- 01 Aug, 2019 1 commit
-
-
Julius Werner authored
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__. All common C compilers predefine a macro called __ASSEMBLER__ when preprocessing a .S file. There is no reason for TF-A to define it's own __ASSEMBLY__ macro for this purpose instead. To unify code with the export headers (which use __ASSEMBLER__ to avoid one extra dependency), let's deprecate __ASSEMBLY__ and switch the code base over to the predefined standard. Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417 Signed-off-by: Julius Werner <jwerner@chromium.org>
-
- 13 Jun, 2019 1 commit
-
-
Sandrine Bailleux authored
The chain of trust description and the pointer pointing to its first element were incompatible, thus requiring an explicit type cast for the assignment. - cot_desc was an array of const pointers to const image descriptors. - cot_desc_ptr was a const pointer to (non-constant) pointers to const image descriptors. Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would generate the following compiler warning: drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] REGISTER_COT(cot_desc); ^~~~~~~~ Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 08 Apr, 2019 2 commits
-
-
Joel Hutton authored
This changes the auth_img_desc_t struct to have pointers to struct arrays instead of struct arrays. This saves memory as many of these were never used, and can be NULL pointers. Note the memory savings are only when these arrays are not initialised, as it is assumed these arrays are fixed length. A possible future optimisation could allow for variable length. memory diff: bl1: bl2: text text -12 -12 bss bss -1463 0 data data -56 -48 rodata rodata -5688 -2592 total total -7419 -2652 Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
Joel Hutton authored
When Trusted Board Boot is enabled, we need to specify the Chain of Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array of image descriptors. The authentication module assumes that each image descriptor in this array is indexed by its unique image identifier. For example, the Trusted Boot Firmware Certificate has to be at index [TRUSTED_BOOT_FW_CERT_ID]. Unique image identifiers may not necessarily be consecutive. Also, a given BL image might not use all image descriptors. For example, BL1 does not need any of the descriptors related to BL31. As a result, the CoT array might contain holes, which unnecessarily takes up space in the BL binary. Using pointers to auth_img_desc_t structs (rather than structs themselves) means these unused elements only use 1 pointer worth of space, rather than one struct worth of space. This patch also changes the code which accesses this array to reflect the change to pointers. Image descriptors not needed in BL1 or BL2 respectively are also ifdef'd out in this patch. For example, verifying the BL31 image is the responsibility of BL2 so BL1 does not need any of the data structures describing BL31. memory diff: bl1: bl2: text text -20 -20 bss bss -1463 0 data data -256 -48 rodata rodata -5240 -1952 total total -6979 -2020 Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
- 04 Jan, 2019 1 commit
-
-
Antonio Nino Diaz authored
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca339 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 08 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 28 Sep, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 04 Sep, 2018 1 commit
-
-
John Tsichritzis authored
The Mbed TLS drivers, in order to work, need a heap for internal usage. This heap, instead of being directly referenced by the drivers, now it is being accessed indirectly through a pointer. Also, the heap, instead of being part of the drivers, now it is being received through the plat_get_mbedtls_heap() function. This function requests a heap from the current BL image which utilises the Mbed TLS drivers. Those changes create the opportunity for the Mbed TLS heap to be shared among different images, thus saving memory. A default heap implementation is provided but it can be overridden by a platform specific, optimised implemenetation. Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
- 13 Apr, 2018 2 commits
-
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
Roberto Vargas authored
Rule 8.3: All declarations of an object or function shall use the same names and type qualifiers Fixed for: make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 21 Nov, 2017 1 commit
-
-
Qixiang Xu authored
The flag support the following values: - sha256 (default) - sha384 - sha512 Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 25 Oct, 2017 1 commit
-
-
Qixiang Xu authored
For Trusted Board Boot, BL2 needs more space to support the ECDSA and ECDSA+RSA algorithms. Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 22 Sep, 2017 2 commits
-
-
Qixiang Xu authored
Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects rsa or ecdsa depending on the certificate used. Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
