1. 22 Sep, 2017 2 commits
  2. 21 Sep, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Fix type of `unsigned long` constants · e47ac1fd
      Antonio Nino Diaz authored
      
      
      The type `unsigned long` is 32 bit wide in AArch32, but 64 bit wide in
      AArch64. This is inconsistent and that's why we avoid using it as per
      the Coding Guidelines. This patch changes all `UL` occurrences to `U`
      or `ULL` depending on the context so that the size of the constant is
      clear.
      
      This problem affected the macro `BIT(nr)`. As long as this macro is used
      to fill fields of registers, that's not a problem, since all registers
      are 32 bit wide in AArch32 and 64 bit wide in AArch64. However, if the
      macro is used to fill the fields of a 64-bit integer, it won't be able
      to set the upper 32 bits in AArch32.
      
      By changing the type of this macro to `unsigned long long` the behaviour
      is always the same regardless of the architecture, as this type is
      64-bit wide in both cases.
      
      Some Tegra platform files have been modified by this patch.
      
      Change-Id: I918264c03e7d691a931f0d1018df25a2796cc221
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      e47ac1fd
  3. 31 Aug, 2017 2 commits
    • Soby Mathew's avatar
      cert_tool: Support for legacy RSA PKCS#1 v1.5 · a8eb286a
      Soby Mathew authored
      
      
      This patch enables choice of RSA version at run time to be used for
      generating signatures by the cert_tool. The RSA PSS as defined in
      PKCS#1 v2.1 becomes the default version and this patch enables to specify
      the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
      -a option. Also, the build option `KEY_ALG` can be used to pass this
      option from the build system. Please note that RSA PSS is mandated
      by Trusted Board Boot requirements (TBBR) and legacy RSA support is
      being added for compatibility reasons.
      
      Fixes ARM-Software/tf-issues#499
      Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
      Co-Authored-By: default avatarEleanor Bonnici <Eleanor.bonnici@arm.com>
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a8eb286a
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
  4. 09 Aug, 2017 1 commit
  5. 01 Aug, 2017 2 commits
    • Jeenu Viswambharan's avatar
      Add SMMUv3 driver · 1154586b
      Jeenu Viswambharan authored
      
      
      The driver has only one API: to initialize an SMMUv3 device. This
      operates on a device that implements secure state, by invalidating
      secure caches and TLBs.
      
      Change-Id: Ief32800419ddf0f1fe38c8f0da8f5ba75c72c826
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      1154586b
    • Jeenu Viswambharan's avatar
      CCI: Adapt for specific product at run time · e33fd445
      Jeenu Viswambharan authored
      
      
      The current build system and driver requires the CCI product to be
      specified at build time. The device constraints can be determined at run
      time from its ID registers, obviating the need for specifying them
      ahead.
      
      This patch adds changes to identify and validate CCI at run time. Some
      global variables are renamed to be in line with the rest of the code
      base.
      
      The build option ARM_CCI_PRODUCT_ID is now removed, and user guide is
      updated.
      
      Change-Id: Ibb765e349d3bc95ff3eb9a64bde1207ab710a93d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e33fd445
  6. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  7. 28 Jun, 2017 2 commits
    • Soby Mathew's avatar
      Do basic CryptoCell LCS check · fd2b42f4
      Soby Mathew authored
      
      
      This patch implements the basic lifecycle state check when CryptoCell
      SBROM is initialized. Currently the check ensures that if the lifecycle
      state is Security Disabled (SD), the boot process does not proceed
      further.
      
      Change-Id: I5101335453cd3ea413e97bcfb9138a96c05e1aea
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      fd2b42f4
    • Soby Mathew's avatar
      Add CC crypto driver to the Auth module · 4eb20d99
      Soby Mathew authored
      
      
      This patch adds a crypto driver which utilizes the ARM® TrustZone®
      CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
      with this driver, the CryptoCell SBROM library is required to successfully
      build the BL image. The path to this library is specified via
      the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required
      to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for
      signature and hash verification.
      
      Change-Id: If82dfbae0d7772ba1c64839f0b27850c103fe253
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      4eb20d99
  8. 23 Jun, 2017 3 commits
  9. 13 Jun, 2017 1 commit
  10. 06 Jun, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Don't use tf_snprintf if option not defined · c46c18c5
      Antonio Nino Diaz authored
      
      
      If `MBEDTLS_PLATFORM_SNPRINTF_ALT` isn't used, the function
      `mbedtls_platform_set_snprintf()` isn't defined.
      
