Skip to content

GitLab

Switch branch/tag
  1. 24 Jun, 2020 1 commit
  3. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      cert_create: add SiP owned secure partitions support · 0792dd7d
      Manish Pandey authored 
      

Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.

A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.

Following new options added to cert_tool:
 --sip-sp-cert --> SiP owned Secure Partition Content Certificate
 --sp-pkg1 --> Secure Partition Package1 file
 --sp-pkg2
 .....
 --sp-pkg8

Trusted world key pair is used for signing.

Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
      0792dd7d
  5. 02 Jul, 2019 1 commit
  7. 12 Mar, 2019 1 commit
  9. 29 Jan, 2019 1 commit
  11. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored 
      

All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  13. 04 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      tools: Make invocation of host compiler correct · 750e8d80
      Antonio Nino Diaz authored 
      

HOSTCC should be used in any of the tools inside the tools/ directory
instead of CC. That way it is possible to override both values from the
command line when building the Trusted Firmware and the tools at the
same time. Also, use HOSTCCFLAGS instead of CFLAGS.

Also, instead of printing the strings CC and LD in the console during
the compilation of the tools, HOSTCC and HOSTLD have to be used for
clarity. This is how it is done in other projects like U-Boot or Linux.

Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      750e8d80
  15. 28 Sep, 2018 1 commit
  17. 14 Jun, 2018 1 commit
    • Roberto Vargas's avatar
      Make TF UUID RFC 4122 compliant · 03364865
      Roberto Vargas authored 
      

RFC4122 defines that fields are stored in network order (big endian),
but TF-A stores them in machine order (little endian by default in TF-A).
We cannot change the future UUIDs that are already generated, but we can store
all the bytes using arrays and modify fiptool to generate the UUIDs with
the correct byte order.

Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      03364865
  19. 18 May, 2018 1 commit
  21. 03 May, 2018 1 commit
  23. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      Dynamic cfg: Update the tools · e24659df
      Soby Mathew authored 
      

This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.

Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      e24659df
  25. 27 Jan, 2018 1 commit
  27. 03 Jan, 2018 1 commit
  29. 17 Oct, 2017 1 commit
    • Evan Lloyd's avatar
      fiptool: Enable Visual Studio build · a1ee3836
      Evan Lloyd authored 
      

Updates are required to enable the fiptool utility to be built on a
Windows platform.  This change modifies the source files to enable
building with Visual Studio (detected via preprocessor settings).
The primary changes are:
  1.  Provide an implementation of the getopt_long function.  This does
      not exist in the Visual Studio CRT libraries because Windows
      commands normally use '/' not '-' as an option indicator.
  2.  Redirect some function names to match those supported by the
      Visual Studio libraries (when building with Visual Studio).
  2.  Modify a structure name (stat) to match that provided
      by the Visual Studio libraries (_stat).

Note - this change does not provide makefile updates.  It only modifies
       the sources to enable the fiptool to be built from a Visual
       Studio project.  In normal use the presence of FIPTOOL.EXE is
       enough to satisfy the make requirements.  A makefile change may
       be derived from the Visual Studio command line information at
       some point in the future.

Change-Id: I3ade77ea140246af3c030920b3f97c070087f111
Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      a1ee3836
  31. 11 Oct, 2017 1 commit
    • Evan Lloyd's avatar
      fiptool: Precursor changes for Visual Studio · 96851114
      Evan Lloyd authored 
      

In order to compile the source of Fiptool using Visual Studio a number
of adjustments are required to the source.  This commit modifies the
source with changes that will be required, but makes no functional
modification.  The intent is to allow confirmation that the GCC build
is unaffected.

