2019-09-12 |
Remove RSA PKCS#1 v1.5 support from cert_tool
...
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.
Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.
Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
Add cert_create tool support for RSA key sizes
...
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.
Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
2019-09-05 |
meson: Rename platform directory to amlogic
...
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
Carlo Caione
committed
on 5 Sep 2019
|
2019-08-16 |
Reduce the number of memory leaks in cert_create
...
The valgrind checks for cert_create have not been run in a long while -
as such there are a few memory leaks present. This patch fixes a few of
the major ones reported by valgrind. However, a few do remain.
Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 16 Aug 2019
|
2019-07-02 |
tools/fiptool: Add Makefile.msvc to build on Windows.
...
This change adds nmake compatible Makefile.msvc file for
building (nmake /FMakefile.msvc) fiptool on the Windows.
Change-Id: Iccd1fe8da072edd09eb04b8622f27b3c4693b281
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Girish Pathak
committed
on 2 Jul 2019
|
2019-04-02 |
meson/gxl: Add tool to create bl31 bootable images
...
GXL platforms need to have a specific header at the beginning of bl31
image to be able to boot. This adds a tool to create that and calls it at
build time.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Remi Pommarel
committed
on 2 Apr 2019
|
2019-04-01 |
rcar_gen3: plat: Add initial D3 support
...
Add R-Car D3 SoC platform specifics. Driver, PFC, QoS, DDR init code
will be added separately.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Marek Vasut
committed
on 1 Apr 2019
|
2019-03-12 |
tools: Remove TODO from fiptool
...
It is quite unlikely that this number will ever change and, if it
does need to change, we should have a good reason to do so. It
seems that this comment is now redundant.
Change-Id: I409c764080748e338e9bc5606bbdcc475213fb6e
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
committed
on 12 Mar 2019
|
tools: Remove unused cert_create defines
...
Change-Id: Iea72ef9ba16325cbce07eea1a975d2a96eede274
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Paul Beesley
committed
on 12 Mar 2019
|
2019-01-29 |
tools/fiptool: Fix UUID parsing in blob handling
...
Commit 033648652f ("Make TF UUID RFC 4122 compliant") changed the scanf
parsing string to handle endianness correctly.
However that changed the number of items sscanf handles, without
adjusting the sanity check just below.
Increase the expected return value from 11 to 16 to let fiptool handle
UUIDs given as blob parameters correctly again.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
committed
on 29 Jan 2019
|
2018-12-11 |
SPM: sptool: Introduce tool to package SP and RD
...
This tool packages Secure Partitions and Resource Descriptor blobs into
a simple file that can be loaded by SPM.
Change-Id: If3800064f30bdc3d7fc6a15ffbb3007ef632bcaa
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 11 Dec 2018
|
2018-11-08 |
Standardise header guards across codebase
...
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.
The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.
The exceptions are files that are imported from other projects:
- CryptoCell driver
- dt-bindings folders
- zlib headers
Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Nov 2018
|
2018-11-01 |
Merge pull request #1623 from MISL-EBU-System-SW/a3700-support
...
Add support for Armada 3700 and COMPHY porting layer
Antonio Niño Díaz
authored
on 1 Nov 2018
GitHub
committed
on 1 Nov 2018
|
2018-10-22 |
tools: Move doimage to marvell folder for future add-ons
...
Move doimage utility from toos/doimage to tools/marvell/doimage.
This is done for supporting mode Marvell tools in the future.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Konstantin Porotchkin
committed
on 22 Oct 2018
|
2018-10-18 |
Merge pull request #1632 from Yann-lms/stm32mp1_mmc
...
Add MMC support for STM32MP1
Soby Mathew
authored
on 18 Oct 2018
GitHub
committed
on 18 Oct 2018
|
2018-10-17 |
rcar-gen3: initial commit for the rcar-gen3 boards
...
Reference code:
==============
rar_gen3: IPL and Secure Monitor Rev1.0.22
https://github.com/renesas-rcar/arm-trusted-firmware [rcar_gen3]
Author: Takuya Sakata <takuya.sakata.wz@bp.renesas.com>
Date: Thu Aug 30 21:26:41 2018 +0900
Update IPL and Secure Monitor Rev1.0.22
General Information:
===================
This port has been tested on the Salvator-X Soc_id r8a7795 revision
ES1.1 (uses an SPD).
