl2: text text -12 -12 bss bss -1463 0 data data -56 -48 rodata rodata -5688 -2592 total total -7419 -2652 Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
Joel Hutton authored
When Trusted Board Boot is enabled, we need to specify the Chain of Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array of image descriptors. The authentication module assumes that each image descriptor in this array is indexed by its unique image identifier. For example, the Trusted Boot Firmware Certificate has to be at index [TRUSTED_BOOT_FW_CERT_ID]. Unique image identifiers may not necessarily be consecutive. Also, a given BL image might not use all image descriptors. For example, BL1 does not need any of the descriptors related to BL31. As a result, the CoT array might contain holes, which unnecessarily takes up space in the BL binary. Using pointers to auth_img_desc_t structs (rather than structs themselves) means these unused elements only use 1 pointer worth of space, rather than one struct worth of space. This patch also changes the code which accesses this array to reflect the change to pointers. Image descriptors not needed in BL1 or BL2 respectively are also ifdef'd out in this patch. For example, verifying the BL31 image is the responsibility of BL2 so BL1 does not need any of the data structures describing BL31. memory diff: bl1: bl2: text text -20 -20 bss bss -1463 0 data data -256 -48 rodata rodata -5240 -1952 total total -6979 -2020 Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
- 01 Apr, 2019 1 commit
-
-
Ambroise Vincent authored
Improved support for W=2 compilation flag by solving some nested-extern and sign-compare warnings. The libraries are compiling with warnings (which turn into errors with the Werror flag). Outside of libraries, some warnings cannot be fixed. Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 28 Feb, 2019 1 commit
-
-
John Tsichritzis authored
Due to the shared Mbed TLS heap optimisation introduced in 6d01a463 , common code files were depending on Mbed TLS specific headers. This dependency is now removed by moving the default, unoptimised heap implementation inside the Mbed TLS specific files. Change-Id: I11ea3eb4474f0d9b6cb79a2afd73a51a4a9b8994 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Sep, 2018 1 commit
-
-
John Tsichritzis authored
The Mbed TLS drivers, in order to work, need a heap for internal usage. This heap, instead of being directly referenced by the drivers, now it is being accessed indirectly through a pointer. Also, the heap, instead of being part of the drivers, now it is being received through the plat_get_mbedtls_heap() function. This function requests a heap from the current BL image which utilises the Mbed TLS drivers. Those changes create the opportunity for the Mbed TLS heap to be shared among different images, thus saving memory. A default heap implementation is provided but it can be overridden by a platform specific, optimised implemenetation. Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 22 Aug, 2018 1 commit
-
-
Antonio Nino Diaz authored
tf_printf and tf_snprintf are now called printf and snprintf, so the code needs to be updated. Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Aug, 2018 3 commits
-
-
Roberto Vargas authored
We had exit but we didn't have atexit, and we were calling panic and tf_printf from exit, which generated a dependency from exit to them. Having atexit allows to set a different function pointer in every image. Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Mbebtls include paths are controlled by the user using the variable MBEDTLS_DIR and they are out of the TF source tree. Since these includes have a different origin it is better to move them to a different variable. This change makes easier for the romlib Makefile to parse the include paths. Change-Id: I3e4c99300f1012bc7f88c6b9f5bc0ec1f7b5aa8d Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
TF Makefile was linking all the objects files generated for the Mbed TLS library instead of creating a static library that could be used in the linking stage. Change-Id: I8e4cd843ef56033c9d3faeee71601d110b7e4c12 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 18 Jun, 2018 1 commit
-
-
Jeenu Viswambharan authored
To build with the new release, we pick couple of more files from mbedTLS library. Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 18 May, 2018 1 commit
-
-
Soby Mathew authored
This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 13 Apr, 2018 2 commits
-
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Rule 8.3: All declarations of an object or function shall use the same names and type qualifiers Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 27 Mar, 2018 1 commit
-
-
Joel Hutton authored
