- 31 Aug, 2017 2 commits
-
-
Soby Mathew authored
This patch enables choice of RSA version at run time to be used for generating signatures by the cert_tool. The RSA PSS as defined in PKCS#1 v2.1 becomes the default version and this patch enables to specify the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line -a option. Also, the build option `KEY_ALG` can be used to pass this option from the build system. Please note that RSA PSS is mandated by Trusted Board Boot requirements (TBBR) and legacy RSA support is being added for compatibility reasons. Fixes ARM-Software/tf-issues#499 Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73 Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
The `KEY_ALG` variable is used to select the algorithm for key generation by `cert_create` tool for signing the certificates. This variable was previously undocumented and did not have a global default value. This patch corrects this and also adds changes to derive the value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the platform. The corresponding assignment of these variables are also now removed from the `arm_common.mk` makefile. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
-
- 12 May, 2017 2 commits
-
-
David Cunado authored
This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This completes the migration of TF specific macros so that they do not have the MBEDTLS_ suffix (see arm-trusted-firmware#874). Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00 Signed-off-by: David Cunado <david.cunado@arm.com>
-
David Cunado authored
An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed macros to have a TBBR_ suffix to avoid any potential clash with future mbedtls macros. But on reflection the TBBR_ suffix could be confusing as the macros are used to drive TF-specific configuration of mbedtls. As such this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_ suffix which more accurately conveys their use. Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 22 Mar, 2017 1 commit
-
-
dp-arm authored
These macros are not part of mbed TLS so they should not be prefixed with `MBEDTLS_` to avoid potential collision in the future. Use the `TBBR_` suffix to highlight that they only used in TF. `MBEDTLS_KEY_ALG` was not modified because that is documented and used by platforms to select the key algorithm. Change-Id: Ief224681715c481691c80810501830ce16e210b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 06 Jan, 2017 1 commit
-
-
Masahiro Yamada authored
This comment block says the default algorithm is ESDSA, while the code obviously sets the default to RSA: ifeq (${MBEDTLS_KEY_ALG},) MBEDTLS_KEY_ALG := rsa endif The git log of commit 7d37aa17 ("TBB: add mbedTLS authentication related libraries") states available options are: * 'rsa' (for RSA-2048) (default option) * 'ecdsa' (for ECDSA-SECP256R1) So, my best guess is the comment block is wrong. The mismatch between the code and the comment is confusing. Fix it. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 10 Dec, 2015 1 commit
-
-
Juan Castillo authored
The mbed TLS library has introduced some changes in the API from the 1.3.x to the 2.x releases. Using the 2.x releases requires some changes to the crypto and transport modules. This patch updates both modules to the mbed TLS 2.x API. All references to the mbed TLS library in the code or documentation have been updated to 'mbed TLS'. Old references to PolarSSL have been updated to 'mbed TLS'. User guide updated to use mbed TLS 2.2.0. NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible. Applying this patch will require an mbed TLS 2.x release to be used. Also note that the mbed TLS license changed to Apache version 2.0. Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
-
- 25 Jun, 2015 1 commit
-
-
Juan Castillo authored
This patch adds the following mbedTLS based libraries: * Cryptographic library It is used by the crypto module to verify a digital signature and a hash. This library relies on mbedTLS to perform the cryptographic operations. mbedTLS sources must be obtained separately. Two key algorithms are currently supported: * RSA-2048 * ECDSA-SECP256R1 The platform is responsible for picking up the required algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the platform makefile. Available options are: * 'rsa' (for RSA-2048) (default option) * 'ecdsa' (for ECDSA-SECP256R1) Hash algorithm currently supported is SHA-256. * Image parser library Used by the image parser module to extract the authentication parameters stored in X509v3 certificates. Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
-
- 28 Apr, 2015 2 commits
-
-
Sandrine Bailleux authored
There has been a breaking change in the communication protocols used between the AP cores and the SCP on CSS based platforms like Juno. This means both the AP Trusted Firmware and SCP firmware must be updated at the same time. In case the user forgets to update the SCP ROM firmware, this patch detects when it still uses the previous version of the communication protocol. It will then output a comprehensive error message that helps trouble-shoot the issue. Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
-
Dan Handley authored
This major change pulls out the common functionality from the FVP and Juno platform ports into the following categories: * (include/)plat/common. Common platform porting functionality that typically may be used by all platforms. * (include/)plat/arm/common. Common platform porting functionality that may be used by all ARM standard platforms. This includes all ARM development platforms like FVP and Juno but may also include non-ARM-owned platforms. * (include/)plat/arm/board/common. Common platform porting functionality for ARM development platforms at the board (off SoC) level. * (include/)plat/arm/css/common. Common platform porting functionality at the ARM Compute SubSystem (CSS) level. Juno is an example of a CSS-based platform. * (include/)plat/arm/soc/common. Common platform porting functionality at the ARM SoC level, which is not already defined at the ARM CSS level. No guarantees are made about the backward compatibility of functionality provided in (include/)plat/arm. Also remove any unnecessary variation between the ARM development platform ports, including: * Unify the way BL2 passes `bl31_params_t` to BL3-1. Use the Juno implementation, which copies the information from BL2 memory instead of expecting it to persist in shared memory. * Unify the TZC configuration. There is no need to add a region for SCP in Juno; it's enough to simply not allow any access to this reserved region. Also set region 0 to provide no access by default instead of assuming this is the case. * Unify the number of memory map regions required for ARM development platforms, although the actual ranges mapped for each platform may be different. For the FVP port, this reduces the mapped peripheral address space. These latter changes will only be observed when the platform ports are migrated to use the new common platform code in subsequent patches. Change-Id: Id9c269dd3dc6e74533d0e5116fdd826d53946dc8
