1. 01 Jul, 2015 1 commit
    • Juan Castillo's avatar
      TBB: build 'cert_create' with ECDSA only if OpenSSL supports it · ed2a76ea
      Juan Castillo authored
      Some Linux distributions include an OpenSSL library which has been
      built without ECDSA support. Trying to build the certificate
      generation tool on those distributions will result in a build error.
      
      This patch fixes that issue by including ECDSA support only if
      OpenSSL has been built with ECDSA. In that case, the OpenSSL
      configuration file does not define the OPENSSL_NO_EC macro. The tool
      will build successfully, although the resulting binary will not
      support ECDSA keys.
      
      Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
      ed2a76ea
  2. 25 Jun, 2015 14 commits
    • danh-arm's avatar
      Merge pull request #315 from jcastillo-arm/jc/tbb_tmp9 · 84f95bed
      danh-arm authored
      Authentication Framework
      84f95bed
    • Juan Castillo's avatar
      TBB: add authentication framework documentation · d337aaaf
      Juan Castillo authored
      This patch updates the user guide, adding instructions to build the
      Trusted Firmware with Trusted Board Support using the new framework.
      
      It also provides documentation about the framework itself, including
      a detailed section about the TBBR implementation using the framework.
      
      Change-Id: I0849fce9c5294cd4f52981e7a8423007ac348ec6
      d337aaaf
    • Juan Castillo's avatar
      TBB: delete deprecated plat_match_rotpk() · f04585f3
      Juan Castillo authored
      The authentication framework deprecates plat_match_rotpk()
      in favour of plat_get_rotpk_info(). This patch removes
      plat_match_rotpk() from the platform port.
      
      Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
      f04585f3
    • Juan Castillo's avatar
      TBB: delete deprecated PolarSSL authentication module · 962f7c51
      Juan Castillo authored
      After updating the main authentication module to use the transport
      and crypto modules and the CoT description, the PolarSSL
      authentication module is no longer required. This patch deletes it.
      
      Change-Id: I8ba1e13fc1cc7b2fa9df14ff59eb798f0460b878
      962f7c51
    • Juan Castillo's avatar
      TBB: switch to the new authentication framework · 1779ba6b
      Juan Castillo authored
      This patch modifies the Trusted Board Boot implementation to use
      the new authentication framework, making use of the authentication
      module, the cryto module and the image parser module to
      authenticate the images in the Chain of Trust.
      
      A new function 'load_auth_image()' has been implemented. When TBB
      is enabled, this function will call the authentication module to
      authenticate parent images following the CoT up to the root of
      trust to finally load and authenticate the requested image.
      
      The platform is responsible for picking up the right makefiles to
      build the corresponding cryptographic and image parser libraries.
      ARM platforms use the mbedTLS based libraries.
      
      The platform may also specify what key algorithm should be used
      to sign the certificates. This is done by declaring the 'KEY_ALG'
      variable in the platform makefile. FVP and Juno use ECDSA keys.
      
      On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
      each to accommodate the ECDSA code.
      
      REMOVED BUILD OPTIONS:
      
        * 'AUTH_MOD'
      
      Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
      1779ba6b
    • Juan Castillo's avatar
      TBB: add ECDSA support to the certificate generation tool · ccbf890e
      Juan Castillo authored
      This patch extends the 'cert_create' tool to support ECDSA keys
      to sign the certificates. The '--key-alg' command line option
      can be used to specify the key algorithm when invoking the tool.
      Available options are:
      
          * 'rsa': create RSA-2048 keys (default option)
          * 'ecdsa': create ECDSA-SECP256R1 keys
      
      The TF Makefile has been updated to allow the platform to specify
      the key algorithm by declaring the 'KEY_ALG' variable in the
      platform makefile.
      
      The behaviour regarding key management has changed. After applying
      this patch, the tool will try first to open the keys from disk. If
      one key does not exist or no key is specified, and the command line
      option to create keys has been specified, new keys will be created.
      Otherwise an error will be generated and the tool will exit. This
      way, the user may specify certain keys while the tool will create
      the remaining ones. This feature is useful for testing purposes
      and CI infrastructures.
      
