Commits · dcbf3932fd58537695dfcd8ccacb1a76fd193b48 · adam.huang / Arm Trusted Firmware

22 Sep, 2017 2 commits

Dynamic selection of ECDSA or RSA · dcbf3932

Qixiang Xu authored Aug 24, 2017



Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects
rsa or ecdsa depending on the certificate used.

Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

dcbf3932

Add support for TBBR using ECDSA keys in ARM platforms · 9db9c65a

Qixiang Xu authored Aug 24, 2017



    - fixed compile error when KEY_ALG=ecdsa
    - add new option ecdsa for TF_MBEDTLS_KEY_ALG
    - add new option devel_ecdsa for ARM_ROTPK_LOCATION
    - add ecdsa key at plat/arm/board/common/rotpk/
    - reduce the mbedtls heap memory size to 13k

Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

9db9c65a

12 Jul, 2017 1 commit

Fix order of #includes · 2a4b4b71

Isla Mitchell authored Jul 11, 2017



This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

2a4b4b71

05 Jun, 2017 1 commit

Add support for RSASSAPSS algorithm in mbedtls crypto driver · 1001202d

Soby Mathew authored May 31, 2017



This patch adds support for RSASSA-PSS Signature Algorithm for
X509 certificates in mbedtls crypto driver. Now the driver supports
RSA PKCS2_1 standard as mandated by TBBR.

NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
is deprecated.

Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

1001202d

24 May, 2017 1 commit

mbedtls: Use `tf_snprintf` instead of `snprintf` · ab1794f5

Antonio Nino Diaz authored May 19, 2017

The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
This subset internally uses `snprintf`, but the only format specifier
used is '%d', which is supported by `tf_snprintf`.

This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
saving 3 KB in both debug and release builds when TBBR is enabled.

Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

ab1794f5

12 May, 2017 1 commit

mbedtls: Namespace for TF specific macros · b1883510

David Cunado authored May 10, 2017



An earlier patch (arm-trusted-firmware#874) migrated MBEDTLS_ suffixed
macros to have a TBBR_ suffix to avoid any potential clash with future
mbedtls macros.

But on reflection the TBBR_ suffix could be confusing as the macros
are used to drive TF-specific configuration of mbedtls. As such
this patch migrates these macros from TBBR_suffix to TF_MBEDTLS_
suffix which more accurately conveys their use.

Change-Id: Ic87642b653ceeaa03d62f724976abd5e12e867d4
Signed-off-by: David Cunado <david.cunado@arm.com>

b1883510

03 May, 2017 1 commit

Use SPDX license identifiers · 82cb2c1a

dp-arm authored May 03, 2017

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/



Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

82cb2c1a

22 Mar, 2017 1 commit

mbedtls: Namespace TF specific macros · 66b4c166

dp-arm authored Mar 07, 2017



These macros are not part of mbed TLS so they should not be prefixed
with `MBEDTLS_` to avoid potential collision in the future. Use the
`TBBR_` suffix to highlight that they only used in TF.

`MBEDTLS_KEY_ALG` was not modified because that is documented and used
by platforms to select the key algorithm.

Change-Id: Ief224681715c481691c80810501830ce16e210b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

66b4c166

10 Dec, 2015 1 commit

Move up to mbed TLS 2.x · 649dbf6f

Juan Castillo authored Nov 05, 2015

The mbed TLS library has introduced some changes in the API from
the 1.3.x to the 2.x releases. Using the 2.x releases requires
some changes to the crypto and transport modules.

This patch updates both modules to the mbed TLS 2.x API.

All references to the mbed TLS library in the code or documentation
have been updated to 'mbed TLS'. Old references to PolarSSL have
been updated to 'mbed TLS'.

User guide updated to use mbed TLS 2.2.0.

NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
Applying this patch will require an mbed TLS 2.x release to be used.
Also note that the mbed TLS license changed to Apache version 2.0.

Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4

649dbf6f

25 Jun, 2015 1 commit

TBB: add mbedTLS authentication related libraries · 7d37aa17

Juan Castillo authored Apr 02, 2015

This patch adds the following mbedTLS based libraries:

* Cryptographic library

It is used by the crypto module to verify a digital signature
and a hash. This library relies on mbedTLS to perform the
cryptographic operations. mbedTLS sources must be obtained
separately.

Two key algorithms are currently supported:

    * RSA-2048
    * ECDSA-SECP256R1

The platform is responsible for picking up the required
algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
platform makefile. Available options are:

    * 'rsa' (for RSA-2048) (default option)
    * 'ecdsa' (for ECDSA-SECP256R1)

Hash algorithm currently supported is SHA-256.

* Image parser library

Used by the image parser module to extract the authentication
parameters stored in X509v3 certificates.

Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0

7d37aa17