- 22 Jun, 2021 1 commit
-
-
Nicolas Le Bayon authored
Add parameters to fill header version: Two new options are added (m and n) to fill header version major and minor. The default is v1.0 (major = 1, minor = 0) Fix image header on big endian hosts: Three header fields are not properly converted to little endian before assignment, resulting in incorrect header while executing stm32image on big endian hosts. Convert the value of the header fields version_number, image_checksum and edcsa_algorithm to little endian before the assignment. Don't force the base of strtol, since it's able to select the base automatically depending on the prefix of the value. This does not breaks the current build script that extracts the addresses, including the 0x prefix, from the map file. This change helps using stm32image in shell scripts where the addresses can be computed using the shell arithmetic expansion "$((...))", that produces a value in base decimal. The variable stm32image_header is declared with global visibility but is us...
-
- 07 Apr, 2021 1 commit
-
-
Pali Rohár authored
Calling 'make clean' in 'all' target is causing recompilation of binary at every 'make' call, which is wrong. Also building a new target via 'make TARGET' can cause infinite loop as it is not defined as explicit make dependency. Dependent targets must be specified after colon when defining target, which also prevents infinite loops as make is able to detect these circular dependencies. Moreover calling 'make clean' is supposed to be done by user when configuration is changing. So remove calling 'make clean' in 'all' target and define dependency for '${PROJECT}' at correct place. Signed-off-by: Pali Rohár <pali@kernel.org> Change-Id: I70e7fd2b04b02f6a0650c82df91d58c9a4cb24d9
-
- 24 Mar, 2021 3 commits
-
-
Pankaj Gupta authored
NXP tool to create pbl from bl2 binary: - RCW is prepended to BL2.bin - If TRUSTED_BOARD_BOOT=1, pre-append the CSF header to be understood by NXP boot-rom. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: Iddc7336a045222e2073ddad86358ebc4440b8bcf
-
Pankaj Gupta authored
Generic framework is added to include platform defined UUID. This framework is added for the following: - All NXP SoC based platforms needed additional fip-fuse.bin - NXP SoC lx2160a based platforms requires additional fip-ddr.bin Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: Ibe05d9c596256e34077287a490dfcd5b731ef2cf
-
Pankaj Gupta authored
Changes to 'tools/cert_create' folder, to include platform defined certificates, keys, and extensions. NXP SoC lx2160a : based platforms requires additional FIP DDR to be loaded before initializing the DDR. To enable chain of trust on these platforms, FIP DDR image needs to be authenticated, additionally. Platform specific folder 'tools/nxp/cert_create_helper' is added to support platform specific macros and definitions. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
-
- 27 Jan, 2021 2 commits
-
-
Jimmy Brisson authored
This bug manifests itself as a segfault triggered by a double-free. I noticed that right before the double-free, the sk list contained 2 elements with the same address. (gdb) p sk_X509_EXTENSION_value(sk, 1) $34 = (X509_EXTENSION *) 0x431ad0 (gdb) p sk_X509_EXTENSION_value(sk, 0) $35 = (X509_EXTENSION *) 0x431ad0 (gdb) p sk_X509_EXTENSION_num(sk) $36 = 2 This caused confusion; this should never happen. I figured that this was caused by a ext_new_xxxx function freeing something before it is added to the list, so I put a breakpoint on each of them to step through. I was suprised to find that none of my breakpoints triggered for the second element of the iteration through the outer loop just before the double-free. Looking through the code, I noticed that it's possible to avoid doing a ext_new_xxxx, when either: * ext->type == NVCOUNTER and ext->arg == NULL * ext->type == HASH and ext->arg == NULL and ext->optional == false So I put a breakpoint on both. It turns out that it was the HASH version, but I added a fix for both. The fix for the Hash case is simple, as it was a mistake. The fix for the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may be optional, and when it's optional we can skip it. The other case, when the NVCOUNTER is required (not optinal), the `check_cmd_params` function has already verified that the `ext->arg` must be non-NULL. We assert that before processing it to covert any possible segfaults into more descriptive errors. This should no longer cause double-frees by adding the same ext twice. Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Manish V Badarkhe authored
The certification tool creates all the certificates mentioned statically in the code rather than taking explicit certificate requests from the command line parameters. Code is optimized to avoid unnecessary attempts to create non-requested certificates. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
-
- 13 Jan, 2021 2 commits
-
-
Biju Das authored
Add tool support for creating bootparam and cert_header images for RZ/G2 SoC based platforms. Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Change-Id: Iab8ba6eda442c8d75f23c5633b8178f86339e4c9
-
Ross Burton authored
Don't depend on clean when building, as the user is capable of cleaning if required and this introduces a race where "all" depends on both the compile and the clean in parallel. It's quite possible for some of the compile to happen in parallel with the clean, which results in the link failing as objects just built are missing. Change-Id: I710711eea7483cafa13251c5d94ec693148bd001 Signed-off-by: Ross Burton <ross.burton@arm.com>
-
- 20 Oct, 2020 4 commits
-
-
Jimmy Brisson authored
