1. 21 Jul, 2020 1 commit
  2. 25 Mar, 2020 1 commit
  3. 08 Mar, 2020 1 commit
  4. 06 Mar, 2020 1 commit
  5. 28 Jan, 2020 1 commit
  6. 12 Sep, 2019 2 commits
    • Justin Chadwell's avatar
      Remove RSA PKCS#1 v1.5 support from cert_tool · 6a415a50
      Justin Chadwell authored
      Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
      in SHA fe199e3b
      
      , however, cert_tool is still able to generate
      certificates in that form. This patch fully removes the ability for
      cert_tool to generate these certificates.
      
      Additionally, this patch also fixes a bug where the issuing certificate
      was a RSA and the issued certificate was EcDSA. In this case, the issued
      certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
      PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
      that PKCS#1 v1.5 support is removed, all certificates that are signed
      with RSA now use the more modern padding scheme.
      
      Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      6a415a50
    • Justin Chadwell's avatar
      Support larger RSA key sizes when using MBEDTLS · aacff749
      Justin Chadwell authored
      
      
      Previously, TF-A could not support large RSA key sizes as the
      configuration options passed to MBEDTLS prevented storing and performing
      calculations with the larger, higher-precision numbers required. With
      these changes to the arguments passed to MBEDTLS, TF-A now supports
      using 3072 (3K) and 4096 (4K) keys in certificates.
      
      Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
      Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
      aacff749
  7. 12 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Mbed TLS: Remove weak heap implementation · 2374ab17
      Ambroise Vincent authored
      
      
      The implementation of the heap function plat_get_mbedtls_heap() becomes
      mandatory for platforms supporting TRUSTED_BOARD_BOOT.
      
      The shared Mbed TLS heap default weak function implementation is
      converted to a helper function get_mbedtls_heap_helper() which can be
      used by the platforms for their own function implementation.
      
      Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
      Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      2374ab17
  8. 28 Feb, 2019 1 commit
  9. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  10. 28 Sep, 2018 1 commit
  11. 04 Sep, 2018 1 commit
    • John Tsichritzis's avatar
      Prepare Mbed TLS drivers for shared heap · 6d01a463
      John Tsichritzis authored
      
      
      The Mbed TLS drivers, in order to work, need a heap for internal usage.
      This heap, instead of being directly referenced by the drivers, now it
      is being accessed indirectly through a pointer. Also, the heap, instead
      of being part of the drivers, now it is being received through the
      plat_get_mbedtls_heap() function. This function requests a heap from the
      current BL image which utilises the Mbed TLS drivers.
      
      Those changes create the opportunity for the Mbed TLS heap to be shared
      among different images, thus saving memory. A default heap
      implementation is provided but it can be overridden by a platform
      specific, optimised implemenetation.
      
      Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      6d01a463
  12. 22 Aug, 2018 1 commit
  13. 03 Aug, 2018 3 commits
  14. 18 Jun, 2018 1 commit
  15. 13 Apr, 2018 1 commit
    • Roberto Vargas's avatar
      Fix MISRA rule 8.4 Part 4 · 3b94189a
      Roberto Vargas authored
      
      
      Rule 8.4: A compatible declaration shall be visible when
                an object or function with external linkage is defined
      
      Fixed for:
      	make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
      	     GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
      	     ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
      
      Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      3b94189a
  16. 18 Jan, 2018 1 commit
  17. 21 Nov, 2017 1 commit
  18. 22 Sep, 2017 2 commits
  19. 31 Aug, 2017 2 commits
    • Soby Mathew's avatar
      cert_tool: Support for legacy RSA PKCS#1 v1.5 · a8eb286a
      Soby Mathew authored
      
      
      This patch enables choice of RSA version at run time to be used for
      generating signatures by the cert_tool. The RSA PSS as defined in
      PKCS#1 v2.1 becomes the default version and this patch enables to specify
      the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
      -a option. Also, the build option `KEY_ALG` can be used to pass this
      option from the build system. Please note that RSA PSS is mandated
      by Trusted Board Boot requirements (TBBR) and legacy RSA support is
      being added for compatibility reasons.
      
      Fixes ARM-Software/tf-issues#499
      Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
      Co-Authored-By: default avatarEleanor Bonnici <Eleanor.bonnici@arm.com>
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      a8eb286a
    • Soby Mathew's avatar
      Export KEY_ALG as a user build option · 2091755c
      Soby Mathew authored
      
      
      The `KEY_ALG` variable is used to select the algorithm for key
      generation by `cert_create` tool for signing the certificates. This
      variable was previously undocumented and did not have a global default
      value. This patch corrects this and also adds changes to derive the
      value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
      platform. The corresponding assignment of these variables are also now
      removed from the `arm_common.mk` makefile.
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
      2091755c
  20. 12 Jul, 2017 1 commit
    • Isla Mitchell's avatar
      Fix order of #includes · 2a4b4b71
      Isla Mitchell authored
      
      
      This fix modifies the order of system includes to meet the ARM TF coding
      standard. There are some exceptions in order to retain header groupings,
      minimise changes to imported headers, and where there are headers within
      the #if and #ifndef statements.
      
      Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
      Signed-off-by: default avatarIsla Mitchell <isla.mitchell@arm.com>
      2a4b4b71
  21. 06 Jun, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Don't use tf_snprintf if option not defined · c46c18c5
      Antonio Nino Diaz authored
      
      
      If `MBEDTLS_PLATFORM_SNPRINTF_ALT` isn't used, the function
      `mbedtls_platform_set_snprintf()` isn't defined.
      
      In case a platform uses a different mbed TLS configuration file than
      the one provided by the Trusted Firmware, and it doesn't define the
      mentioned build option, this will result in a build error.
      
      This patch modifies the initialization code so that
      `mbedtls_platform_set_snprintf()` is only used if
      `MBEDTLS_PLATFORM_SNPRINTF_ALT` is defined, allowing platforms to use
      it or not depending on their needs.
      
      Change-Id: I1d5c86d57e9b2871ba463030bf89210ebec5178e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c46c18c5
  22. 05 Jun, 2017 2 commits
  23. 31 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Define optimized mbed TLS heap size · 05fd893e
      Antonio Nino Diaz authored
      
      
      mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()`
      to analyse the RAM usage of the library.
      
      When RSA is selected as algorithm, the maximum heap usage in FVP and
      Juno has been determined empirically to be approximately 5.5 KiB.
      However, The default heap size used when RSA is selected is 8 KiB.
      
      This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS
      sections of both BL1 and BL2 are 2 KiB smaller when the firmware is
      compiled with TBB support.
      
      Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      05fd893e
  24. 24 May, 2017 1 commit
    • Antonio Nino Diaz's avatar
      mbedtls: Use `tf_snprintf` instead of `snprintf` · ab1794f5
      Antonio Nino Diaz authored
      
      
      The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
      This subset internally uses `snprintf`, but the only format specifier
      used is '%d', which is supported by `tf_snprintf`.
      
      This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
      saving 3 KB in both debug and release builds when TBBR is enabled.
      
      Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      ab1794f5
  25. 12 May, 2017 2 commits
    • David Cunado's avatar
      mbedtls: Complete namespace for TF specific macros · 0aff7ad2
      David Cunado authored
      
      
      This patch renames MBEDTLS_KEY_ALG to TF_MBEDTLS_KEY_ALG. This
      completes the migration of TF specific macros so that they do not
      have the MBEDTLS_ suffix (see arm-trusted-firmware#874).
      
      Change-Id: Iad7632477e220b0af987c4db3cf52229fb127d00
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      0aff7ad2
    • David Cunado's avatar
      mbedtls: Namespace for TF specific macros · b1883510
      David Cunado authored
      
      
      An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
      macros to have a TBBR_ suffix to avoid any potential clash with future
      mbedtls macros.
      
      But on reflection the TBBR_ suffix could be confusing as the macros
      are used to drive TF-specific configuration of mbedtls. As such
      this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
      suffix which more accurately conveys their use.
      
      Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      b1883510
  26. 03 May, 2017 1 commit
  27. 22 Mar, 2017 1 commit
    • dp-arm's avatar
      mbedtls: Namespace TF specific macros · 66b4c166
      dp-arm authored
      
      
      These macros are not part of mbed TLS so they should not be prefixed
      with `MBEDTLS_` to avoid potential collision in the future. Use the
      `TBBR_` suffix to highlight that they only used in TF.
      
      `MBEDTLS_KEY_ALG` was not modified because that is documented and used
      by platforms to select the key algorithm.
      
      Change-Id: Ief224681715c481691c80810501830ce16e210b0
      Signed-off-by: default avatardp-arm <dimitris.papastamos@arm.com>
      66b4c166
  28. 16 Feb, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Revert "tbbr: Use constant-time bcmp() to compare hashes" · fabd21ad
      Antonio Nino Diaz authored
      This reverts commit b621fb50
      
      .
      
      Because of the Trusted Firmware design, timing-safe functions are not
      needed. Using them may be misleading as it could be interpreted as being
      a protection against private data leakage, which isn't the case here.
      
      For each image, the SHA-256 hash is calculated. Some padding is appended
      and the result is encrypted with a private key using RSA-2048. This is
      the signature of the image. The public key is stored along with BL1 in
      read-only memory and the encrypted hash is stored in the FIP.
      
