1. 06 Mar, 2020 6 commits
    • Sumit Garg's avatar
      qemu: Update flash address map to keep FIP in secure FLASH0 · a886bbec
      Sumit Garg authored
      
      
      Secure FLASH0 memory map looks like:
      - Offset: 0 to 256K -> bl1.bin
      - Offset: 256K to 4.25M -> fip.bin
      
      FLASH1 is normally used via UEFI/edk2 to keep varstore.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I6883f556c22d6a5d3fa3846c703bebc2abe36765
      a886bbec
    • Sumit Garg's avatar
      Makefile: Add support to optionally encrypt BL31 and BL32 · c6ba9b45
      Sumit Garg authored
      
      
      Following build flags have been added to support optional firmware
      encryption:
      
      - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
          0: Encryption is done with Secret Symmetric Key (SSK) which is
             common for a class of devices.
          1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
             is unique per device.
      
      - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
          could be SSK or BSSK depending on FW_ENC_STATUS flag.
      
      - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
          (IV) in hex string format.
      
      - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
      
      - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
      
      Similar flags can be added to encrypt other firmwares as well depending
      on use-cases.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
      c6ba9b45
    • Sumit Garg's avatar
      tools: Add firmware authenticated encryption tool · 90aa901f
      Sumit Garg authored
      
      
      Add firmware authenticated encryption tool which utilizes OpenSSL
      library to encrypt firmwares using a key provided via cmdline. Currently
      this tool supports AES-GCM as an authenticated encryption algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
      90aa901f
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored
      
      
      Add framework for autheticated decryption of data. Currently this
      patch optionally imports mbedtls library as a backend if build option
      "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
      using AES-GCM algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb
    • Olivier Deprez's avatar
      Merge changes from topic "spmd-sel2" into integration · d95f7a72
      Olivier Deprez authored
      * changes:
        SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
        SPMD: smc handler qualify secure origin using booleans
        SPMD: SPMC init, SMC handler cosmetic changes
        SPMD: [tegra] rename el1_sys_regs structure to sys_regs
        SPMD: Adds partially supported EL2 registers.
        SPMD: save/restore EL2 system registers.
      d95f7a72
  2. 05 Mar, 2020 4 commits
  3. 04 Mar, 2020 1 commit
    • Manish Pandey's avatar
      SPMD: loading Secure Partition payloads · cb3b5344
      Manish Pandey authored
      
      
      This patch implements loading of Secure Partition packages using
      existing framework of loading other bl images.
      
      The current framework uses a statically defined array to store all the
      possible image types and at run time generates a link list and traverse
      through it to load different images.
      
      To load SPs, a new array of fixed size is introduced which will be
      dynamically populated based on number of SPs available in the system
      and it will be appended to the loadable images list.
      
      Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      cb3b5344
  4. 03 Mar, 2020 8 commits
  5. 02 Mar, 2020 3 commits
  6. 28 Feb, 2020 6 commits
  7. 27 Feb, 2020 8 commits
  8. 26 Feb, 2020 4 commits