- 25 Jun, 2015 1 commit
-
-
Juan Castillo authored
The cert_create tool calculates the hash of each BL image and includes it as an ASN.1 OCTET STRING in the corresponding certificate extension. Without additional information, the firmware running on the platform has to know in advance the algorithm used to generate the hash. This patch modifies the cert_create tool so the certificate extensions that include an image hash are generated according to the following ASN.1 structure: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, digest OCTET STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } The PolarSSL module has been updated to extract the image hash from the certificate extension according to this structure. Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
-
- 28 Apr, 2015 1 commit
-
-
Dan Handley authored
Update the top level makefile to allow platform ports to exist in subdirectories at any level instead of one level under `plat/`. The makefile recursively searches for all files called `platform.mk` in all subdirectories of `plat/`. The directory containing `platform.mk` is the platform name. Platform names must be unique across the codebase. Replace usage of HELP_PLATFORMS in the Makefile with PLATFORMS since these are both used to report the same information back to the user. Update the TSP and cert_create tool makefiles in a similar way to support a deeper platform port directory structure. Also add PLAT_<plat_name> as a define passed through the top level makefile to the source files, to allow build time variation in common platform code. Change-Id: I213420164808c5ddb99a26144e8e3f141a7417b7
-
- 05 Mar, 2015 1 commit
-
-
Juan Castillo authored
This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so certificate signatures are generated according to the NSA Suite B cryptographic algorithm requirements. Documentation updated accordingly. Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
-
- 28 Jan, 2015 2 commits
-
-
Juan Castillo authored
This patch extends the FIP tool to include the certificates generated by the 'cert_create' tool. If GENERATE_COT build option is enabled, the Makefile adds the certificates as dependencies to create the FIP file. Thus, make target 'fip' will also build the certificates as part of the Trusted Firmware build process. Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
-
Juan Castillo authored
This patch adds a tool that generates all the necessary elements to establish the chain of trust (CoT) between the images. The tool reads the binary images and signing keys and outputs the corresponding certificates that will be used by the target at run time to verify the authenticity of the images. Note: the platform port must provide the file platform_oid.h. This file will define the OIDs of the x509 extensions that will be added to the certificates in order to establish the CoT. Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
-
- 10 Dec, 2014 1 commit
-
-
Kévin Petit authored
If one of the files passed to fip_create on the command line doesn't exist, it will print an error message but produce an incomplete fip.bin file and report success. This behaviour could potentially hide errors made in the command line arguments. This patch addresses the issue by having the tool bail out if one of the supplied files can't be processed. Signed-off-by: Kévin Petit <kevin.petit@arm.com> Fixes ARM-software/tf-issues#279 Change-Id: I1c7d87d09eb4c063005b7969bdaad1d043c29dec
-
- 26 Nov, 2014 1 commit
-
-
Sandrine Bailleux authored
The 'fiptool' target doesn't depend on fip_create's source files, neither directly nor indirectly. As a result, the FIP tool is not rebuilt whenever its source files change. This patch makes the ${FIPTOOL} target into a phony target so that the FIP tool's sub-makefile is always called. The sub-makefile correctly handles the dependencies. It also moves the completion message into the sub-makefile so that it is only displayed when the tool is actually recompiled. Fixes ARM-software/tf-issues#278 Change-Id: Ia027519fe51d3c42be30665d1ad20a7b89fa350f
-
- 19 May, 2014 1 commit
-
-
Harry Liebel authored
Provide some information about the expected use of BL3-0. Fixes ARM-software/tf-issues#144 Change-Id: I5c8d59a675578394be89481ae4ec39ca37522750
-
- 06 May, 2014 2 commits
-
-
Dan Handley authored
Add tag names to all unnamed structs in header files. This allows forward declaration of structs, which is necessary to reduce header file nesting (to be implemented in a subsequent commit). Also change the typedef names across the codebase to use the _t suffix to be more conformant with the Linux coding style. The coding style actually prefers us not to use typedefs at all but this is considered a step too far for Trusted Firmware. Also change the IO framework structs defintions to use typedef'd structs to be consistent with the rest of the codebase. Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
-
Dan Handley authored
Move almost all system include files to a logical sub-directory under ./include. The only remaining system include directories not under ./include are specific to the platform. Move the corresponding source files to match the include directory structure. Also remove pm.h as it is no longer used. Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
-
- 21 Mar, 2014 3 commits
-
-
Sandrine Bailleux authored
Previously to this path, the FIP tool used to print the following, misleading error message when called without any argument or with '--help' option: ERROR: Too many arguments This patch fixes this behavior by printing the following error message instead: ERROR: Missing FIP filename If called with '--help', no error message is printed and only the help message is displayed. Change-Id: Ib281b056f5cd3bc2f66d98be0b0cb2a0aed7c6a8
-
Sandrine Bailleux authored
Also improve the help message printed by the FIP tool. Change-Id: If0f802f1083458182ca8ce57e8c104d40eee0dbe
-
Sandrine Bailleux authored
This patch makes use of different values for '--dump' and other command-line options. This makes the code simpler and also optimises it a bit (because it avoids a string comparison). Change-Id: I1c8345f210074fc5f962ea0282fd3625775dec69
-
- 20 Feb, 2014 1 commit
-
-
Jeenu Viswambharan authored
At present the fip.bin depends on phony targets for BL images, resulting in unconditional remake of fip.bin. Also the build messages doesn't match with the rest of build system. This patch modifies the fip.bin dependencies to the actual BL binary images so that fip.bin is remade only when the component images are rebuilt/modified. The build messages and FIP Makefile are modified to match the style of rest of the build system. Change-Id: I8dd08666ff766d106820a5b4b037c2161bcf140f
-
- 17 Feb, 2014 1 commit
-
-
Harry Liebel authored
This tool can be used to create a Firmware Image Packages (FIP). These FIPs store a combined set of firmware images with a Table of Contents (ToC) that can be loaded by the firmware from platform storage. - Add uuid.h from FreeBSD. - Use symbolic links to shared headers otherwise unwanted headers and definitions are pulled in. - A FIP is created as part of the default FVP build. - A BL3-3 image(e.g. UEFI) must be provided. Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
-