- 25 Nov, 2019 1 commit
-
-
Louis Mayencourt authored
show_memory is a simple tools that parse the blx.map files and print a representation of the memory layout for the latest build. This representation is based on standard symbols present on the map files as: __TEXT_START/END__, __RODATA_START/END__, __STACKS_START/END__ , etc.. Change-Id: Iba3e301a1a9fee9a35abf1afdb69093617d33929 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed in SHA fe199e3b , however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 05 Sep, 2019 1 commit
-
-
Carlo Caione authored
Meson is the internal code name for the SoC family. The correct name for the platform should be Amlogic. Change the name of the platform directory. Signed-off-by: Carlo Caione <ccaione@baylibre.com> Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
-
- 16 Aug, 2019 1 commit
-
-
Justin Chadwell authored
The valgrind checks for cert_create have not been run in a long while - as such there are a few memory leaks present. This patch fixes a few of the major ones reported by valgrind. However, a few do remain. Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 02 Jul, 2019 1 commit
-
-
Girish Pathak authored
This change adds nmake compatible Makefile.msvc file for building (nmake /FMakefile.msvc) fiptool on the Windows. Change-Id: Iccd1fe8da072edd09eb04b8622f27b3c4693b281 Signed-off-by: Girish Pathak <girish.pathak@arm.com>
-
- 02 Apr, 2019 2 commits
-
-
Remi Pommarel authored
GXL platforms need to have a specific header at the beginning of bl31 image to be able to boot. This adds a tool to create that and calls it at build time. Signed-off-by: Remi Pommarel <repk@triplefau.lt>
-
Marek Vasut authored
Add R-Car D3 SoC platform specifics. Driver, PFC, QoS, DDR init code will be added separately. Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
-
- 12 Mar, 2019 2 commits
-
-
Paul Beesley authored
It is quite unlikely that this number will ever change and, if it does need to change, we should have a good reason to do so. It seems that this comment is now redundant. Change-Id: I409c764080748e338e9bc5606bbdcc475213fb6e Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
Paul Beesley authored
Change-Id: Iea72ef9ba16325cbce07eea1a975d2a96eede274 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
-
- 29 Jan, 2019 1 commit
-
-
Andre Przywara authored
Commit 03364865 ("Make TF UUID RFC 4122 compliant") changed the scanf parsing string to handle endianness correctly. However that changed the number of items sscanf handles, without adjusting the sanity check just below. Increase the expected return value from 11 to 16 to let fiptool handle UUIDs given as blob parameters correctly again. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 11 Dec, 2018 1 commit
-
-
Antonio Nino Diaz authored
This tool packages Secure Partitions and Resource Descriptor blobs into a simple file that can be loaded by SPM. Change-Id: If3800064f30bdc3d7fc6a15ffbb3007ef632bcaa Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Oct, 2018 1 commit
-
-
Konstantin Porotchkin authored
Move doimage utility from toos/doimage to tools/marvell/doimage. This is done for supporting mode Marvell tools in the future. Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 17 Oct, 2018 1 commit
-
-
Jorge Ramirez-Ortiz authored
Reference code: ============== rar_gen3: IPL and Secure Monitor Rev1.0.22 https://github.com/renesas-rcar/arm-trusted-firmware [rcar_gen3] Author: Takuya Sakata <takuya.sakata.wz@bp.renesas.com> Date: Thu Aug 30 21:26:41 2018 +0900 Update IPL and Secure Monitor Rev1.0.22 General Information: =================== This port has been tested on the Salvator-X Soc_id r8a7795 revision ES1.1 (uses an SPD). Build Tested: ------------- ATFW_OPT="LSI=H3 RCAR_DRAM_SPLIT=1 RCAR_LOSSY_ENABLE=1" MBEDTLS_DIR=$mbedtls $ make clean bl2 bl31 rcar PLAT=rcar ${ATFW_OPT} SPD=opteed Other dependencies: ------------------ * mbed_tls: git@github.com:ARMmbed/mbedtls.git [devel] Merge: 68dbc94 f34a4c1 Author: Simon Butcher <simon.butcher@arm.com> Date: Thu Aug 30 00:57:28 2018 +0100 * optee_os: https://github.com/BayLibre/optee_os Until it gets merged into OP-TEE, the port requires Renesas' Trusted Environment with a modification to support power management. Author: Jorge Ramirez-Ortiz <jramirez@baylibre.com> Date: Thu Aug 30 16:49:49 2018 +0200 plat-rcar: cpu-suspend: handle the power level Signed-off-by: Jorge Ramirez-Ortiz <jramirez@baylibre.com> * u-boot: The port has beent tested using mainline uboot. Author: Fabio Estevam <festevam@gmail.com> Date: Tue Sep 4 10:23:12 2018 -0300 *linux: The port has beent tested using mainline kernel. Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Sun Sep 16 11:52:37 2018 -0700 Linux 4.19-rc4 Overview --------- BOOTROM starts the cpu at EL3; In this port BL2 will therefore be entered at this exception level (the Renesas' ATF reference tree [1] resets into EL1 before entering BL2 - see its bl2.ld.S) BL2 initializes DDR (and i2c to talk to the PMIC on some platforms) before determining the boot reason (cold or warm). During suspend all CPUs are switched off and the DDR is put in backup mode (some kind of self-refresh mode). This means that BL2 is always entered in a cold boot scenario. Once BL2 boots, it determines the boot reason, writes it to shared memory (BOOT_KIND_BASE) together with the BL31 parameters (PARAMS_BASE) and jumps to BL31. To all effects, BL31 is as if it is being entered in reset mode since it still needs to initialize the rest of the cores; this is the reason behind using direct shared memory access to BOOT_KIND_BASE and PARAMS_BASE instead of using registers to get to those locations (see el3_common_macros.S and bl31_entrypoint.S for the RESET_TO_BL31 use case). Depending on the boot reason BL31 initializes the rest of the cores: in case of suspend, it uses a MBOX memory region to recover the program counters. [1] https://github.com/renesas-rcar/arm-trusted-firmware Tests ----- * cpuidle ------- enable kernel's cpuidle arm_idle driver and boot * system suspend -------------- $ cat suspend.sh #!/bin/bash i2cset -f -y 7 0x30 0x20 0x0F read -p "Switch off SW23 and press return " foo echo mem > /sys/power/state * cpu hotplug: ------------ $ cat offline.sh #!/bin/bash nbr=$1 echo 0 > /sys/devices/system/cpu/cpu$nbr/online printf "ONLINE: " && cat /sys/devices/system/cpu/online printf "OFFLINE: " && cat /sys/devices/system/cpu/offline $ cat online.sh #!/bin/bash nbr=$1 echo 1 > /sys/devices/system/cpu/cpu$nbr/online printf "ONLINE: " && cat /sys/devices/system/cpu/online printf "OFFLINE: " && cat /sys/devices/system/cpu/offline Signed-off-by: ldts <jramirez@baylibre.com>
-
- 15 Oct, 2018 1 commit
-
-
Yann Gautier authored
Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 04 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
HOSTCC should be used in any of the tools inside the tools/ directory instead of CC. That way it is possible to override both values from the command line when building the Trusted Firmware and the tools at the same time. Also, use HOSTCCFLAGS instead of CFLAGS. Also, instead of printing the strings CC and LD in the console during the compilation of the tools, HOSTCC and HOSTLD have to be used for clarity. This is how it is done in other projects like U-Boot or Linux. Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Oct, 2018 1 commit
-
-
Jan Kiszka authored
As these rules depend on non-existing headers as well (likely copy & pasted from fiptool), they never matched, and the built-in rules were used. That led to random breakages when e.g. CPPFLAGS was suddenly evaluated and contained invalid options. For the stm32image, this reveals that we were relying on the built-in rules by passing -D_GNU_SOURCE via CPPFLAGS, rather than using CFLAGS as used in the local rule. Fix that as well. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-
- 28 Sep, 2018 1 commit
-
-
dp-arm authored
A compatibility script has been provided for about 2 years. Users should have migrated to fiptool by now so remove the compat script. Change-Id: I643e0c40a9e3fb428bad3be04a82cb431aad74dc Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 24 Sep, 2018 1 commit
-
-
Matteo Croce authored
Signed-off-by: Matteo Croce <mcroce@redhat.com>
-
- 03 Sep, 2018 2 commits
-
-
Konstantin Porotchkin authored
Missing ")" in fprintf causing build break in secure boot mode. Change-Id: Ice555571683b68bb0d81479e9fc8abc4296809ac Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
Konstantin Porotchkin authored
Add example keys for building trusted flash images using doimage tools. Similar files can be generated using openssl or mbedtls. Marvell platform make files are using trusted boot configurations from this example etst vector. Change-Id: I38a2e295171bee4c14005ce6f020b352c683496e Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 24 Jul, 2018 1 commit
-
-
Yann Gautier authored
This tools adds a specific header to ST TF-A binary. This header is used by STM32MP1 ROM code to check the bootloader. Signed-off-by: Yann Gautier <yann.gautier@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 18 Jul, 2018 1 commit
-
-
Konstantin Porotchkin authored
Add Marvell "doimage" utility support. The "doimage" utility allows to create flash images compatible with Marvell BootROM image format. Additionally this tool allows the flash image parsing and verification. Change-Id: Ie8d7ccd0cc2978684e7eecb695f375395fc749ee Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 06 Jul, 2018 1 commit
-
-
Ying-Chun Liu (PaulLiu) authored
Previously build_msg.o is built by CC. It causes FTBFS when CC is not equal to HOSTCC. Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
-
- 27 Jun, 2018 1 commit
-
-
Roberto Vargas authored
Print_help was used in different contexts and returning no error in that function was hiding the error when incorrect options were used. Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 14 Jun, 2018 1 commit
-
-
Roberto Vargas authored
RFC4122 defines that fields are stored in network order (big endian), but TF-A stores them in machine order (little endian by default in TF-A). We cannot change the future UUIDs that are already generated, but we can store all the bytes using arrays and modify fiptool to generate the UUIDs with the correct byte order. Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 18 May, 2018 1 commit
-
-
Soby Mathew authored
