1. 24 Mar, 2021 1 commit
    • Pankaj Gupta's avatar
      cert_create: updated tool for platform defined certs, keys & extensions · b94bf967
      Pankaj Gupta authored
      
      
      Changes to 'tools/cert_create' folder, to include platform defined
      certificates, keys, and extensions.
      
      NXP SoC lx2160a : based platforms requires additional
      FIP DDR to be loaded before initializing the DDR.
      
      To enable chain of trust on these platforms, FIP DDR
      image needs to be authenticated, additionally.
      
      Platform specific folder 'tools/nxp/cert_create_helper'
      is added to support platform specific macros and definitions.
      Signed-off-by: default avatarPankaj Gupta <pankaj.gupta@nxp.com>
      Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
      b94bf967
  2. 27 Jan, 2021 2 commits
    • Jimmy Brisson's avatar
      cert-tool: avoid duplicates in extension stack · 1ed941c0
      Jimmy Brisson authored
      
      
      This bug manifests itself as a segfault triggered by a double-free.
      
      I noticed that right before the double-free, the sk list contained 2
      elements with the same address.
      
          (gdb) p sk_X509_EXTENSION_value(sk, 1)
          $34 = (X509_EXTENSION *) 0x431ad0
          (gdb) p sk_X509_EXTENSION_value(sk, 0)
          $35 = (X509_EXTENSION *) 0x431ad0
          (gdb) p sk_X509_EXTENSION_num(sk)
          $36 = 2
      
      This caused confusion; this should never happen.
      
      I figured that this was caused by a ext_new_xxxx function freeing
      something before it is added to the list, so I put a breakpoint on
      each of them to step through. I was suprised to find that none of my
      breakpoints triggered for the second element of the iteration through
      the outer loop just before the double-free.
      
      Looking through the code, I noticed that it's possible to avoid doing
      a ext_new_xxxx, when either:
         * ext->type == NVCOUNTER and ext->arg == NULL
         * ext->type == HASH and ext->arg == NULL and ext->optional == false
      So I put a breakpoint on both.
      
      It turns out that it was the HASH version, but I added a fix for both.
      The fix for the Hash case is simple, as it was a mistake. The fix for
      the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
      be optional, and when it's optional we can skip it. The other case,
      when the NVCOUNTER is required (not optinal), the `check_cmd_params`
      function has already verified that the `ext->arg` must be non-NULL.
      We assert that before processing it to covert any possible segfaults
      into more descriptive errors.
      
      This should no longer cause double-frees by adding the same ext twice.
      
      Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      1ed941c0
    • Manish V Badarkhe's avatar
      tools: cert_create: Create only requested certificates · 294e2656
      Manish V Badarkhe authored
      
      
      The certification tool creates all the certificates mentioned
      statically in the code rather than taking explicit certificate
      requests from the command line parameters.
      
      Code is optimized to avoid unnecessary attempts to create
      non-requested certificates.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
      294e2656
  3. 13 Jan, 2021 2 commits
  4. 20 Oct, 2020 4 commits
  5. 14 Sep, 2020 2 commits
    • Sami Mujawar's avatar
      Update makefile to build fiptool for Windows · 88a1cf1e
      Sami Mujawar authored
      
      
      Although support for building fiptool on a Windows host was present,
      the binary was not built when the top level makefile was invoked.
      
      This patch makes the necessary changes to the to support building of
      fiptool on a Windows host PC from the main makefile.
      
      Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c
      Signed-off-by: default avatarSami Mujawar <sami.mujawar@arm.com>
      88a1cf1e
    • Sami Mujawar's avatar
      Fix fiptool packaging issue on windows · cb5c08b6
      Sami Mujawar authored
      
      
      Windows does not have a standard getopt implementation. To address
      this an equivalent implementation has been provided in win_posix.c
      However, the implementation has an issue with option processing as
      described below.
      
      Long option names may be abbreviated if the abbreviation is unique
      or an exact match for some defined option.
      Since some options can be substring of other options e.g. "scp-fw"
      option is a substring of "scp-fwu-cfg", we need to identify if an
      option is abbreviated and also check for uniqueness. Otherwise if
      a user passes --scp-fw as an option, the "scp-fwu-cfg" option may
      get selected, resulting in an incorrectly packaged FIP.
      