Void pointers have been used to access linker symbols, by declaring an extern pointer, then taking the address of it. This limits symbols values to aligned pointer values. To remove this restriction an IMPORT_SYM macro has been introduced, which declares it as a char pointer and casts it to the required type. Change-Id: I89877fc3b13ed311817bb8ba79d4872b89bfd3b0 Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
- 26 Feb, 2018 1 commit
-
-
Soby Mathew authored
This patch adds image IDs to `hw_config` and `tb_fw_config` and includes them in the default Chain Of Trust (CoT). Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 18 Jan, 2018 1 commit
-
-
Roberto Vargas authored
This patch modifies the makefiles to avoid the definition of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and it lets to the platform makefiles to define them if they actually need these images. In the case of BL2_AT_EL3 BL1 will not be needed usually because the Boot ROM will jump directly to BL2. Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 21 Nov, 2017 1 commit
-
-
Qixiang Xu authored
The flag support the following values: - sha256 (default) - sha384 - sha512 Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 22 Sep, 2017 2 commits
-
-
Qixiang Xu authored
Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects rsa or ecdsa depending on the certificate used. Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
Qixiang Xu authored
- fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 31 Aug, 2017 2 commits
-
-
Soby Mathew authored
This patch enables choice of RSA version at run time to be used for generating signatures by the cert_tool. The RSA PSS as defined in PKCS#1 v2.1 becomes the default version and this patch enables to specify the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line -a option. Also, the build option `KEY_ALG` can be used to pass this option from the build system. Please note that RSA PSS is mandated by Trusted Board Boot requirements (TBBR) and legacy RSA support is being added for compatibility reasons. Fixes ARM-Software/tf-issues#499 Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73 Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
The `KEY_ALG` variable is used to select the algorithm for key generation by `cert_create` tool for signing the certificates. This variable was previously undocumented and did not have a global default value. This patch corrects this and also adds changes to derive the value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the platform. The corresponding assignment of these variables are also now removed from the `arm_common.mk` makefile. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
-
- 09 Aug, 2017 1 commit
-
-
Summer Qin authored
Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com>
-
- 12 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of system includes to meet the ARM TF coding standard. There are some exceptions in order to retain header groupings, minimise changes to imported headers, and where there are headers within the #if and #ifndef statements. Change-Id: I65085a142ba6a83792b26efb47df1329153f1624 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 28 Jun, 2017 2 commits
-
-
Soby Mathew authored
This patch implements the basic lifecycle state check when CryptoCell SBROM is initialized. Currently the check ensures that if the lifecycle state is Security Disabled (SD), the boot process does not proceed further. Change-Id: I5101335453cd3ea413e97bcfb9138a96c05e1aea Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch adds a crypto driver which utilizes the ARM® TrustZone® CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along with this driver, the CryptoCell SBROM library is required to successfully build the BL image. The path to this library is specified via the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for signature and hash verification. Change-Id: If82dfbae0d7772ba1c64839f0b27850c103fe253 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 06 Jun, 2017 1 commit
-
-
Antonio Nino Diaz authored
If `MBEDTLS_PLATFORM_SNPRINTF_ALT` isn't used, the function `mbedtls_platform_set_snprintf()` isn't defined. In case a platform uses a different mbed TLS configuration file than the one provided by the Trusted Firmware, and it doesn't define the mentioned build option, this will result in a build error. This patch modifies the initialization code so that `mbedtls_platform_set_snprintf()` is only used if `MBEDTLS_PLATFORM_SNPRINTF_ALT` is defined, allowing platforms to use it or not depending on their needs. Change-Id: I1d5c86d57e9b2871ba463030bf89210ebec5178e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 05 Jun, 2017 2 commits
-
-
Soby Mathew authored
This patch adds support for RSASSA-PSS Signature Algorithm for X509 certificates in mbedtls crypto driver. Now the driver supports RSA PKCS2_1 standard as mandated by TBBR. NOTE: With this patch, the PKCS1_5 standard compliant RSA signature is deprecated. Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