Build Tested:
-------------
ATFW_OPT="LSI=H3 RCAR_DRAM_SPLIT=1 RCAR_LOSSY_ENABLE=1"
MBEDTLS_DIR=$mbedtls
$ make clean bl2 bl31 rcar PLAT=rcar ${ATFW_OPT} SPD=opteed
Other dependencies:
------------------
* mbed_tls:
git@github.com:ARMmbed/mbedtls.git [devel]
Merge: 68dbc94 f34a4c1
Author: Simon Butcher <simon.butcher@arm.com>
Date: Thu Aug 30 00:57:28 2018 +0100
* optee_os:
https://github.com/BayLibre/optee_os
Until it gets merged into OP-TEE, the port requires Renesas' Trusted
Environment with a modification to support power management.
Author: Jorge Ramirez-Ortiz <jramirez@baylibre.com>
Date: Thu Aug 30 16:49:49 2018 +0200
plat-rcar: cpu-suspend: handle the power level
Signed-off-by: Jorge Ramirez-Ortiz <jramirez@baylibre.com>
* u-boot:
The port has beent tested using mainline uboot.
Author: Fabio Estevam <festevam@gmail.com>
Date: Tue Sep 4 10:23:12 2018 -0300
*linux:
The port has beent tested using mainline kernel.
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Sep 16 11:52:37 2018 -0700
Linux 4.19-rc4
Overview
---------
BOOTROM starts the cpu at EL3; In this port BL2 will therefore be entered
at this exception level (the Renesas' ATF reference tree [1] resets into
EL1 before entering BL2 - see its bl2.ld.S)
BL2 initializes DDR (and i2c to talk to the PMIC on some platforms)
before determining the boot reason (cold or warm).
During suspend all CPUs are switched off and the DDR is put in
backup mode (some kind of self-refresh mode). This means that BL2 is
always entered in a cold boot scenario.
Once BL2 boots, it determines the boot reason, writes it to shared
memory (BOOT_KIND_BASE) together with the BL31 parameters
(PARAMS_BASE) and jumps to BL31.
To all effects, BL31 is as if it is being entered in reset mode since
it still needs to initialize the rest of the cores; this is the reason
behind using direct shared memory access to BOOT_KIND_BASE and
PARAMS_BASE instead of using registers to get to those locations (see
el3_common_macros.S and bl31_entrypoint.S for the RESET_TO_BL31 use
case).
Depending on the boot reason BL31 initializes the rest of the cores:
in case of suspend, it uses a MBOX memory region to recover the
program counters.
[1] https://github.com/renesas-rcar/arm-trusted-firmware
Tests
-----
* cpuidle
-------
enable kernel's cpuidle arm_idle driver and boot
* system suspend
--------------
$ cat suspend.sh
#!/bin/bash
i2cset -f -y 7 0x30 0x20 0x0F
read -p "Switch off SW23 and press return " foo
echo mem > /sys/power/state
* cpu hotplug:
------------
$ cat offline.sh
#!/bin/bash
nbr=$1
echo 0 > /sys/devices/system/cpu/cpu$nbr/online
printf "ONLINE: " && cat /sys/devices/system/cpu/online
printf "OFFLINE: " && cat /sys/devices/system/cpu/offline
$ cat online.sh
#!/bin/bash
nbr=$1
echo 1 > /sys/devices/system/cpu/cpu$nbr/online
printf "ONLINE: " && cat /sys/devices/system/cpu/online
printf "OFFLINE: " && cat /sys/devices/system/cpu/offline
Signed-off-by: ldts <jramirez@baylibre.com>
Jorge Ramirez-Ortiz
authored
on 23 Sep 2018
ldts
committed
on 17 Oct 2018
|
2018-10-15 |
stm32mp1: update platform files to use MMC devices
...