-
- 31 Mar, 2015 1 commit
-
-
Varun Wadekar authored
TLK Dispatcher (tlkd) is based on the tspd and is the glue required to run TLK as a Secure Payload with the Trusted Firmware. Change-Id: I69e573d26d52342eb049feef773dd7d2a506f4ab Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 20 Aug, 2014 1 commit
-
-
Soby Mathew authored
This patch introduces a framework which will allow CPUs to perform implementation defined actions after a CPU reset, during a CPU or cluster power down, and when a crash occurs. CPU specific reset handlers have been implemented in this patch. Other handlers will be implemented in subsequent patches. Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/. Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
-
- 06 May, 2014 2 commits
-
-
Dan Handley authored
Remove all usage of the vpath keyword in makefiles as it was prone to mistakes. Specify the relative paths to source files instead. Also reorder source files in makefiles alphabetically. Fixes ARM-software/tf-issues#121 Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
-
Dan Handley authored
Move almost all system include files to a logical sub-directory under ./include. The only remaining system include directories not under ./include are specific to the platform. Move the corresponding source files to match the include directory structure. Also remove pm.h as it is no longer used. Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
-
- 26 Mar, 2014 1 commit
-
-
Sandrine Bailleux authored
bl1/aarch64/early_exceptions.S used to be re-used by BL2, BL3-1 and BL3-2. There was some early SMC handling code in there that was not required by the other bootloader stages. Therefore this patch introduces an even simpler exception vector source file for BL2, BL3-1 and BL3-2. Fixes ARM-software/tf-issues#38 Change-Id: I0244b80e9930b0f8035156a0bf91cc3e9a8f995d
-
- 20 Mar, 2014 1 commit
-
-
Jeenu Viswambharan authored
At present, the entry point for each BL image is specified via the Makefiles and provided on the command line to the linker. When using a link script the entry point should rather be specified via the ENTRY() directive in the link script. This patch updates linker scripts of all BL images to specify the entry point using the ENTRY() directive. It also removes the --entry flag passed to the linker through Makefile. Fixes issue ARM-software/tf-issues#66 Change-Id: I1369493ebbacea31885b51185441f6b628cf8da0
-
- 05 Mar, 2014 1 commit
-
-
Jon Medhurst authored
This change requires all platforms to now specify a list of source files rather than object files. New source files should preferably be specified by using the path as well and we should add this in the future for all files so we can remove use of vpath. This is desirable because vpath hides issues like the fact that BL2 currently pulls in a BL1 file bl1/aarch64/early_exceptions.S and if in the future we added bl2/aarch64/early_exceptions.S then it's likely only one of the two version would be used for both bootloaders. This change also removes the 'dump' build target and simply gets bootloaders to always generate a dump file. At the same time the -x option is added so the section headers and symbols table are listed. Fixes ARM-software/tf-issues#11 Change-Id: Ie38f7be76fed95756c8576cf3f3ea3b7015a18dc Signed-off-by: Jon Medhurst <tixy@linaro.org>
-
- 20 Feb, 2014 1 commit
-
-
Achin Gupta authored
This patch factors out the ARM FVP specific code to create MMU translation tables so that it is possible for a boot loader stage to create a different set of tables instead of using the default ones. The default translation tables are created with the assumption that the calling boot loader stage executes out of secure SRAM. This might not be true for the BL3_2 stage in the future. A boot loader stage can define the `fill_xlation_tables()` function as per its requirements. It returns a reference to the level 1 translation table which is used by the common platform code to setup the TTBR_EL3. This patch is a temporary solution before a larger rework of translation table creation logic is introduced. Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
-
- 20 Jan, 2014 2 commits
-
-
Ryan Harkin authored
Tidy up the spacing of variable definitions within the makefiles to make them more consistent, easier to read and amend. Change-Id: Ic6d7c8489ca4330824abb5cd1ead8f1d449d1a85 Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
-
Ryan Harkin authored
Move all explicit platform or architecture specific references into a new platform.mk file that is defined for each platform. Change-Id: I9d6320d1ba957e0cc8d9b316b3578132331fa428 Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
-
- 17 Jan, 2014 1 commit
-
-
Dan Handley authored
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
-
- 20 Dec, 2013 1 commit
-
-
Harry Liebel authored
- This change is split into two separate patches in order to simplify the history as interpreted by 'git'. The split is between the move/rename and addition of new files. - Remove dependency on toolchain C library headers and functions in order to ensure behavioural compatibility between toolchains. - Use FreeBSD as reference for C library implementation. - Do not let GCC use default library include paths. - Remove unused definitions in modified headers and implementations. - Move C library files to 'lib/stdlib' and 'include/stdlib'. - Break std.c functions out into separate files. Change-Id: I91cddfb3229775f770ad781589670c57d347a154
-
- 05 Dec, 2013 1 commit
-
-
Dan Handley authored
- Add instructions for contributing to ARM Trusted Firmware. - Update copyright text in all files to acknowledge contributors. Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
-
- 25 Oct, 2013 1 commit
-
-
Achin Gupta authored
-