      This issue has been be fixed by:
        - First searching for an exact match.
        - If exact match was not found search for a abbreviated match.
      By doing this an incorrect option selection can be avoided.
      
      Change-Id: I22f4e7a683f3df857f5b6f0783bf9b03a64a0bcc
      Signed-off-by: default avatarSami Mujawar <sami.mujawar@arm.com>
      cb5c08b6
  6. 07 Sep, 2020 1 commit
  7. 23 Aug, 2020 1 commit
  8. 14 Aug, 2020 1 commit
    • Ruari Phipps's avatar
      SPM: Alter sp_gen.mk entry depending on owner of partition · 1e7528ec
      Ruari Phipps authored
      
      
      With recently introduced dualroot CoT for SPs where they are owned
      either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
      while Plat owned SPs index starts at SP_PKG5_ID.
      
      This patch modifies SP makefile generator script to take CoT as an
      argument and if it is "dualroot" then generates SP_PKG in order
      mentioned above, otherwise generates it sequentially.
      Signed-off-by: default avatarRuari Phipps <ruari.phipps@arm.com>
      Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8
      1e7528ec
  9. 12 Aug, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add Platform owned secure partitions support · 23d5f03a
      Manish Pandey authored
      
      
      Add support to generate a certificate named "plat-sp-cert" for Secure
      Partitions(SP) owned by Platform.
      Earlier a single certificate file "sip-sp-cert" was generated which
      contained hash of all 8 SPs, with this change SPs are divided into
      two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
      
      Platform RoT key pair is used for signing.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
      23d5f03a
  10. 04 Aug, 2020 1 commit
    • Grant Likely's avatar
      Use abspath to dereference $BUILD_BASE · 29214e95
      Grant Likely authored
      
      
      If the user tries to change BUILD_BASE to put the build products outside
      the build tree the compile will fail due to hard coded assumptions that
      $BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE))
      to rationalize to an absolute path every time and remove the relative
      path assumptions.
      
      This patch also adds documentation that BUILD_BASE can be specified by
      the user.
      Signed-off-by: default avatarGrant Likely <grant.likely@arm.com>
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
      29214e95
  11. 10 Jul, 2020 2 commits
  12. 06 Jul, 2020 1 commit
    • Leonardo Sandoval's avatar
      fiptool: return zero status on help and help <command> · 4e500525
      Leonardo Sandoval authored
      
      
      Querying the 'fiptool' for help or help <command> should return 0
      return status (success) and not 1 (failure). In the other hand, if tool is
      executed with any other command (not help) where command's parameters are
      either missing or wrong, then the tool should return non-zero (failure). Now,
      the 'usage' function caller is the one that passes the return status.
      
      Change-Id: Id5eea91037cd810fb1e34a42e8199ef504f5daa4
      Signed-off-by: default avatarLeonardo Sandoval <leonardo.sandoval@linaro.org>
      4e500525
  13. 24 Jun, 2020 2 commits
  14. 11 Jun, 2020 1 commit
  15. 08 Jun, 2020 2 commits
    • Manish Pandey's avatar
      sptool: append cert_tool arguments. · 07c44475
      Manish Pandey authored
      
      
      To support secure boot of SP's update cert tool arguments while
      generating sp_gen.mk which in turn is consumed by build system.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc
      07c44475
    • Manish Pandey's avatar
      cert_create: add SiP owned secure partitions support · 0792dd7d
      Manish Pandey authored
      
      
      Add support to generate certificate "sip-sp-cert" for Secure
      Partitions(SP) owned by Silicon provider(SiP).
      To avoid deviation from TBBR specification the support is only added for
      dualroot CoT and not for TBBR CoT.
      
      A single certificate file is generated containing hash of individual
      packages. Maximum 8 secure partitions are supported.
      
      Following new options added to cert_tool:
       --sip-sp-cert --> SiP owned Secure Partition Content Certificate
       --sp-pkg1 --> Secure Partition Package1 file
       --sp-pkg2
       .....
       --sp-pkg8
      
      Trusted world key pair is used for signing.
      