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Yann Gautier
committed
on 15 Oct 2018
|
2018-10-10 |
Merge pull request #1612 from antonio-nino-diaz-arm/an/tools
...
tools: Make invocation of host compiler correct
Soby Mathew
authored
on 10 Oct 2018
GitHub
committed
on 10 Oct 2018
|
Merge pull request #1489 from teknoraver/master
...
doimage: get rid of non null terminated strings by strncpy
Soby Mathew
authored
on 10 Oct 2018
GitHub
committed
on 10 Oct 2018
|
2018-10-04 |
tools: Make invocation of host compiler correct
...
HOSTCC should be used in any of the tools inside the tools/ directory
instead of CC. That way it is possible to override both values from the
command line when building the Trusted Firmware and the tools at the
same time. Also, use HOSTCCFLAGS instead of CFLAGS.
Also, instead of printing the strings CC and LD in the console during
the compilation of the tools, HOSTCC and HOSTLD have to be used for
clarity. This is how it is done in other projects like U-Boot or Linux.
Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 4 Oct 2018
|
2018-10-03 |
tools: Fix broken object compilation rules
...
As these rules depend on non-existing headers as well (likely copy &
pasted from fiptool), they never matched, and the built-in rules were
used. That led to random breakages when e.g. CPPFLAGS was suddenly
evaluated and contained invalid options.
For the stm32image, this reveals that we were relying on the built-in
rules by passing -D_GNU_SOURCE via CPPFLAGS, rather than using CFLAGS as
used in the local rule. Fix that as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka
authored
on 2 Oct 2018
Konstantin Porotchkin
committed
on 3 Oct 2018
|
2018-09-28 |
fip_create: Remove fip_create compatibility script
...
A compatibility script has been provided for about 2 years. Users should
have migrated to fiptool by now so remove the compat script.
Change-Id: I643e0c40a9e3fb428bad3be04a82cb431aad74dc
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
dp-arm
authored
on 30 Dec 2016
Antonio Nino Diaz
committed
on 28 Sep 2018
|
2018-09-23 |
doimage: get rid of non null terminated strings by strncpy
...
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Matteo Croce
committed
on 23 Sep 2018
|
2018-09-03 |
fix: tools: Fix doimage syntax breaking secure mode build
...
Missing ")" in fprintf causing build break in secure boot mode.
Change-Id: Ice555571683b68bb0d81479e9fc8abc4296809ac
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Konstantin Porotchkin
committed
on 3 Sep 2018
|
tools: doimage: Add secure image key file examples
...
Add example keys for building trusted flash images using
doimage tools.
Similar files can be generated using openssl or mbedtls.
Marvell platform make files are using trusted boot
configurations from this example etst vector.
Change-Id: I38a2e295171bee4c14005ce6f020b352c683496e
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Konstantin Porotchkin
committed
on 3 Sep 2018
|
2018-07-24 |
tools: Add stm32image tool into TF-A
...
This tools adds a specific header to ST TF-A binary.
This header is used by STM32MP1 ROM code to check the bootloader.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Yann Gautier
committed
on 24 Jul 2018
|
2018-07-19 |
Merge pull request #1450 from MISL-EBU-System-SW/marvell-support-v6
...
Marvell support for Armada 8K SoC family
danh-arm
authored
on 19 Jul 2018
GitHub
committed
on 19 Jul 2018
|
2018-07-18 |
tools: add support for Marvell doimage
...
Add Marvell "doimage" utility support.
The "doimage" utility allows to create flash images compatible
with Marvell BootROM image format. Additionally this tool
allows the flash image parsing and verification.
Change-Id: Ie8d7ccd0cc2978684e7eecb695f375395fc749ee
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Konstantin Porotchkin
committed
on 18 Jul 2018
|
2018-07-06 |
tools/cert_create: fix makefile to build build_msg.o by HOSTCC
...
Previously build_msg.o is built by CC. It causes FTBFS when CC
is not equal to HOSTCC.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Ying-Chun Liu (PaulLiu)
committed
on 6 Jul 2018
|
2018-06-27 |
make_cert: return error when invalid options are used
...
Print_help was used in different contexts and returning no
error in that function was hiding the error when incorrect
options were used.
Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 27 Jun 2018
|