When OpenSSL's macro allocates the HASH struct, it allocates the fields as well. After this allocation, the prior code would assign over the pointers inside the HASH struct, leaking these fields. This patch avoids allocating extra copies of these members. Change-Id: I50a38b0a04b52ec54d6388db0f694feb578d2818 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
Change-Id: I0ad9620145c2a9c4450b9bf20cd1f70c9db6593c Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
Change-Id: I16ba4420ffeb9aa439e0a09a1b34d2aba2e1eb6e Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
Previously, we would leak these extensions as they are not freed by the stack. An except from the `sk_TYPE_free` documentation: sk_TYPE_free() frees up the sk structure. It does not free up any elements of sk. After this call sk is no longer valid. The fix is to drain the stack and free its elements before freeing the stack. sk_TYPE_pop_free does this, so we use that instead. Change-Id: Ie70c302f9dda5af1a7243f163d36e99916ee639c Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
- 14 Sep, 2020 2 commits
-
-
Sami Mujawar authored
Although support for building fiptool on a Windows host was present, the binary was not built when the top level makefile was invoked. This patch makes the necessary changes to the to support building of fiptool on a Windows host PC from the main makefile. Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
-
Sami Mujawar authored
Windows does not have a standard getopt implementation. To address this an equivalent implementation has been provided in win_posix.c However, the implementation has an issue with option processing as described below. Long option names may be abbreviated if the abbreviation is unique or an exact match for some defined option. Since some options can be substring of other options e.g. "scp-fw" option is a substring of "scp-fwu-cfg", we need to identify if an option is abbreviated and also check for uniqueness. Otherwise if a user passes --scp-fw as an option, the "scp-fwu-cfg" option may get selected, resulting in an incorrectly packaged FIP. This issue has been be fixed by: - First searching for an exact match. - If exact match was not found search for a abbreviated match. By doing this an incorrect option selection can be avoided. Change-Id: I22f4e7a683f3df857f5b6f0783bf9b03a64a0bcc Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
-
- 07 Sep, 2020 1 commit
-
-
Manish V Badarkhe authored
This patch: fafd3ec9 assumes that tools must build from the main makefile folder. This assumption leads to the error when somebody wants to build a tool from the tool's folder. Hence changes are done to provide the default binary name in the tool's makefile. Change-Id: Iae570a7f8d322151376b6feb19e739300eecc3fc Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 23 Aug, 2020 1 commit
-
-
Manish V Badarkhe authored
Currently, the tool's makefile override the tool's binary name which is already been defined in the main makefile. Hence fix is provided so that the tool's makefile get the tool's binary name from the main makefile instead of overriding it. Change-Id: I8af2bd391a96bba2dbcddef711338a94ebf5f038 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 14 Aug, 2020 1 commit
-
-
Ruari Phipps authored
With recently introduced dualroot CoT for SPs where they are owned either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID while Plat owned SPs index starts at SP_PKG5_ID. This patch modifies SP makefile generator script to take CoT as an argument and if it is "dualroot" then generates SP_PKG in order mentioned above, otherwise generates it sequentially. Signed-off-by: Ruari Phipps <ruari.phipps@arm.com> Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8
-
- 12 Aug, 2020 1 commit
-
-
Manish Pandey authored
Add support to generate a certificate named "plat-sp-cert" for Secure Partitions(SP) owned by Platform. Earlier a single certificate file "sip-sp-cert" was generated which contained hash of all 8 SPs, with this change SPs are divided into two categories viz "SiP owned" and "Plat owned" containing 4 SPs each. Platform RoT key pair is used for signing. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
-
- 04 Aug, 2020 1 commit
-
-
Grant Likely authored
If the user tries to change BUILD_BASE to put the build products outside the build tree the compile will fail due to hard coded assumptions that $BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE)) to rationalize to an absolute path every time and remove the relative path assumptions. This patch also adds documentation that BUILD_BASE can be specified by the user. Signed-off-by: Grant Likely <grant.likely@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
-
- 10 Jul, 2020 2 commits
-
-
Konstantin Porotchkin authored
Change the binary image alignment from 4 to 16. The PKCS signature verification fails for unaligned images. Change-Id: Ieb08dc3ea128790f542ad93e3c948117567a65af Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
Konstantin Porotchkin authored
Replace deprecated mbedtls_sha256 with mbedtls_sha256_ret The mbedtls_pk_parse_key does not work correctly anymore with the DER buffer embedded in the secure image extentson using the buffer size as the the key length. Move to mbedtls_pk_parse_subpubkey API that handles such case correctly. The DER format already contains the key length, so there is no particular reason to supply it to the key parser. Update the doimage version to 3.3 Change-Id: I0ec5ee84b7d1505b43138e0b7a6bdba44a6702b6 Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 06 Jul, 2020 1 commit
-
-
Leonardo Sandoval authored
Querying the 'fiptool' for help or help <command> should return 0 return status (success) and not 1 (failure). In the other hand, if tool is executed with any other command (not help) where command's parameters are either missing or wrong, then the tool should return non-zero (failure). Now, the 'usage' function caller is the one that passes the return status. Change-Id: Id5eea91037cd810fb1e34a42e8199ef504f5daa4 Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
