1. 25 Jun, 2015 1 commit
    • Juan Castillo's avatar
      TBB: use ASN.1 type DigestInfo to represent hashes · c3da66b1
      Juan Castillo authored
      The cert_create tool calculates the hash of each BL image and includes
      it as an ASN.1 OCTET STRING in the corresponding certificate extension.
      Without additional information, the firmware running on the platform
      has to know in advance the algorithm used to generate the hash.
      
      This patch modifies the cert_create tool so the certificate extensions
      that include an image hash are generated according to the following
      ASN.1 structure:
      
          DigestInfo ::= SEQUENCE {
              digestAlgorithm  AlgorithmIdentifier,
              digest           OCTET STRING
          }
      
          AlgorithmIdentifier ::=  SEQUENCE  {
              algorithm        OBJECT IDENTIFIER,
              parameters       ANY DEFINED BY algorithm OPTIONAL
          }
      
      The PolarSSL module has been updated to extract the image hash
      from the certificate extension according to this structure.
      
      Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
      c3da66b1
  2. 28 Apr, 2015 1 commit
    • Dan Handley's avatar
      Allow deeper platform port directory structure · c04d2606
      Dan Handley authored
      Update the top level makefile to allow platform ports to exist in
      subdirectories at any level instead of one level under `plat/`. The
      makefile recursively searches for all files called `platform.mk` in
      all subdirectories of `plat/`. The directory containing
      `platform.mk` is the platform name. Platform names must be unique
      across the codebase.
      
      Replace usage of HELP_PLATFORMS in the Makefile with PLATFORMS since
      these are both used to report the same information back to the user.
      
      Update the TSP and cert_create tool makefiles in a similar way
      to support a deeper platform port directory structure.
      
      Also add PLAT_<plat_name> as a define passed through the top level
      makefile to the source files, to allow build time variation in common
      platform code.
      
      Change-Id: I213420164808c5ddb99a26144e8e3f141a7417b7
      c04d2606
  3. 05 Mar, 2015 1 commit
    • Juan Castillo's avatar
      TBB: use SHA256 to generate the certificate signatures · ea4ec3aa
      Juan Castillo authored
      This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
      certificate signatures are generated according to the NSA Suite B
      cryptographic algorithm requirements.
      
      Documentation updated accordingly.
      
      Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
      ea4ec3aa
  4. 28 Jan, 2015 2 commits
    • Juan Castillo's avatar
      TBB: add support to include certificates in a FIP image · b7124ea7
      Juan Castillo authored
      This patch extends the FIP tool to include the certificates
      generated by the 'cert_create' tool.
      
      If GENERATE_COT build option is enabled, the Makefile adds the
      certificates as dependencies to create the FIP file. Thus, make
      target 'fip' will also build the certificates as part of the
      Trusted Firmware build process.
      
      Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
      b7124ea7
    • Juan Castillo's avatar
      TBB: add tool to generate certificates · 6f971622
      Juan Castillo authored
      This patch adds a tool that generates all the necessary elements
      to establish the chain of trust (CoT) between the images.
      
      The tool reads the binary images and signing keys and outputs the
      corresponding certificates that will be used by the target at run
      time to verify the authenticity of the images.
      
      Note: the platform port must provide the file platform_oid.h. This
      file will define the OIDs of the x509 extensions that will be added
      to the certificates in order to establish the CoT.
      
      Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
      6f971622
  5. 10 Dec, 2014 1 commit
    • Kévin Petit's avatar
      fip_create: don't succeed if one of the passed files doesn't exist · 38410f80
      Kévin Petit authored
      
      
      If one of the files passed to fip_create on the command line doesn't
      exist, it will print an error message but produce an incomplete
      fip.bin file and report success. This behaviour could potentially
      hide errors made in the command line arguments.
      
      This patch addresses the issue by having the tool bail out if one of
      the supplied files can't be processed.
      Signed-off-by: default avatarKévin Petit <kevin.petit@arm.com>
      
      Fixes ARM-software/tf-issues#279
      
      Change-Id: I1c7d87d09eb4c063005b7969bdaad1d043c29dec
      38410f80
  6. 26 Nov, 2014 1 commit
    • Sandrine Bailleux's avatar
      Fix problem of dependencies on the fiptool makefile target · 07deed40
      Sandrine Bailleux authored
      The 'fiptool' target doesn't depend on fip_create's source files,
      neither directly nor indirectly. As a result, the FIP tool is not
      rebuilt whenever its source files change.
      
