1. 12 Sep, 2019 1 commit
    • Justin Chadwell's avatar
      Support larger RSA key sizes when using MBEDTLS · aacff749
      Justin Chadwell authored
      
      
      Previously, TF-A could not support large RSA key sizes as the
      configuration options passed to MBEDTLS prevented storing and performing
      calculations with the larger, higher-precision numbers required. With
      these changes to the arguments passed to MBEDTLS, TF-A now supports
      using 3072 (3K) and 4096 (4K) keys in certificates.
      
      Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      aacff749
  2. 04 Sep, 2019 1 commit
    • Masahiro Yamada's avatar
      mbedtls: use #include <...> instead of "..." · 948a0c0d
      Masahiro Yamada authored
      
      
      The #include "mbedtls/check_config.h" directive first searches for
      the header in the relative path to mbedtls_config.h, i.e.
      include/drivers/auth/mbedtls/mbedtls/check_config.h
      
      Obviously, it does not exist since check_config.h is located in
      the mbedtls project.
      
      It is more sensible to use #include <...> form.
      
      Change-Id: If72a71381f84e7748a2c9f07dd1176559d9bb1d2
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      948a0c0d
  3. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored
      
      
      NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
      
      All common C compilers predefine a macro called __ASSEMBLER__ when
      preprocessing a .S file. There is no reason for TF-A to define it's own
      __ASSEMBLY__ macro for this purpose instead. To unify code with the
      export headers (which use __ASSEMBLER__ to avoid one extra dependency),
      let's deprecate __ASSEMBLY__ and switch the code base over to the
      predefined standard.
      
      Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  4. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  5. 28 Sep, 2018 1 commit
  6. 04 Sep, 2018 1 commit
    • John Tsichritzis's avatar
      Prepare Mbed TLS drivers for shared heap · 6d01a463
      John Tsichritzis authored
      
      
      The Mbed TLS drivers, in order to work, need a heap for internal usage.
      This heap, instead of being directly referenced by the drivers, now it
      is being accessed indirectly through a pointer. Also, the heap, instead
      of being part of the drivers, now it is being received through the
      plat_get_mbedtls_heap() function. This function requests a heap from the
      current BL image which utilises the Mbed TLS drivers.
      
      Those changes create the opportunity for the Mbed TLS heap to be shared
      among different images, thus saving memory. A default heap
      implementation is provided but it can be overridden by a platform
      specific, optimised implemenetation.
      
      Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      6d01a463
  7. 21 Nov, 2017 1 commit
  8. 25 Oct, 2017 1 commit
  9. 22 Sep, 2017 2 commits
  10. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  11. 05 Jun, 2017 1 commit
  12. 24 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Use `tf_snprintf` instead of `snprintf` · ab1794f5
      Antonio Nino Diaz authored
      
      
      The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
      This subset internally uses `snprintf`, but the only format specifier
      used is '%d', which is supported by `tf_snprintf`.
      
      This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
      saving 3 KB in both debug and release builds when TBBR is enabled.
      
      Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ab1794f5
  13. 12 May, 2017 1 commit
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
  14. 03 May, 2017 1 commit
  15. 22 Mar, 2017 1 commit
    • dp-arm's avatar
      mbedtls: Namespace TF specific macros · 66b4c166
      dp-arm authored
      
      
      These macros are not part of mbed TLS so they should not be prefixed
      with `MBEDTLS_` to avoid potential collision in the future. Use the
      `TBBR_` suffix to highlight that they only used in TF.
      
      `MBEDTLS_KEY_ALG` was not modified because that is documented and used
      by platforms to select the key algorithm.
      
      Change-Id: Ief224681715c481691c80810501830ce16e210b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      66b4c166
  16. 10 Dec, 2015 1 commit
    • Juan Castillo's avatar
      Move up to mbed TLS 2.x · 649dbf6f
      Juan Castillo authored
      The mbed TLS library has introduced some changes in the API from
      the 1.3.x to the 2.x releases. Using the 2.x releases requires
      some changes to the crypto and transport modules.
      
      This patch updates both modules to the mbed TLS 2.x API.
      