Change-Id: I4055bd941c646dd0a1aa2e24b940a1db3bf629ce
Signed-off-by: default avatarEvan Lloyd <evan.lloyd@arm.com>
      96851114
  33. 30 Aug, 2017 1 commit
  35. 09 Aug, 2017 1 commit
  37. 31 Jul, 2017 1 commit
  39. 26 Jul, 2017 1 commit
  41. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored 
      

This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  43. 12 Jun, 2017 1 commit
  45. 24 May, 2017 1 commit
  47. 23 May, 2017 1 commit
    • Masahiro Yamada's avatar
      fip: move headers shared between TF and fiptool to include/tools_share · 2a6c1a8f
      Masahiro Yamada authored 
      

Some header files need to be shared between TF and host programs.
For fiptool, two headers are copied to the tools/fiptool directory,
but it looks clumsy.

This commit introduces a new directory, include/tools_share, which
collects headers that should be shared between TF and host programs.

This will clarify the interface exposed to host tools.  We should
add new headers to this directory only when we really need to do so.

For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      2a6c1a8f
  49. 03 May, 2017 1 commit
  51. 24 Apr, 2017 1 commit
  53. 27 Feb, 2017 1 commit
    • dp-arm's avatar
      fiptool: Embed a pointer to an image within the image descriptor · b9589fe5
      dp-arm authored 
      

Currently, fiptool uses two linked lists.  One to chain together all
the images and one for all the image descriptors.  Initially this was
done because not all images had a corresponding image descriptor.
This was the case for unknown images which existed in the FIP but
there was no descriptor in the builtin table for them.  When support
for the --blob option came in, we started building descriptors for the
unknown images on the fly.  As a result every image now has a
corresponding image descriptor and therefore it is no longer necessary
to keep track of them separately.

To simplify the design, maintain only a single linked list of image
descriptors.  An image descriptor contains a pointer to the
corresponding image.  If the pointer is NULL, then the descriptor is
skipped in all the operations.  This approach simplifies the traversal
code and avoids redundant lookups.

The linked list of image descriptors is populated based on the
`toc_entries` array.  This means that the order of the images in the
FIP file remains the same across add/remove or create/update
operations.  This is true for all standard images (those specified in
`toc_entries`) but not for those specified via the --blob option.

Change-Id: Ic29a263c86c8f1efdad322b430368c7623782e2d
Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      b9589fe5
  55. 11 Feb, 2017 3 commits
  57. 28 Jan, 2017 2 commits
    • Masahiro Yamada's avatar
      fiptool: support --align option to add desired alignment to image offset · 1c75d5df
      Masahiro Yamada authored 
      

The current fiptool packs all the images without any padding between
them.  So, the offset to each image has no alignment.  This is not
efficient, for example, when the FIP is read from a block-oriented
device.

For example, (e)MMC is accessed by block-addressing.  The block size
is 512 byte.  So, the best case is each image is aligned by 512 byte
since the DMA engine can transfer the whole of the image to its load
address directly.  The worst case is the offset does not have even
DMA-capable alignment (this is where we stand now).  In this case,
we need to transfer every block to a bounce buffer, then do memcpy()
from the bounce buffer to our final destination.  At least, this
should work with the abstraction by the block I/O layer, but the
CPU-intervention for the whole data transfer makes it really slow.

This commit adds a new option --align to the fiptool.  This option,
if given, requests the tool to align each component in the FIP file
by the specified byte.  Also, add a new Make option FIP_ALIGN for
easier access to this feature; users can give something like
FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to
their platform.mk file.
Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1c75d5df
    • Masahiro Yamada's avatar
      fiptool: embed fip_toc_entry in struct image · 65caa3d0
      Masahiro Yamada authored 
      

The struct image has "uuid" and "size" to memorize the field values
they had in the TOC entry.  So, parse_fip() copies them from struct
fip_toc_entry to struct image, then pack_images() copies them back
to struct fip_toc_entry.

The next commit (support --align option) will require to save the
"offset" field as well.  This makes me realize that struct image
can embed struct fip_toc_entry.

This commit will allow the "flags" field to persevere the "update"
command.  At this moment, the "flags" is not used in a useful way.
(Yet, platforms can save their own parameters in the flags field.)
It makes sense to save it unless users explicitly replace the image.
Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      65caa3d0
  59. 27 Jan, 2017 8 commits