      When authenticating an image, the TF decrypts the hash stored in the FIP
      and recalculates the hash of the image. If they don't match, the boot
      sequence won't continue.
      
      A constant-time comparison does not provide additional security as all
      the data involved in this process is already known to any attacker.
      There is no private data that can leaked through a timing attack when
      authenticating an image.
      
      `timingsafe_bcmp()` is kept in the codebase because it could be useful
      in the future.
      
      Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      fabd21ad
  29. 06 Feb, 2017 1 commit
    • Douglas Raillard's avatar
      Replace some memset call by zeromem · 32f0d3c6
      Douglas Raillard authored
      
      
      Replace all use of memset by zeromem when zeroing moderately-sized
      structure by applying the following transformation:
      memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x))
      
      As the Trusted Firmware is compiled with -ffreestanding, it forbids the
      compiler from using __builtin_memset and forces it to generate calls to
      the slow memset implementation. Zeromem is a near drop in replacement
      for this use case, with a more efficient implementation on both AArch32
      and AArch64.
      
      Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e
      Signed-off-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
      32f0d3c6
  30. 24 Jan, 2017 1 commit
    • Antonio Nino Diaz's avatar
      tbbr: Use constant-time bcmp() to compare hashes · b621fb50
      Antonio Nino Diaz authored
      
      
      To avoid timing side-channel attacks, it is needed to use a constant
      time memory comparison function when comparing hashes. The affected
      code only cheks for equality so it isn't needed to use any variant of
      memcmp(), bcmp() is enough.
      
      Also, timingsafe_bcmp() is as fast as memcmp() when the two compared
      regions are equal, so this change incurrs no performance hit in said
      case. In case they are unequal, the boot sequence wouldn't continue as
      normal, so performance is not an issue.
      
      Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b621fb50
  31. 19 Jan, 2017 1 commit
    • Antonio Nino Diaz's avatar
      Clear static variables in X509 parser on error · 51c5e1a2
      Antonio Nino Diaz authored
      
      
      In mbedtls_x509_parser.c there are some static arrays that are filled
      during the integrity check and then read whenever an authentication
      parameter is requested. However, they aren't cleared in case of an
      integrity check failure, which can be problematic from a security
      point of view. This patch clears these arrays in the case of failure.
      
      Change-Id: I9d48f5bc71fa13e5a75d6c45b5e34796ef13aaa2
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      51c5e1a2
  32. 06 Jan, 2017 1 commit
    • Masahiro Yamada's avatar
      TBB: fix comment about MBEDTLS_KEY_ALG default · a56f87c8
      Masahiro Yamada authored
      This comment block says the default algorithm is ESDSA, while the
      code obviously sets the default to RSA:
      
        ifeq (${MBEDTLS_KEY_ALG},)
            MBEDTLS_KEY_ALG            :=      rsa
        endif
      
      The git log of commit 7d37aa17
      
       ("TBB: add mbedTLS authentication
      related libraries") states available options are:
      
        * 'rsa' (for RSA-2048) (default option)
        * 'ecdsa' (for ECDSA-SECP256R1)
      
      So, my best guess is the comment block is wrong.
      
      The mismatch between the code and the comment is confusing. Fix it.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      a56f87c8
  33. 31 Mar, 2016 1 commit
    • Juan Castillo's avatar
      TBB: add non-volatile counter support · 48279d52
      Juan Castillo authored
      This patch adds support for non-volatile counter authentication to
      the Authentication Module. This method consists of matching the
      counter values provided in the certificates with the ones stored
      in the platform. If the value from the certificate is lower than
      the platform, the boot process is aborted. This mechanism protects
      the system against rollback.
      
      The TBBR CoT has been updated to include this method as part of the
      authentication process. Two counters are used: one for the trusted
      world images and another for the non trusted world images.
      
      ** NEW PLATFORM APIs (mandatory when TBB is enabled) **
      
      int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
      
          This API returns the non-volatile counter value stored
          in the platform. The cookie in the first argument may be
          used to select the counter in case the platform provides
          more than one (i.e. TBSA compliant platforms must provide
          trusted and non-trusted counters). This cookie is specified
          in the CoT.
      
      int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
      
          This API sets a new counter value. The cookie may be
          used to select the counter to be updated.
      
      An implementation of these new APIs for ARM platforms is also
      provided. The values are obtained from the Trusted Non-Volatile
      Counters peripheral. The cookie is used to pass the extension OID.
      This OID may be interpreted by the platform to know which counter
      must return. On Juno, The trusted and non-trusted counter values
      have been tied to 31 and 223, respectively, and cannot be modified.
      
      ** IMPORTANT **
      
      THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
      NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
      ORDER TO SUCCESSFULLY BUILD TF.
      
      Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
      48279d52