      The OpenSSL directory may be specified using the build option
      'OPENSSL_DIR' when building the certificate generation tool.
      Default is '/usr'.
      
      Change-Id: I98bcc2bfab28dd7179f17f1177ea7a65698df4e7
      ccbf890e
    • Juan Castillo's avatar
      TBB: add TBBR Chain of Trust · dff93c86
      Juan Castillo authored
      This patch adds a CoT based on the Trusted Board Boot Requirements
      document*. The CoT consists of an array of authentication image
      descriptors indexed by the image identifiers.
      
      A new header file with TBBR image identifiers has been added.
      Platforms that use the TBBR (i.e. ARM platforms) may reuse these
      definitions as part of their platform porting.
      
      PLATFORM PORT - IMPORTANT:
      
      Default image IDs have been removed from the platform common
      definitions file (common_def.h). As a consequence, platforms that
      used those common definitons must now either include the IDs
      provided by the TBBR header file or define their own IDs.
      
      *The NVCounter authentication method has not been implemented yet.
      
      Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
      dff93c86
    • Juan Castillo's avatar
      TBB: add mbedTLS authentication related libraries · 7d37aa17
      Juan Castillo authored
      This patch adds the following mbedTLS based libraries:
      
      * Cryptographic library
      
      It is used by the crypto module to verify a digital signature
      and a hash. This library relies on mbedTLS to perform the
      cryptographic operations. mbedTLS sources must be obtained
      separately.
      
      Two key algorithms are currently supported:
      
          * RSA-2048
          * ECDSA-SECP256R1
      
      The platform is responsible for picking up the required
      algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
      platform makefile. Available options are:
      
          * 'rsa' (for RSA-2048) (default option)
          * 'ecdsa' (for ECDSA-SECP256R1)
      
      Hash algorithm currently supported is SHA-256.
      
      * Image parser library
      
      Used by the image parser module to extract the authentication
      parameters stored in X509v3 certificates.
      
      Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0
      7d37aa17
    • Juan Castillo's avatar
      TBB: add authentication framework · 05799ae0
      Juan Castillo authored
      This patch adds the authentication framework that will be used as
      the base to implement Trusted Board Boot in the Trusted Firmware.
      The framework comprises the following modules:
      
      - Image Parser Module (IPM)
      
          This module is responsible for interpreting images, check
          their integrity and extract authentication information from
          them during Trusted Board Boot.
      
          The module currently supports three types of images i.e.
          raw binaries, X509v3 certificates and any type specific to
          a platform. An image parser library must be registered for
          each image type (the only exception is the raw image parser,
          which is included in the main module by default).
      
          Each parser library (if used) must export a structure in a
          specific linker section which contains function pointers to:
      
              1. Initialize the library
              2. Check the integrity of the image type supported by
                 the library
              3. Extract authentication information from the image
      
      - Cryptographic Module (CM)
      
          This module is responsible for verifying digital signatures
          and hashes. It relies on an external cryptographic library
          to perform the cryptographic operations.
      
          To register a cryptographic library, the library must use the
          REGISTER_CRYPTO_LIB macro, passing function pointers to:
      
              1. Initialize the library
              2. Verify a digital signature
              3. Verify a hash
      
          Failing to register a cryptographic library will generate
          a build time error.
      
      - Authentication Module (AM)
      
          This module provides methods to authenticate an image, like
          hash comparison or digital signatures. It uses the image parser
          module to extract authentication parameters, the crypto module
          to perform cryptographic operations and the Chain of Trust to
          authenticate the images.
      
          The Chain of Trust (CoT) is a data structure that defines the
          dependencies between images and the authentication methods
          that must be followed to authenticate an image.
      
      The Chain of Trust, when added, must provide a header file named
      cot_def.h with the following definitions:
      
      - COT_MAX_VERIFIED_PARAMS
      
          Integer value indicating the maximum number of authentication
          parameters an image can present. This value will be used by the
          authentication module to allocate the memory required to load
          the parameters in the image descriptor.
      
      Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
      05799ae0
    • Juan Castillo's avatar
      TBB: add platform API to read the ROTPK information · 95cfd4ad
      Juan Castillo authored
      This patch extends the platform port by adding an API that returns
      either the Root of Trust public key (ROTPK) or its hash. This is
      usually stored in ROM or eFUSE memory. The ROTPK returned must be
      encoded in DER format according to the following ASN.1 structure:
      
          SubjectPublicKeyInfo  ::=  SEQUENCE  {
              algorithm           AlgorithmIdentifier,
              subjectPublicKey    BIT STRING
          }
      
      In case the platform returns a hash of the key:
      
          DigestInfo  ::= SEQUENCE {
              digestAlgorithm     AlgorithmIdentifier,
              keyDigest           OCTET STRING
          }
      
      An implementation for ARM development platforms is provided in this
      patch. When TBB is enabled, the ROTPK hash location must be specified
      using the build option 'ARM_ROTPK_LOCATION'. Available options are:
      
          - 'regs' : return the ROTPK hash stored in the Trusted
            root-key storage registers.
      
          - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
            BL2 binaries. This hash has been obtained from the development
            RSA public key located in 'plat/arm/board/common/rotpk'.
      
      On FVP, the number of MMU tables has been increased to map and
      access the ROTPK registers.
      
      A new file 'board_common.mk' has been added to improve code sharing
      in the ARM develelopment platforms.
      
      Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
      95cfd4ad
    • Juan Castillo's avatar
      Use numbers to identify images instead of names · 16948ae1
      Juan Castillo authored
      The Trusted firmware code identifies BL images by name. The platform
      port defines a name for each image e.g. the IO framework uses this
      mechanism in the platform function plat_get_image_source(). For
      a given image name, it returns the handle to the image file which
      involves comparing images names. In addition, if the image is
      packaged in a FIP, a name comparison is required to find the UUID
      for the image. This method is not optimal.
      
      This patch changes the interface between the generic and platform
      code with regard to identifying images. The platform port must now
      allocate a unique number (ID) for every image. The generic code will
      use the image ID instead of the name to access its attributes.
      
      As a result, the plat_get_image_source() function now takes an image
      ID as an input parameter. The organisation of data structures within
      the IO framework has been rationalised to use an image ID as an index
      into an array which contains attributes of the image such as UUID and
      name. This prevents the name comparisons.
      
      A new type 'io_uuid_spec_t' has been introduced in the IO framework
      to specify images identified by UUID (i.e. when the image is contained
      in a FIP file). There is no longer need to maintain a look-up table
      [iname_name --> uuid] in the io_fip driver code.
      
      Because image names are no longer mandatory in the platform port, the
      debug messages in the generic code will show the image identifier
      instead of the file name. The platforms that support semihosting to
      load images (i.e. FVP) must provide the file names as definitions
      private to the platform.
      
      The ARM platform ports and documentation have been updated accordingly.
      All ARM platforms reuse the image IDs defined in the platform common
      code. These IDs will be used to access other attributes of an image in
      subsequent patches.
      
      IMPORTANT: applying this patch breaks compatibility for platforms that
      use TF BL1 or BL2 images or the image loading code. The platform port
      must be updated to match the new interface.
      
      Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
      16948ae1
    • Juan Castillo's avatar
      TBB: replace assert() with runtime checks in PolarSSL module · d5e0a933
      Juan Castillo authored
      Using assert() to check the length of keys and hashes included in
      a certificate is not a safe approach because assert() only applies
      to debug builds. A malformed certificate could exploit security
      flaws in release binaries due to buffer overflows.
      
      This patch replaces assert() with runtime checkings in the PolarSSL
      authentication module, so malformed certificates can not cause a
      memory overflow.
      
