1. 07 Apr, 2017 3 commits
  2. 05 Apr, 2017 14 commits
  3. 04 Apr, 2017 1 commit
  4. 03 Apr, 2017 1 commit
    • Douglas Raillard's avatar
      Fix ARM_BL31_IN_DRAM build · f9608bc8
      Douglas Raillard authored
      
      
      Some header files using the ULL() macro were not directly including
      utils.h where the macro definition resides. As a consequence, a linker
      script with values using this macro did not see the macro definition
      and kept the "ULL(<value>)" call in the preprocessed file, which lead to
      link error.
      
      Files using ULL() macro now include utils.h directly.
      
      Change-Id: I433a7f36bd21a156c20e69bc2a2bb406140ebdf9
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      f9608bc8
  5. 31 Mar, 2017 3 commits
    • dp-arm's avatar
      Juno: Initialize stack protector canary from the trusted entropy source · e6d2aea1
      dp-arm authored
      
      
      Change-Id: I7f3e4bfd46613c6311ba4015d56705414fd6feab
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      e6d2aea1
    • dp-arm's avatar
      Juno: Introduce juno_getentropy(void *buf, size_t len) · df9a39ea
      dp-arm authored
      
      
      This function fills the buffer (first argument) with the specified
      number of bytes (second argument) from the trusted entropy source.
      
      This function will be used to initialize the stack protector canary.
      
      Change-Id: Iff15aaf4778c13fa883ecb5528fcf9b8479d4489
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      df9a39ea
    • Douglas Raillard's avatar
      Add support for GCC stack protection · 51faada7
      Douglas Raillard authored
      
      
      Introduce new build option ENABLE_STACK_PROTECTOR. It enables
      compilation of all BL images with one of the GCC -fstack-protector-*
      options.
      
      A new platform function plat_get_stack_protector_canary() is introduced.
      It returns a value that is used to initialize the canary for stack
      corruption detection. Returning a random value will prevent an attacker
      from predicting the value and greatly increase the effectiveness of the
      protection.
      
      A message is printed at the ERROR level when a stack corruption is
      detected.
      
      To be effective, the global data must be stored at an address
      lower than the base of the stacks. Failure to do so would allow an
      attacker to overwrite the canary as part of an attack which would void
      the protection.
      
      FVP implementation of plat_get_stack_protector_canary is weak as
      there is no real source of entropy on the FVP. It therefore relies on a
      timer's value, which could be predictable.
      
      Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      51faada7
  6. 30 Mar, 2017 15 commits
  7. 27 Mar, 2017 3 commits