      All references to the mbed TLS library in the code or documentation
      have been updated to 'mbed TLS'. Old references to PolarSSL have
      been updated to 'mbed TLS'.
      
      User guide updated to use mbed TLS 2.2.0.
      
      NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
      Applying this patch will require an mbed TLS 2.x release to be used.
      Also note that the mbed TLS license changed to Apache version 2.0.
      
      Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
      649dbf6f
  17. 25 Jun, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add mbedTLS authentication related libraries · 7d37aa17
      Juan Castillo authored
      This patch adds the following mbedTLS based libraries:
      
      * Cryptographic library
      
      It is used by the crypto module to verify a digital signature
      and a hash. This library relies on mbedTLS to perform the
      cryptographic operations. mbedTLS sources must be obtained
      separately.
      
      Two key algorithms are currently supported:
      
          * RSA-2048
          * ECDSA-SECP256R1
      
      The platform is responsible for picking up the required
      algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
      platform makefile. Available options are:
      
          * 'rsa' (for RSA-2048) (default option)
          * 'ecdsa' (for ECDSA-SECP256R1)
      
      Hash algorithm currently supported is SHA-256.
      
      * Image parser library
      
      Used by the image parser module to extract the authentication
      parameters stored in X509v3 certificates.
      
      Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
      7d37aa17
  18. 11 Mar, 2015 1 commit
    • Juan Castillo's avatar
      TBB: remove PolarSSL SHA1 functions from the binary · 81ee0983
      Juan Castillo authored
      Commit ea4ec3aa ("TBB: use SHA256 to generate the certificate
      signatures") updated the cert_create tool to generate the
      signatures using SHA256 instead of SHA1. Therefore, SHA1 is no
      longer required.
      
      This patch removes the SHA1 option from the PolarSSL configuration
      file. The source file sha1.c is no longer needed and has been
      excluded from the build. The SHA1 functions are no longer included
      in the binary, reducing the memory footprint of BL1 and BL2 by
      approximately 6 KB.
      
      Change-Id: I72ea2cff03c0964c3eaadce148ec2ad2c6dde2e3
      81ee0983
  19. 28 Jan, 2015 2 commits
    • Juan Castillo's avatar
      TBB: add PolarSSL based authentication module · db6071c9
      Juan Castillo authored
      This patch implements an authentication module based on the
      PolarSSL library (v1.3.9) to verify the Chain of Trust when
      Trusted Boot is enabled.
      
      PolarSSL sources must be fetched separately. The POLARSSL_DIR
      build option may be used to indicate the path to the PolarSSL
      main directory (this directory must contain the 'include' and
      'library' subdirectories).
      
      To be able to build PolarSSL sources as a part of the Trusted
      Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
      will tell the build system to remove the -pedantic option from
      the CFLAGS.
      
      Inclusion of PolarSSL increases the memory requirements of the BL1
      and BL2 images. The following are the changes made to the FVP and
      Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
      defined:
      
      Changes on FVP:
      
        - BL1 and BL2 stacks have been increased to 4 KB
        - BL1(rw) section has been increased to 32 KB.
        - BL2 memory region has been increased to 112 KB
      
      Changes on Juno:
      
        - BL1 and BL2 stacks have been increased to 4 KB
        - BL1(rw) section has been increased to 32 KB.
        - Trusted ROM region in Flash has been increased to 128 KB.
        - BL2 memory region has been increased to 116 KB
      
      Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
      db6071c9
    • Juan Castillo's avatar
      TBB: add tool to generate certificates · 6f971622
      Juan Castillo authored
      This patch adds a tool that generates all the necessary elements
      to establish the chain of trust (CoT) between the images.
      
      The tool reads the binary images and signing keys and outputs the
      corresponding certificates that will be used by the target at run
      time to verify the authenticity of the images.
      
      Note: the platform port must provide the file platform_oid.h. This
      file will define the OIDs of the x509 extensions that will be added
      to the certificates in order to establish the CoT.
      
      Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
      6f971622
  20. 19 Jul, 2014 1 commit
    • Achin Gupta's avatar
      Make enablement of the MMU more flexible · afff8cbd
      Achin Gupta authored
      This patch adds a 'flags' parameter to each exception level specific function
      responsible for enabling the MMU. At present only a single flag which indicates
      whether the data cache should also be enabled is implemented. Subsequent patches
      will use this flag when enabling the MMU in the warm boot paths.
      
      Change-Id: I0eafae1e678c9ecc604e680851093f1680e9cefa
      afff8cbd
  21. 24 Jun, 2014 1 commit
  22. 23 May, 2014 1 commit
    • Dan Handley's avatar
      Add enable mmu platform porting interfaces · dff8e47a
      Dan Handley authored
      Previously, the enable_mmu_elX() functions were implicitly part of
      the platform porting layer since they were included by generic
      code. These functions have been placed behind 2 new platform
      functions, bl31_plat_enable_mmu() and bl32_plat_enable_mmu().
      These are weakly defined so that they can be optionally overridden
      by platform ports.
      
      Also, the enable_mmu_elX() functions have been moved to
      lib/aarch64/xlat_tables.c for optional re-use by platform ports.
      These functions are tightly coupled with the translation table
      initialization code.
      
      Fixes ARM-software/tf-issues#152
      
      Change-Id: I0a2251ce76acfa3c27541f832a9efaa49135cc1c
      dff8e47a
  23. 06 May, 2014 3 commits
    • Dan Handley's avatar
      Remove variables from .data section · 625de1d4
      Dan Handley authored
      Update code base to remove variables from the .data section,
      mainly by using const static data where possible and adding
      the const specifier as required. Most changes are to the IO
      subsystem, including the framework APIs. The FVP power
      management code is also affected.
      
      Delay initialization of the global static variable,
      next_image_type in bl31_main.c, until it is realy needed.
      Doing this moves the variable from the .data to the .bss
      section.
      
      Also review the IO interface for inconsistencies, using
      uintptr_t where possible instead of void *. Remove the
      io_handle and io_dev_handle typedefs, which were
      unnecessary, replacing instances with uintptr_t.
      
      Fixes ARM-software/tf-issues#107.
      
      Change-Id: I085a62197c82410b566e4698e5590063563ed304
      625de1d4
    • Dan Handley's avatar
      Reduce deep nesting of header files · 97043ac9
      Dan Handley authored
      Reduce the number of header files included from other header
      files as much as possible without splitting the files. Use forward
      declarations where possible. This allows removal of some unnecessary
      "#ifndef __ASSEMBLY__" statements.
      
      Also, review the .c and .S files for which header files really need
      including and reorder the #include statements alphabetically.
      
      Fixes ARM-software/tf-issues#31
      
      Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
      97043ac9
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  24. 17 Feb, 2014 1 commit
    • James Morrissey's avatar
      Implement load_image in terms of IO abstraction · 9d72b4ea
      James Morrissey authored
      The modified implementation uses the IO abstraction rather than
      making direct semi-hosting calls.  The semi-hosting driver is now
      registered for the FVP platform during initialisation of each boot
      stage where it is used.  Additionally, the FVP platform includes a
      straightforward implementation of 'plat_get_image_source' which
      provides a generic means for the 'load_image' function to determine
      how to access the image data.
      
      Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
      9d72b4ea
  25. 17 Jan, 2014 2 commits
    • Jeenu Viswambharan's avatar
      Change comments in assembler files to help ctags · 3a4cae05
      Jeenu Viswambharan authored
      Ctags seem to have a problem with generating tags for assembler symbols
      when a comment immediately follows an assembly label.
      
      This patch inserts a single space character between the label
      definition and the following comments to help ctags.
      
      The patch is generated by the command:
      
        git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'
      
      Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
      3a4cae05
    • Dan Handley's avatar
      Update year in copyright text to 2014 · e83b0cad
      Dan Handley authored
      Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
      e83b0cad
  26. 05 Dec, 2013 1 commit
    • Dan Handley's avatar
      Enable third party contributions · ab2d31ed
      Dan Handley authored
      - Add instructions for contributing to ARM Trusted Firmware.
      
      - Update copyright text in all files to acknowledge contributors.
      
      Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
      ab2d31ed
  27. 25 Oct, 2013 1 commit