This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 03 May, 2018 1 commit
-
-
Jonathan Wright authored
Free desc->image->buffer before freeing desc->image. We make sure that the desc->image is non-null before attempting this. Change-Id: I35c5674629a41d7cf1a78b7b41ca4b930d0fb688 Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>
-
- 30 Apr, 2018 1 commit
-
-
Jonathan Wright authored
Spurious whitespace existed in the BINARY shell variable which meant the cert_tool executable was not being removed on 'make realclean'. Change-Id: Ibfd2fd17889514f6613e33c6df58d53b9232ec14 Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>
-
- 05 Mar, 2018 1 commit
-
-
Heyi Guo authored
Since we use "?=" to set PLATFORM_ROOT, it is better to change the name to be more special, or else it may be overridden by some environment variables, such as in some CI build environments. Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
-
- 26 Feb, 2018 1 commit
-
-
Soby Mathew authored
This patch updates the `fiptool` and `cert_create` for the `hw_config` and `tb_fw_config` dynamic configuration files. The necessary UUIDs and OIDs are assigned to these files and the `cert_create` is updated to generate appropriate hashes and include them in the "Trusted Boot FW Certificate". The `fiptool` is updated to allow the configs to be specified via cmdline and included in the generated FIP. Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 27 Jan, 2018 1 commit
-
-
Andreas Färber authored
Commit 880b9e8b (Add padding at the end of the last entry) added code using toc_entry pointer, whose memory is already freed via variable buf. This causes enormous padding on openSUSE. Free the memory buffer only after padding is done. Signed-off-by: Andreas Färber <afaerber@suse.de>
-
- 03 Jan, 2018 1 commit
-
-
Roberto Vargas authored
This patch adds padding bytes at the end of the last image in the fip to be able to transfer by DMA the last image. Change-Id: I8c6f07dee389cb3d1dc919936d9d52841d7e5723 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com> Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com> Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 21 Nov, 2017 1 commit
-
-
Qixiang Xu authored
This option enables the user to select the secure hash algorithm to be used for generating the hash. It supports the following options: - sha256 (default) - sha384 - sha512 Change-Id: Icb093cec1b5715e248c3d1c3749a2479a7ab4b89 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 17 Oct, 2017 1 commit
-
-
Evan Lloyd authored
Updates are required to enable the fiptool utility to be built on a Windows platform. This change modifies the source files to enable building with Visual Studio (detected via preprocessor settings). The primary changes are: 1. Provide an implementation of the getopt_long function. This does not exist in the Visual Studio CRT libraries because Windows commands normally use '/' not '-' as an option indicator. 2. Redirect some function names to match those supported by the Visual Studio libraries (when building with Visual Studio). 2. Modify a structure name (stat) to match that provided by the Visual Studio libraries (_stat). Note - this change does not provide makefile updates. It only modifies the sources to enable the fiptool to be built from a Visual Studio project. In normal use the presence of FIPTOOL.EXE is enough to satisfy the make requirements. A makefile change may be derived from the Visual Studio command line information at some point in the future. Change-Id: I3ade77ea140246af3c030920b3f97c070087f111 Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
-
- 11 Oct, 2017 1 commit
-
-
Evan Lloyd authored
In order to compile the source of Fiptool using Visual Studio a number of adjustments are required to the source. This commit modifies the source with changes that will be required, but makes no functional modification. The intent is to allow confirmation that the GCC build is unaffected. Change-Id: I4055bd941c646dd0a1aa2e24b940a1db3bf629ce Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
-
- 09 Oct, 2017 1 commit
-
-
Qixiang Xu authored
Commit a8eb286a introduced the following error when creating ECDSA certificates. ERROR: Error creating key 'Trusted World key' Makefile:634: recipe for target 'certificates' failed make: *** [certificates] Error 1 this patch adds the function to create PKCS#1 v1.5. Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 08 Oct, 2017 1 commit
-
-
Michalis Pappas authored
This patch fixes incompatibility issues that prevent building the cert_tool with OpenSSL >= v1.1.0. The changes introduced are still backwards compatible with OpenSSL v1.0.2. Fixes arm-software/trusted-fw#521 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
-
- 11 Sep, 2017 1 commit
-
-
Soby Mathew authored
Using the OIDs defined in tbbr_oids.h is the recommended way to build the cert_create tool. This patch hence sets default value of the build flag USE_TBBR_DEFS to 1 in the Makefile in `tools/cert_create` folder when cert_create is built from this folder. Fixes ARM-software/tf-issues#482 Change-Id: Id1d224826b3417770bccbefa1b68d9bdb3b567f0 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-