The mbedTLS library requires larger heap memory for verification of RSASSA-PSS signature in certificates during Trusted Board Boot. This patch increases the heap memory for the same. Change-Id: I3c3123d7142b7b7b01463516ec436734895da159 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 31 May, 2017 1 commit
-
-
Antonio Nino Diaz authored
mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()` to analyse the RAM usage of the library. When RSA is selected as algorithm, the maximum heap usage in FVP and Juno has been determined empirically to be approximately 5.5 KiB. However, The default heap size used when RSA is selected is 8 KiB. This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS sections of both BL1 and BL2 are 2 KiB smaller when the firmware is compiled with TBB support. Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 24 May, 2017 1 commit
-
-
Antonio Nino Diaz authored
The Trusted Firmware uses a subset of the APIs provided by mbed TLS. This subset internally uses `snprintf`, but the only format specifier used is '%d', which is supported by `tf_snprintf`. This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`, saving 3 KB in both debug and release builds when TBBR is enabled. Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 May, 2017 1 commit
-
-
Masahiro Yamada authored
Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 12 May, 2017 2 commits
-
-
David Cunado authored
This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This completes the migration of TF specific macros so that they do not have the MBEDTLS_ suffix (see arm-trusted-firmware#874). Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00 Signed-off-by: David Cunado <david.cunado@arm.com>
-
David Cunado authored
An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed macros to have a TBBR_ suffix to avoid any potential clash with future mbedtls macros. But on reflection the TBBR_ suffix could be confusing as the macros are used to drive TF-specific configuration of mbedtls. As such this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_ suffix which more accurately conveys their use. Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 22 Mar, 2017 1 commit
-
-
dp-arm authored
These macros are not part of mbed TLS so they should not be prefixed with `MBEDTLS_` to avoid potential collision in the future. Use the `TBBR_` suffix to highlight that they only used in TF. `MBEDTLS_KEY_ALG` was not modified because that is documented and used by platforms to select the key algorithm. Change-Id: Ief224681715c481691c80810501830ce16e210b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 16 Feb, 2017 1 commit
-
-
Antonio Nino Diaz authored
This reverts commit b621fb50 . Because of the Trusted Firmware design, timing-safe functions are not needed. Using them may be misleading as it could be interpreted as being a protection against private data leakage, which isn't the case here. For each image, the SHA-256 hash is calculated. Some padding is appended and the result is encrypted with a private key using RSA-2048. This is the signature of the image. The public key is stored along with BL1 in read-only memory and the encrypted hash is stored in the FIP. When authenticating an image, the TF decrypts the hash stored in the FIP and recalculates the hash of the image. If they don't match, the boot sequence won't continue. A constant-time comparison does not provide additional security as all the data involved in this process is already known to any attacker. There is no private data that can leaked through a timing attack when authenticating an image. `timingsafe_bcmp()` is kept in the codebase because it could be useful in the future. Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 06 Feb, 2017 1 commit
-
-
Douglas Raillard authored
Replace all use of memset by zeromem when zeroing moderately-sized structure by applying the following transformation: memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x)) As the Trusted Firmware is compiled with -ffreestanding, it forbids the compiler from using __builtin_memset and forces it to generate calls to the slow memset implementation. Zeromem is a near drop in replacement for this use case, with a more efficient implementation on both AArch32 and AArch64. Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 24 Jan, 2017 1 commit
-
-
Antonio Nino Diaz authored
To avoid timing side-channel attacks, it is needed to use a constant time memory comparison function when comparing hashes. The affected code only cheks for equality so it isn't needed to use any variant of memcmp(), bcmp() is enough. Also, timingsafe_bcmp() is as fast as memcmp() when the two compared regions are equal, so this change incurrs no performance hit in said case. In case they are unequal, the boot sequence wouldn't continue as normal, so performance is not an issue. Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-