      Change-Id: I42ba912020595752c806cbd242fe3c74077d993b
      d5e0a933
    • Juan Castillo's avatar
      TBB: use ASN.1 type DigestInfo to represent hashes · c3da66b1
      Juan Castillo authored
      The cert_create tool calculates the hash of each BL image and includes
      it as an ASN.1 OCTET STRING in the corresponding certificate extension.
      Without additional information, the firmware running on the platform
      has to know in advance the algorithm used to generate the hash.
      
      This patch modifies the cert_create tool so the certificate extensions
      that include an image hash are generated according to the following
      ASN.1 structure:
      
          DigestInfo ::= SEQUENCE {
              digestAlgorithm  AlgorithmIdentifier,
              digest           OCTET STRING
          }
      
          AlgorithmIdentifier ::=  SEQUENCE  {
              algorithm        OBJECT IDENTIFIER,
              parameters       ANY DEFINED BY algorithm OPTIONAL
          }
      
      The PolarSSL module has been updated to extract the image hash
      from the certificate extension according to this structure.
      
      Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
      c3da66b1
    • Juan Castillo's avatar
      TBB: add build option to save private keys · fd34e7ba
      Juan Castillo authored
      This patch adds a boolean build option 'SAVE_KEYS' to indicate the
      certificate generation tool that it must save the private keys used
      to establish the chain of trust. This option depends on 'CREATE_KEYS'
      to be enabled. Default is '0' (do not save).
      
      Because the same filenames are used as outputs to save the keys,
      they are no longer a dependency to the cert_tool. This dependency
      has been removed from the Makefile.
      
      Documentation updated accordingly.
      
      Change-Id: I67ab1c2b1f8a25793f0de95e8620ce7596a6bc3b
      fd34e7ba
  3. 24 Jun, 2015 4 commits
  4. 22 Jun, 2015 1 commit
    • Varun Wadekar's avatar
      Add missing features to the Tegra GIC driver · e1e094c7
      Varun Wadekar authored
      
      
      In order to handle secure/non-secure interrupts, overload the plat_ic_*
      functions and copy GIC helper functions from arm_gic.c. Use arm_gic.c
      as the reference to add Tegra's GIC helper functions.
      
      Now that Tegra has its own GIC implementation, we have no use for
      plat_gic.c and arm_gic.c files.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e1e094c7
  5. 19 Jun, 2015 4 commits
  6. 18 Jun, 2015 4 commits
    • danh-arm's avatar
      Merge pull request #320 from danh-arm/rh/timer-api-v10 · 649591bb
      danh-arm authored
      Add delay timer API v10
      649591bb
    • Ryan Harkin's avatar
      FVP: Add SP804 delay timer · b49b3221
      Ryan Harkin authored
      
      
      Add SP804 delay timer support to the FVP BSP.
      
      This commit simply provides the 3 constants needed by the SP804
      delay timer driver and calls sp804_timer_init() in
      bl2_platform_setup(). The BSP does not currently use the delay
      timer functions.
      
      Note that the FVP SP804 is a normal world accessible peripheral
      and should not be used by the secure world after transition
      to the normal world.
      
      Change-Id: I5f91d2ac9eb336fd81943b3bb388860dfb5f2b39
      Co-authored-by: default avatarDan Handley <dan.handley@arm.com>
      b49b3221
    • Ryan Harkin's avatar
      Add SP804 delay timer driver · cc58b2d0
      Ryan Harkin authored
      
      
      Add a delay timer driver for the ARM SP804 dual timer.
      
      This driver only uses the first timer, called timer 1 in the
      SP804 Technical Reference Manual (ARM DDI 0271D).
      
      To use this driver, the BSP must provide three constants:
      
      *   The base address of the SP804 dual timer
      *   The clock multiplier
      *   The clock divider
      
      The BSP is responsible for calling sp804_timer_init(). The SP804
      driver instantiates a constant timer_ops_t and calls the generic
      timer_init().
      
