- 06 Feb, 2020 1 commit
-
-
Max Shvetsov authored
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board. Removes hard-coded developer keys. Instead, setting ARM_ROTPK_LOCATION=devel_* takes keys from default directory. In case of ROT_KEY specified - generates a new hash and replaces the original. Note: Juno board was tested by original feature author and was not tested for this patch since we don't have access to the private key. Juno implementation was moved to board-specific file without changing functionality. It is not known whether byte-swapping is still needed for this platform. Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
- 25 Sep, 2019 1 commit
-
-
Sandrine Bailleux authored
The Fast Models provide a non-volatile counter component, which is used in the Trusted Board Boot implementation to protect against rollback attacks. This component comes in 2 versions (see [1]). - Version 0 is the default and models a locked non-volatile counter, whose value is fixed. - Version 1 of the counter may be incremented in a monotonic fashion. plat_set_nv_ctr() must cope with both versions. This is achieved by: 1) Attempting to write the new value in the counter. 2) Reading the value back. 3) If there is a mismatch, we know the counter upgrade failed. When using version 0 of the counter, no upgrade is possible so the function is expected to fail all the time. However, the code is missing a compiler barrier between the write operation and the next read. Thus, the compiler may optimize and remove the read operation on the basis that the counter value has not changed. With the default optimization level used in TF-A (-Os), this is what's happening. The fix introduced in this patch marks the write and subsequent read accesses to the counter as volatile, such that the compiler makes no assumption about the value of the counter. Note that the comment above plat_set_nv_ctr() was clearly stating that when using the read-only version of the non-volatile counter, "we expect the values in the certificates to always match the RO values so that this function is never called". However, the fact that the counter value was read back seems to contradict this comment, as it is implementing a counter-measure against misuse of the function. The comment has been reworded to avoid any confusion. Without this patch, this bug may be demonstrated on the Base AEM FVP: - Using version 0 of the non-volatile counter (default version). - With certificates embedding a revision number value of 32 (compiling TF-A with TFW_NVCTR_VAL=32). In this configuration, the non-volatile counter is tied to value 31 by default. When BL1 loads the Trusted Boot Firmware certificate, it notices that the two values do not match and tries to upgrade the non-volatile counter. This write operation is expected to fail (because the counter is locked) and the function is expected to return an error but it succeeds instead. As a result, the trusted boot does not abort as soon as it should and incorrectly boots BL2. The boot is finally aborted when BL2 verifies the BL31 image and figures out that the version of the SoC Firmware Key Certificate does not match. On Arm platforms, only certificates signed with the Root-of-Trust Key may trigger an upgrade of the non-volatile Trusted counter. [1] https://developer.arm.com/docs/100964/1160/fast-models-components/peripheral-components/nonvolatilecounter Change-Id: I9979f29c23b47b338b9b484013d1fb86c59db92f Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 15 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
From now on, platform_def.h must include any header with definitions that are platform-specific (like arm_def.h) and the included headers mustn't include back platform_def.h, and shouldn't be used by other files. Only platform_def.h should be included in other files. This will ensure that all needed definitions are present, rather than needing to include all the headers in all the definitions' headers just in case. This also prevents problems like cyclic dependencies. Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Feb, 2018 1 commit
-
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined Fixed for: make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all Change-Id: I7c2ad3f5c015411c202605851240d5347e4cc8c7 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 23 May, 2017 1 commit
-
-
Masahiro Yamada authored
The header tbbr_oid.h contains OIDs obtained by ARM Ltd. so there is no good reason to use platform_oid.h Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 03 Jun, 2016 1 commit
-
-
Antonio Nino Diaz authored
Replaced placeholder implementation of plat_set_nv_ctr for FVP platforms by a working one. On FVP, the mapping of region DEVICE2 has been changed from RO to RW to prevent exceptions when writing to the NV counter, which is contained in this region. Change-Id: I56a49631432ce13905572378cbdf106f69c82f57
-
- 20 May, 2016 1 commit
-
-
Antonio Nino Diaz authored
Add delay timer implementation based on the system generic counter. This either uses the platform's implementation of `plat_get_syscnt_freq()` or explicit clock multiplier/divider values provided by the platform. The current implementation of udelay has been modified to avoid unnecessary calculations while waiting on the loop and to make it easier to check for overflows. Change-Id: I9062e1d506dc2f68367fd9289250b93444721732
-
- 12 Feb, 2016 1 commit
-
-
Haojian Zhuang authored
Add PL061 GPIO driver that is depend on gpio framework. Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
-
- 25 Jun, 2015 1 commit
-
-
Juan Castillo authored