      In case a platform uses a different mbed TLS configuration file than
      the one provided by the Trusted Firmware, and it doesn't define the
      mentioned build option, this will result in a build error.
      
      This patch modifies the initialization code so that
      `mbedtls_platform_set_snprintf()` is only used if
      `MBEDTLS_PLATFORM_SNPRINTF_ALT` is defined, allowing platforms to use
      it or not depending on their needs.
      
      Change-Id: I1d5c86d57e9b2871ba463030bf89210ebec5178e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c46c18c5
  11. 05 Jun, 2017 2 commits
  12. 01 Jun, 2017 1 commit
    • Jeenu Viswambharan's avatar
      Introduce ARM GIC-600 driver · e1c59ab3
      Jeenu Viswambharan authored
      
      
      ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
      implements a power control register in the Redistributor frame. This
      register must be programmed to mark the frame as powered on, before
      accessing other registers in the frame. Rest of initialization sequence
      remains the same.
      
      The driver provides APIs for Redistributor power management, and
      overrides those in the generic GICv3 driver. The driver data is shared
      between generic GICv3 driver and that of GIC-600.
      
      For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
      is set to FVP_GIC600. Also update user guide.
      
      Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      e1c59ab3
  13. 31 May, 2017 3 commits
    • Antonio Nino Diaz's avatar
      mbedtls: Define optimized mbed TLS heap size · 05fd893e
      Antonio Nino Diaz authored
      
      
      mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()`
      to analyse the RAM usage of the library.
      
      When RSA is selected as algorithm, the maximum heap usage in FVP and
      Juno has been determined empirically to be approximately 5.5 KiB.
      However, The default heap size used when RSA is selected is 8 KiB.
      
      This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS
      sections of both BL1 and BL2 are 2 KiB smaller when the firmware is
      compiled with TBB support.
      
      Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      05fd893e
    • Haojian Zhuang's avatar
      drivers: add designware ufs driver · 7e080842
      Haojian Zhuang authored
      
      
      Initialized the designware UFS PHY.
      Signed-off-by: default avatarHaojian Zhuang <haojian.zhuang@linaro.org>
      7e080842
    • Haojian Zhuang's avatar
      drivers: add ufs stack · eb5073f4
      Haojian Zhuang authored
      
      
      If UFS device is initialized, we could just make it out of
      hibernation by UFS_FLAGS_SKIPINIT. And vendor's dirver is always
      focus on PHY setting. We could use UFS driver directly if it
      exits from hibernation.
      
      There're eight LUNs in UFS device. The UFS driver only provides
      the read/write API with LUN. User could define his own read/write
      since user may want to access different LUNs.
      Signed-off-by: default avatarHaojian Zhuang <haojian.zhuang@linaro.org>
      eb5073f4
  14. 24 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Use `tf_snprintf` instead of `snprintf` · ab1794f5
      Antonio Nino Diaz authored
      
      
      The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
      This subset internally uses `snprintf`, but the only format specifier
      used is '%d', which is supported by `tf_snprintf`.
      
      This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
      saving 3 KB in both debug and release builds when TBBR is enabled.
      
      Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ab1794f5
  15. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      cert: move platform_oid.h to include/tools_share for all platforms · bb41eb7a
      Masahiro Yamada authored
      
      
      Platforms aligned with TBBR are supposed to use their own OIDs, but
      defining the same macros with different OIDs does not provide any
      value (at least technically).
      
      For easier use of TBBR, this commit allows platforms to reuse the OIDs
      obtained by ARM Ltd.  This will be useful for non-ARM vendors that
      do not need their own extension fields in their certificate files.
      
      The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
      
      Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
      defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
      backward compatibility.
      
      For clarification, I inserted a blank line between headers from the
      include/ directory (#include <...>) and ones from a local directory
      (#include "..." ).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      bb41eb7a
  16. 12 May, 2017 2 commits
    • David Cunado's avatar
      mbedtls: Complete namespace for TF specific macros · 0aff7ad2
      David Cunado authored
      
      
      This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This
      completes the migration of TF specific macros so that they do not
      have the MBEDTLS_ suffix (see arm-trusted-firmware#874).
      
      Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      0aff7ad2
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
  17. 03 May, 2017 1 commit
  18. 21 Apr, 2017 1 commit
    • Varun Wadekar's avatar
      drivers: ti: uart: remove UART_FCR writes · 8178ea7c
      Varun Wadekar authored
      
      
      This patch removes the code that touched UART_FCR, from
      console_core_putc(). The check for whether transmit FIFO is
      full is sufficient before writing to UART TX FIFO. In fact
      setting UARTFCR_TXCLR immediately after a byte is written to
      FIFO might even result in loss of that byte, if UART hasn't
      sent that byte out yet.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      8178ea7c
  19. 20 Apr, 2017 1 commit
  20. 18 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      TZC: rename included C file to a header · 239b085c
      Antonio Nino Diaz authored
      
      
      C files shouldn't be included into others. This file only contains some
      macros and functions that can be made `static inline`, so it is ok to
      convert it into a header file.
      
      This is the only occurrence of a C file being included in another one in
      the codebase instead of using a header, other occurrences are a way of
      achieving backwards-compatibility.
      
      Functions therein have been qualified as `inline`.
      
      Change-Id: I88fe300f6d85a7f0740ef14c9cb8fa54849218e6
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      239b085c
  21. 06 Apr, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Replace tf_printf occurrences with ERROR · 38aecbb4
      Antonio Nino Diaz authored
      
      
      The amount of console output is controlled by the LOG_LEVEL build
      option. Using tf_printf without any #ifdef depending on the LOG_LEVEL
      doesn't give the user that flexibility.
      
      This patch replaces all occurrences of tf_printf that prints error, but
      aren't dependent on LOG_LEVEL, with the ERROR macro.
      
      Change-Id: Ib5147f14fc1579398a11f19ddd0e840ff6692831
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      38aecbb4
  22. 31 Mar, 2017 2 commits
  23. 22 Mar, 2017 1 commit
    • dp-arm's avatar
      mbedtls: Namespace TF specific macros · 66b4c166
      dp-arm authored
      
      
      These macros are not part of mbed TLS so they should not be prefixed
      with `MBEDTLS_` to avoid potential collision in the future. Use the
      `TBBR_` suffix to highlight that they only used in TF.
      
      `MBEDTLS_KEY_ALG` was not modified because that is documented and used
      by platforms to select the key algorithm.
      
      Change-Id: Ief224681715c481691c80810501830ce16e210b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      66b4c166
  24. 02 Mar, 2017 1 commit
  25. 01 Mar, 2017 1 commit
    • Soby Mathew's avatar
      Flush the GIC driver data after init · 311b1773
      Soby Mathew authored
      
      
      The GIC driver data is initialized by the primary CPU with caches
      enabled. When the secondary CPU boots up, it initializes the
      GICC/GICR interface with the caches disabled and there is a chance that
      the driver data is not yet written back to the memory. This patch fixes
      this problem by flushing the driver data after they have been
      initialized.
      
      Change-Id: Ie9477029683846209593ff005d2bac559bb8f5e6
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      311b1773
  26. 22 Feb, 2017 1 commit
  27. 16 Feb, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Revert "tbbr: Use constant-time bcmp() to compare hashes" · fabd21ad
      Antonio Nino Diaz authored
      This reverts commit b621fb50
      
      .
      
      Because of the Trusted Firmware design, timing-safe functions are not
      needed. Using them may be misleading as it could be interpreted as being
      a protection against private data leakage, which isn't the case here.
      
      For each image, the SHA-256 hash is calculated. Some padding is appended
      and the result is encrypted with a private key using RSA-2048. This is
      the signature of the image. The public key is stored along with BL1 in
      read-only memory and the encrypted hash is stored in the FIP.
      
      When authenticating an image, the TF decrypts the hash stored in the FIP
      and recalculates the hash of the image. If they don't match, the boot
      sequence won't continue.
      
      A constant-time comparison does not provide additional security as all
      the data involved in this process is already known to any attacker.
      There is no private data that can leaked through a timing attack when
      authenticating an image.
      
      `timingsafe_bcmp()` is kept in the codebase because it could be useful
      in the future.
      
      Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      fabd21ad
  28. 14 Feb, 2017 2 commits