      This patch makes the ${FIPTOOL} target into a phony target so that the
      FIP tool's sub-makefile is always called. The sub-makefile correctly
      handles the dependencies. It also moves the completion message into
      the sub-makefile so that it is only displayed when the tool is
      actually recompiled.
      
      Fixes ARM-software/tf-issues#278
      
      Change-Id: Ia027519fe51d3c42be30665d1ad20a7b89fa350f
      07deed40
  7. 19 May, 2014 1 commit
    • Harry Liebel's avatar
      Improve BL3-0 documentation · 36eb6a75
      Harry Liebel authored
      Provide some information about the expected use of BL3-0.
      
      Fixes ARM-software/tf-issues#144
      
      Change-Id: I5c8d59a675578394be89481ae4ec39ca37522750
      36eb6a75
  8. 06 May, 2014 2 commits
    • Dan Handley's avatar
      Always use named structs in header files · fb037bfb
      Dan Handley authored
      Add tag names to all unnamed structs in header files. This
      allows forward declaration of structs, which is necessary to
      reduce header file nesting (to be implemented in a subsequent
      commit).
      
      Also change the typedef names across the codebase to use the _t
      suffix to be more conformant with the Linux coding style. The
      coding style actually prefers us not to use typedefs at all but
      this is considered a step too far for Trusted Firmware.
      
      Also change the IO framework structs defintions to use typedef'd
      structs to be consistent with the rest of the codebase.
      
      Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
      fb037bfb
    • Dan Handley's avatar
      Move include and source files to logical locations · 4ecca339
      Dan Handley authored
      Move almost all system include files to a logical sub-directory
      under ./include. The only remaining system include directories
      not under ./include are specific to the platform. Move the
      corresponding source files to match the include directory
      structure.
      
      Also remove pm.h as it is no longer used.
      
      Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
      4ecca339
  9. 21 Mar, 2014 3 commits
    • Sandrine Bailleux's avatar
      FIP tool: Fix error message for missing FIP filename · 399aacd6
      Sandrine Bailleux authored
      Previously to this path, the FIP tool used to print the following,
      misleading error message when called without any argument or with
      '--help' option:
      
        ERROR: Too many arguments
      
      This patch fixes this behavior by printing the following error
      message instead:
      
        ERROR: Missing FIP filename
      
      If called with '--help', no error message is printed and only the
      help message is displayed.
      
      Change-Id: Ib281b056f5cd3bc2f66d98be0b0cb2a0aed7c6a8
      399aacd6
    • Sandrine Bailleux's avatar
      FIP tool: Add support for '--help' option. · 89f7b481
      Sandrine Bailleux authored
      Also improve the help message printed by the FIP tool.
      
      Change-Id: If0f802f1083458182ca8ce57e8c104d40eee0dbe
      89f7b481
    • Sandrine Bailleux's avatar
      FIP tool: Small optimisation for option parsing · 12b99ca6
      Sandrine Bailleux authored
      This patch makes use of different values for '--dump' and other
      command-line options. This makes the code simpler and also
      optimises it a bit (because it avoids a string comparison).
      
      Change-Id: I1c8345f210074fc5f962ea0282fd3625775dec69
      12b99ca6
  10. 20 Feb, 2014 1 commit
    • Jeenu Viswambharan's avatar
      Cleanup FIP build targets and messages · 2f2cef46
      Jeenu Viswambharan authored
      At present the fip.bin depends on phony targets for BL images, resulting
      in unconditional remake of fip.bin. Also the build messages doesn't
      match with the rest of build system.
      
      This patch modifies the fip.bin dependencies to the actual BL binary
      images so that fip.bin is remade only when the component images are
      rebuilt/modified. The build messages and FIP Makefile are modified to
      match the style of rest of the build system.
      
      Change-Id: I8dd08666ff766d106820a5b4b037c2161bcf140f
      2f2cef46
  11. 17 Feb, 2014 1 commit
    • Harry Liebel's avatar
      Add Firmware Image Package creation tool · f58ad36f
      Harry Liebel authored
      This tool can be used to create a Firmware Image Packages (FIP). These
      FIPs store a combined set of firmware images with a Table of Contents
      (ToC) that can be loaded by the firmware from platform storage.
      
      - Add uuid.h from FreeBSD.
      - Use symbolic links to shared headers otherwise unwanted headers and
        definitions are pulled in.
      - A FIP is created as part of the default FVP build.
      - A BL3-3 image(e.g. UEFI) must be provided.
      
      Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
      f58ad36f