      Going forward, this feature can be extended for Platfrom owned
      Partitions, if required.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
      0792dd7d
  16. 06 Mar, 2020 1 commit
  17. 24 Feb, 2020 1 commit
  18. 20 Feb, 2020 1 commit
    • Manish Pandey's avatar
      SPMD: generate and add Secure Partition blobs into FIP · ce2b1ec6
      Manish Pandey authored
      
      
      Till now TF-A allows limited number of external images to be made part
      of FIP. With SPM coming along, there may exist multiple SP packages
      which need to be inserted into FIP. To achieve this we need a more
      scalable approach to feed SP packages to FIP.
      
      This patch introduces changes in build system to generate and add SP
      packages into FIP based on information provided by platform.
      Platform provides information in form of JSON which contains layout
      description of available Secure Partitions.
      JSON parser script is invoked by build system early on and generates
      a makefile which updates FIP, SPTOOL and FDT arguments which will be
      used by build system later on for final packaging.
      
      "SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
      tree. This option will be used only when SPD=spmd.
      
      For each SP, generated makefile will have following entries
           - FDT_SOURCES	+=	sp1.dts
           - SPTOOL_ARGS	+= 	-i sp1.img:sp1.dtb -o sp1.pkg
           - FIP_ARGS		+=	--blob uuid=XXXX-XXX...,file=SP1.pkg
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
      ce2b1ec6
  19. 14 Feb, 2020 1 commit
  20. 10 Feb, 2020 1 commit
    • Manish Pandey's avatar
      SPM: modify sptool to generate individual SP blobs · 3977a825
      Manish Pandey authored
      
      
      Currently sptool generates a single blob containing all the Secure
      Partitions, with latest SPM implementation, it is desirable to have
      individual blobs for each Secure Partition. It allows to leverage
      packaging and parsing of SP on existing FIP framework. It also allows
      SP packages coming from different sources.
      
      This patch modifies sptool so that it takes number of SP payload pairs
      as input and generates number of SP blobs instead of a single blob.
      
      Each SP blob can optionally have its own header containing offsets and
      sizes of different payloads along with a SP magic number and version.
      It is also associated in FIP with a UUID, provided by SP owner.
      
      Usage example:
      sptool -i sp1.bin:sp1.dtb -o sp1.pkg -i sp2.bin:sp2.dtb -o sp2.pkg ...
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ie2db8e601fa1d4182d0a1d22e78e9533dce231bc
      3977a825
  21. 29 Jan, 2020 3 commits
  22. 14 Jan, 2020 1 commit
  23. 25 Nov, 2019 1 commit
    • Louis Mayencourt's avatar
      tools: Add show_memory script · ea698c1e
      Louis Mayencourt authored
      
      
      show_memory is a simple tools that parse the blx.map files and print a
      representation of the memory layout for the latest build.
      This representation is based on standard symbols present on the map
      files as: __TEXT_START/END__, __RODATA_START/END__, __STACKS_START/END__
      , etc..
      
      Change-Id: Iba3e301a1a9fee9a35abf1afdb69093617d33929
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      ea698c1e
  24. 12 Sep, 2019 2 commits
    • Justin Chadwell's avatar
      Remove RSA PKCS#1 v1.5 support from cert_tool · 6a415a50
      Justin Chadwell authored
      Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
      in SHA fe199e3b
      
      , however, cert_tool is still able to generate
      certificates in that form. This patch fully removes the ability for
      cert_tool to generate these certificates.
      
      Additionally, this patch also fixes a bug where the issuing certificate
      was a RSA and the issued certificate was EcDSA. In this case, the issued
      certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
      PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
      that PKCS#1 v1.5 support is removed, all certificates that are signed
      with RSA now use the more modern padding scheme.
      
      Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      6a415a50
    • Justin Chadwell's avatar
      Add cert_create tool support for RSA key sizes · dfe0f4c2
      Justin Chadwell authored
      
      
      cert_tool is now able to accept a command line option for specifying the
      key size. It now supports the following options: 1024, 2048 (default),
      3072 and 4096. This is also modifiable by TFA using the build flag
      KEY_SIZE.
      
      Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      dfe0f4c2
  25. 05 Sep, 2019 1 commit
  26. 16 Aug, 2019 1 commit
  27. 02 Jul, 2019 1 commit
  28. 02 Apr, 2019 1 commit