-
- 24 Jun, 2020 2 commits
-
-
Manish V Badarkhe authored
Updated cert_tool to add hash information of fw_config image into the existing "trusted boot fw" certificate. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
-
Manish V Badarkhe authored
Added support in fiptool to include fw_config image in FIP. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
-
- 11 Jun, 2020 1 commit
-
-
Manish Pandey authored
with sha 0792dd7d , support to generate certificate for Secure Partitions was added for dualroot CoT only, this patch extends this support for tbbr CoT. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
-
- 08 Jun, 2020 2 commits
-
-
Manish Pandey authored
To support secure boot of SP's update cert tool arguments while generating sp_gen.mk which in turn is consumed by build system. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc
-
Manish Pandey authored
Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
-
- 06 Mar, 2020 1 commit
-
-
Sumit Garg authored
Add firmware authenticated encryption tool which utilizes OpenSSL library to encrypt firmwares using a key provided via cmdline. Currently this tool supports AES-GCM as an authenticated encryption algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4
-
- 24 Feb, 2020 1 commit
-
-
Sandrine Bailleux authored
Selection of the chain of trust is done through the COT build option: > make COT=dualroot Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 20 Feb, 2020 1 commit
-
-
Manish Pandey authored
Till now TF-A allows limited number of external images to be made part of FIP. With SPM coming along, there may exist multiple SP packages which need to be inserted into FIP. To achieve this we need a more scalable approach to feed SP packages to FIP. This patch introduces changes in build system to generate and add SP packages into FIP based on information provided by platform. Platform provides information in form of JSON which contains layout description of available Secure Partitions. JSON parser script is invoked by build system early on and generates a makefile which updates FIP, SPTOOL and FDT arguments which will be used by build system later on for final packaging. "SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A tree. This option will be used only when SPD=spmd. For each SP, generated makefile will have following entries - FDT_SOURCES += sp1.dts - SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg - FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
-
- 14 Feb, 2020 1 commit
-
-
Louis Mayencourt authored
This patch: - Add the __COHERENT_RAM_START__ and __COHERENT_RAM_END__ symbols. - Improve how the symbols are found with a regex. - Add a build option to revert the memory layout output. Change-Id: I54ec660261431bc98d78acb0f80e3d95bc5397ac Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 10 Feb, 2020 1 commit
-
-
Manish Pandey authored
Currently sptool generates a single blob containing all the Secure Partitions, with latest SPM implementation, it is desirable to have individual blobs for each Secure Partition. It allows to leverage packaging and parsing of SP on existing FIP framework. It also allows SP packages coming from different sources. This patch modifies sptool so that it takes number of SP payload pairs as input and generates number of SP blobs instead of a single blob. Each SP blob can optionally have its own header containing offsets and sizes of different payloads along with a SP magic number and version. It is also associated in FIP with a UUID, provided by SP owner. Usage example: sptool -i sp1.bin:sp1.dtb -o sp1.pkg -i sp2.bin:sp2.dtb -o sp2.pkg ... Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ie2db8e601fa1d4182d0a1d22e78e9533dce231bc
-
- 29 Jan, 2020 3 commits
-
-
Sandrine Bailleux authored
In preparation of supporting alternate chains of trust, reword comments and error messages that explicitly mentioned TBBR. Change-Id: I85a0b08e16d0cd82f3b767fcc092d1f20f45939f Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
It allows to select the desired chain of trust. Right now, only the TBBR CoT is available. At this stage, this build option only affects the tool itself. It is not plugged into the rest of the build system yet. To use it: > make -C tools/cert_create COT=tbbr Change-Id: I4484418f76d3c7b330d8653c978499a181534dcd Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Move all TBBR-specific stuff out of the tool's makefile into a sub-makefile. This will make it easier to define and select an alternate chain of trust in the future. Change-Id: I92e366a1999b74cf51127d1771b64b807cd94b29 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 14 Jan, 2020 1 commit
-
-
Sandrine Bailleux authored
The chain of trust definitions are only needed in the part of the code dealing with the TBBR CoT (tbbr/* files). Change-Id: I6f9a86bba4a2d16313b6842a3ec85b7c951074bc Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 25 Nov, 2019 1 commit
-
-
Louis Mayencourt authored
show_memory is a simple tools that parse the blx.map files and print a representation of the memory layout for the latest build. This representation is based on standard symbols present on the map files as: __TEXT_START/END__, __RODATA_START/END__, __STACKS_START/END__ , etc.. Change-Id: Iba3e301a1a9fee9a35abf1afdb69093617d33929 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
- 12 Sep, 2019 2 commits
-
-
Justin Chadwell authored
Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed in SHA fe199e3b , however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
Justin Chadwell authored
cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-