Qixiang Xu authored
- fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
-
- 12 Jul, 2017 1 commit
-
-
Isla Mitchell authored
This fix modifies the order of system includes to meet the ARM TF coding standard. There are some exceptions in order to retain header groupings, minimise changes to imported headers, and where there are headers within the #if and #ifndef statements. Change-Id: I65085a142ba6a83792b26efb47df1329153f1624 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
-
- 05 Jun, 2017 1 commit
-
-
Soby Mathew authored
This patch adds support for RSASSA-PSS Signature Algorithm for X509 certificates in mbedtls crypto driver. Now the driver supports RSA PKCS2_1 standard as mandated by TBBR. NOTE: With this patch, the PKCS1_5 standard compliant RSA signature is deprecated. Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 24 May, 2017 1 commit
-
-
Antonio Nino Diaz authored
The Trusted Firmware uses a subset of the APIs provided by mbed TLS. This subset internally uses `snprintf`, but the only format specifier used is '%d', which is supported by `tf_snprintf`. This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`, saving 3 KB in both debug and release builds when TBBR is enabled. Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 12 May, 2017 1 commit
-
-
David Cunado authored
An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed macros to have a TBBR_ suffix to avoid any potential clash with future mbedtls macros. But on reflection the TBBR_ suffix could be confusing as the macros are used to drive TF-specific configuration of mbedtls. As such this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_ suffix which more accurately conveys their use. Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 22 Mar, 2017 1 commit
-
-
dp-arm authored
These macros are not part of mbed TLS so they should not be prefixed with `MBEDTLS_` to avoid potential collision in the future. Use the `TBBR_` suffix to highlight that they only used in TF. `MBEDTLS_KEY_ALG` was not modified because that is documented and used by platforms to select the key algorithm. Change-Id: Ief224681715c481691c80810501830ce16e210b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 31 Mar, 2016 1 commit
-
-
Juan Castillo authored
This patch adds support for non-volatile counter authentication to the Authentication Module. This method consists of matching the counter values provided in the certificates with the ones stored in the platform. If the value from the certificate is lower than the platform, the boot process is aborted. This mechanism protects the system against rollback. The TBBR CoT has been updated to include this method as part of the authentication process. Two counters are used: one for the trusted world images and another for the non trusted world images. ** NEW PLATFORM APIs (mandatory when TBB is enabled) ** int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); This API returns the non-volatile counter value stored in the platform. The cookie in the first argument may be used to select the counter in case the platform provides more than one (i.e. TBSA compliant platforms must provide trusted and non-trusted counters). This cookie is specified in the CoT. int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); This API sets a new counter value. The cookie may be used to select the counter to be updated. An implementation of these new APIs for ARM platforms is also provided. The values are obtained from the Trusted Non-Volatile Counters peripheral. The cookie is used to pass the extension OID. This OID may be interpreted by the platform to know which counter must return. On Juno, The trusted and non-trusted counter values have been tied to 31 and 223, respectively, and cannot be modified. ** IMPORTANT ** THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN ORDER TO SUCCESSFULLY BUILD TF. Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
-
- 14 Jan, 2016 1 commit
-
-
Soren Brinkmann authored
Migrate all direct usage of __attribute__ to usage of their corresponding macros from cdefs.h. e.g.: - __attribute__((unused)) -> __unused Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
-
- 13 Jan, 2016 1 commit
-
-
Soby Mathew authored
This patch rearranges fields of the `image_desc_t` & `auth_img_desc_t` data structures to reduce padding between the fields and thereby save memory. NOTE: Platform ports which anonymously initialize these structures should be aware of the rearrangement and do the required modification. Change-Id: I428b5429632797b31d5bd306174599c07e24c060
-
- 05 Jan, 2016 1 commit
-
-
Sandrine Bailleux authored