This patch adds a CoT based on the Trusted Board Boot Requirements document*. The CoT consists of an array of authentication image descriptors indexed by the image identifiers. A new header file with TBBR image identifiers has been added. Platforms that use the TBBR (i.e. ARM platforms) may reuse these definitions as part of their platform porting. PLATFORM PORT - IMPORTANT: Default image IDs have been removed from the platform common definitions file (common_def.h). As a consequence, platforms that used those common definitons must now either include the IDs provided by the TBBR header file or define their own IDs. *The NVCounter authentication method has not been implemented yet. Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
-
- 28 Jan, 2015 1 commit
-
-
Juan Castillo authored
This patch adds a tool that generates all the necessary elements to establish the chain of trust (CoT) between the images. The tool reads the binary images and signing keys and outputs the corresponding certificates that will be used by the target at run time to verify the authenticity of the images. Note: the platform port must provide the file platform_oid.h. This file will define the OIDs of the x509 extensions that will be added to the certificates in order to establish the CoT. Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
-
- 21 Aug, 2014 2 commits
-
-
Sandrine Bailleux authored
This patch implements the TSP on Juno. It executes from on-chip Trusted SRAM. Also, the other bootloader images (i.e. BL1 R/W, BL2 and BL3-1) have been moved around. The reason is, although there was enough space overall to store the TSP in SRAM, there was no contiguous free chunk of SRAM big enough to hold it. This patch keeps the overall memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and BL3-1 in between) but moves the base addresses of all the bootloader images in such a way that: - memory fragmentation is reduced enough to fit BL3-2 in; - new base addresses are suitable for release builds as well as debug ones; - each image has a few extra kilobytes for future growth. BL3-1 and BL3-2 are the images which received the biggest allocations since they will most probably grow the most. This patch also adds instruction synchronization barriers around the code which handles the timer interrupt in the TSP. This ensures that the interrupt is not acknowledged after or EOIed before it is deactivated at the peripheral. Change-Id: I1c5b51858700027ee283ac85d18e06863a27c72e
-
Sandrine Bailleux authored
This patch adds the initial port of the ARM Trusted Firmware on the Juno development platform. This port does not support a BL3-2 image or any PSCI APIs apart from PSCI_VERSION and PSCI_CPU_ON. It enables workarounds for selected Cortex-A57 (#806969 & #813420) errata and implements the workaround for a Juno platform errata (Defect id 831273). Change-Id: Ib3d92df3af53820cfbb2977582ed0d7abf6ef893
-
- 14 Aug, 2014 1 commit
-
-
Dan Handley authored
Move the remaining IO storage source file (io_storage.c) from the lib to the drivers directory. This requires that platform ports explicitly add this file to the list of source files. Also move the IO header files to a new sub-directory, include/io. Change-Id: I862b1252a796b3bcac0d93e50b11e7fb2ded93d6
-
- 06 May, 2014 3 commits
-
-
Dan Handley authored
Update code base to remove variables from the .data section, mainly by using const static data where possible and adding the const specifier as required. Most changes are to the IO subsystem, including the framework APIs. The FVP power management code is also affected. Delay initialization of the global static variable, next_image_type in bl31_main.c, until it is realy needed. Doing this moves the variable from the .data to the .bss section. Also review the IO interface for inconsistencies, using uintptr_t where possible instead of void *. Remove the io_handle and io_dev_handle typedefs, which were unnecessary, replacing instances with uintptr_t. Fixes ARM-software/tf-issues#107. Change-Id: I085a62197c82410b566e4698e5590063563ed304
-
Dan Handley authored
Reduce the number of header files included from other header files as much as possible without splitting the files. Use forward declarations where possible. This allows removal of some unnecessary "#ifndef __ASSEMBLY__" statements. Also, review the .c and .S files for which header files really need including and reorder the #include statements alphabetically. Fixes ARM-software/tf-issues#31 Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
-
Dan Handley authored
Move almost all system include files to a logical sub-directory under ./include. The only remaining system include directories not under ./include are specific to the platform. Move the corresponding source files to match the include directory structure. Also remove pm.h as it is no longer used. Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
-
- 17 Feb, 2014 1 commit
-
-
James Morrissey authored
The modified implementation uses the IO abstraction rather than making direct semi-hosting calls. The semi-hosting driver is now registered for the FVP platform during initialisation of each boot stage where it is used. Additionally, the FVP platform includes a straightforward implementation of 'plat_get_image_source' which provides a generic means for the 'load_image' function to determine how to access the image data. Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
-
- 17 Jan, 2014 2 commits
-
-
Jeenu Viswambharan authored
Ctags seem to have a problem with generating tags for assembler symbols when a comment immediately follows an assembly label. This patch inserts a single space character between the label definition and the following comments to help ctags. The patch is generated by the command: git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1' Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
-
Dan Handley authored
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
-
- 05 Dec, 2013 1 commit
-
-
Dan Handley authored
- Add instructions for contributing to ARM Trusted Firmware. - Update copyright text in all files to acknowledge contributors. Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
-
- 25 Oct, 2013 1 commit
-
-
Achin Gupta authored
-