      Change-Id: I49ba0a52bdf6072f403d1d0a20e305151d4bc086
      Co-authored-by: default avatarDan Handley <dan.handley@arm.com>
      cc58b2d0
    • danh-arm's avatar
      Merge pull request #319 from vwadekar/tegra-video-mem-aperture-v3 · 09aa0392
      danh-arm authored
      Reserve a Video Memory aperture in DRAM memory
      09aa0392
  7. 17 Jun, 2015 1 commit
    • Ryan Harkin's avatar
      Add a simple delay timer driver API · 9055c7d1
      Ryan Harkin authored
      
      
      The API is simple. The BSP or specific timer driver creates an
      instance of timer_ops_t, fills in the timer specific data, then calls
      timer_init(). The timer specific data includes a function pointer
      to return the timer value and a clock multiplier/divider. The ratio
      of the multiplier and the divider is the clock frequency in MHz.
      
      After that, mdelay() or udelay() can be called to delay execution for
      the specified time (milliseconds or microseconds, respectively).
      
      Change-Id: Icf8a295e1d25874f789bf28b7412156329dc975c
      Co-authored-by: default avatarDan Handley <dan.handley@arm.com>
      9055c7d1
  8. 12 Jun, 2015 2 commits
  9. 11 Jun, 2015 2 commits
  10. 09 Jun, 2015 4 commits
    • danh-arm's avatar
      Merge pull request #314 from sandrine-bailleux/sb/css-data-structs · 056904cb
      danh-arm authored
      Clarify some CSS data structures
      056904cb
    • danh-arm's avatar
      Merge pull request #312 from jcastillo-arm/jc/tf-issues/308 · 5720b280
      danh-arm authored
      Fix build option 'ARM_TSP_RAM_LOCATION' in user guide
      5720b280
    • Sandrine Bailleux's avatar
      CSS: Remove the constants MHU_SECURE_BASE/SIZE · fe55612b
      Sandrine Bailleux authored
      For CSS based platforms, the constants MHU_SECURE_BASE and
      MHU_SECURE_SIZE used to define the extents of the Trusted Mailboxes.
      As such, they were misnamed because the mailboxes are completely
      unrelated to the MHU hardware.
      
      This patch removes the MHU_SECURE_BASE and MHU_SECURE_SIZE #defines.
      The address of the Trusted Mailboxes is now relative to the base of
      the Trusted SRAM.
      
      This patch also introduces a new constant, SCP_COM_SHARED_MEM_BASE,
      which is the address of the first memory region used for communication
      between AP and SCP. This is used by the BOM and SCPI protocols.
      
      Change-Id: Ib200f057b19816bf05e834d111271c3ea777291f
      fe55612b
    • Sandrine Bailleux's avatar
      CSS: Clarify what the SCP boot config is · 9255da5f
      Sandrine Bailleux authored
      Add a comment explaining what the SCP boot configuration information
      is on CSS based platforms like Juno. Also express its address
      relatively to the base of the Trusted SRAM rather than hard-coding it.
      
      Change-Id: I82cf708a284c8b8212933074ea8c37bdf48b403b
      9255da5f
  11. 08 Jun, 2015 1 commit
    • Juan Castillo's avatar
      Fix build option 'ARM_TSP_RAM_LOCATION' in user guide · e5da24f7
      Juan Castillo authored
      The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide
      corresponds to the internal definition not visible to the final
      user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This
      patch fixes it.
      
      Fixes ARM-software/tf-issues#308
      
      Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
      e5da24f7
  12. 05 Jun, 2015 1 commit
  13. 04 Jun, 2015 1 commit
    • Sandrine Bailleux's avatar
      Introduce PROGRAMMABLE_RESET_ADDRESS build option · bf031bba
      Sandrine Bailleux authored
      This patch introduces a new platform build option, called
      PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has
      a programmable or fixed reset vector address.
      
      If the reset vector address is fixed then the code relies on the
      platform_get_entrypoint() mailbox mechanism to figure out where
      it is supposed to jump. On the other hand, if it is programmable
      then it is assumed that the platform code will program directly
      the right address into the RVBAR register (instead of using the
      mailbox redirection) so the mailbox is ignored in this case.
      
      Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
      bf031bba