By default ARM TF is built with the '-pedantic' compiler flag, which helps detecting violations of the C standard. However, the mbed TLS library and its associated authentication module in TF used to fail building with this compiler flag. As a workaround, the mbed TLS authentication module makefile used to set the 'DISABLE_PEDANTIC' TF build flag. The compiler errors flagged by '-pedantic' in the mbed TLS library have been fixed between versions 1.3.9 and 2.2.0 and the library now properly builds with this compiler flag. This patch fixes the remaining compiler errors in the mbed TLS authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF build flag. This means that TF is now always built with '-pedantic'. In particular, this patch: * Removes the final semi-colon in REGISTER_COT() macro. This semi-colon was causing the following error message: drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow extra ';' outside of a function [-Werror=pedantic] This has been fixed both in the mbed TLS authentication module as well as in the certificate generation tool. Note that the latter code didn't need fixing since it is not built with '-pedantic' but the change has been propagated for consistency. Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros, which were suffering from the same issue. * Fixes a pointer type. It was causing the following error message: drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash': drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith] Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d
-
- 10 Dec, 2015 1 commit
-
-
Juan Castillo authored
The mbed TLS library has introduced some changes in the API from the 1.3.x to the 2.x releases. Using the 2.x releases requires some changes to the crypto and transport modules. This patch updates both modules to the mbed TLS 2.x API. All references to the mbed TLS library in the code or documentation have been updated to 'mbed TLS'. Old references to PolarSSL have been updated to 'mbed TLS'. User guide updated to use mbed TLS 2.2.0. NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible. Applying this patch will require an mbed TLS 2.x release to be used. Also note that the mbed TLS license changed to Apache version 2.0. Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
-
- 25 Jun, 2015 2 commits
-
-
Juan Castillo authored
This patch adds the following mbedTLS based libraries: * Cryptographic library It is used by the crypto module to verify a digital signature and a hash. This library relies on mbedTLS to perform the cryptographic operations. mbedTLS sources must be obtained separately. Two key algorithms are currently supported: * RSA-2048 * ECDSA-SECP256R1 The platform is responsible for picking up the required algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the platform makefile. Available options are: * 'rsa' (for RSA-2048) (default option) * 'ecdsa' (for ECDSA-SECP256R1) Hash algorithm currently supported is SHA-256. * Image parser library Used by the image parser module to extract the authentication parameters stored in X509v3 certificates. Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
-
Juan Castillo authored
This patch adds the authentication framework that will be used as the base to implement Trusted Board Boot in the Trusted Firmware. The framework comprises the following modules: - Image Parser Module (IPM) This module is responsible for interpreting images, check their integrity and extract authentication information from them during Trusted Board Boot. The module currently supports three types of images i.e. raw binaries, X509v3 certificates and any type specific to a platform. An image parser library must be registered for each image type (the only exception is the raw image parser, which is included in the main module by default). Each parser library (if used) must export a structure in a specific linker section which contains function pointers to: 1. Initialize the library 2. Check the integrity of the image type supported by the library 3. Extract authentication information from the image - Cryptographic Module (CM) This module is responsible for verifying digital signatures and hashes. It relies on an external cryptographic library to perform the cryptographic operations. To register a cryptographic library, the library must use the REGISTER_CRYPTO_LIB macro, passing function pointers to: 1. Initialize the library 2. Verify a digital signature 3. Verify a hash Failing to register a cryptographic library will generate a build time error. - Authentication Module (AM) This module provides methods to authenticate an image, like hash comparison or digital signatures. It uses the image parser module to extract authentication parameters, the crypto module to perform cryptographic operations and the Chain of Trust to authenticate the images. The Chain of Trust (CoT) is a data structure that defines the dependencies between images and the authentication methods that must be followed to authenticate an image. The Chain of Trust, when added, must provide a header file named cot_def.h with the following definitions: - COT_MAX_VERIFIED_PARAMS Integer value indicating the maximum number of authentication parameters an image can present. This value will be used by the authentication module to allocate the memory required to load the parameters in the image descriptor. Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
-