2020-03-25 |
FVP: Add BL2 hash calculation in BL1
...
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 25 Mar 2020
|
2020-03-10 |
Merge "Necessary fix in drivers to upgrade to mbedtls-2.18.0" into integration
Mark Dykes
authored
on 10 Mar 2020
TrustedFirmware Code Review
committed
on 10 Mar 2020
|
Merge changes from topic "sb/dualroot" into integration
...
* changes:
Build system: Changes to drive cert_create for dualroot CoT
cert_create: Define the dualroot CoT
Introduce a new "dualroot" chain of trust
Sandrine Bailleux
authored
on 10 Mar 2020
TrustedFirmware Code Review
committed
on 10 Mar 2020
|
2020-03-08 |
Necessary fix in drivers to upgrade to mbedtls-2.18.0
...
Include x509.h header file explicitly. Update docs.
Change-Id: If2e52c2cd3056654406b7b6779b67eea5cc04a48
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 8 Mar 2020
|
2020-03-06 |
drivers: crypto: Add authenticated decryption framework
...
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
Sumit Garg
committed
on 6 Mar 2020
|
2020-02-24 |
Introduce a new "dualroot" chain of trust
...
This new chain of trust defines 2 independent signing domains:
1) One for the silicon firmware (BL1, BL2, BL31) and optionally the
Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR
CoT.
2) One for the Normal World Bootloader (BL33). It is rooted in a new key
called Platform ROTPK, or PROTPK for short.
In terms of certificates chain,
- Signing domain 1) is similar to what TBBR advocates (see page 21 of
the TBBR specification), except that the Non-Trusted World Public Key
has been removed from the Trusted Key Certificate.
- Signing domain 2) only contains the Non-Trusted World Content
certificate, which provides the hash of the Non-Trusted World
Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World
Key certificate for simplicity.
Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 24 Feb 2020
|
2020-02-18 |
TBBR: Reduce size of hash buffers when possible
...
The TBBR implementation extracts hashes from certificates and stores
them in static buffers. TF-A supports 3 variants of SHA right now:
SHA-256, SHA-384 and SHA-512. When support for SHA-512 was added in
commit 9a3088a ("tbbr: Add build flag
HASH_ALG to let the user to select the SHA"), the hash buffers got
unconditionally increased from 51 to 83 bytes each. We can reduce that
space if we're using SHA-256 or SHA-384.
This saves some BSS space in both BL1 and BL2:
- BL1 with SHA-256: saving 168 bytes.
- BL1 with SHA-384: saving 80 bytes.
- BL2 with SHA-256: saving 384 bytes.
- BL2 with SHA-384: saving 192 bytes.
Change-Id: I0d02e5dc5f0162e82339c768609c9766cfe7e2bd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 18 Feb 2020
|
TBBR: Reduce size of ECDSA key buffers
...
The TBBR implementation extracts public keys from certificates and
stores them in static buffers. DER-encoded ECDSA keys are only 91 bytes
each but were each allocated 294 bytes instead. Reducing the size of
these buffers saves 609 bytes of BSS in BL2 (294 - 91 = 203 bytes for
each of the 3 key buffers in use).
Also add a comment claryfing that key buffers are tailored on RSA key
sizes when both ECDSA and RSA keys are used.
Change-Id: Iad332856e7af1f9814418d012fba3e1e9399f72a
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 18 Feb 2020
|
2020-02-07 |
fconf: initial commit
...
Introduce the Firmware CONfiguration Framework (fconf).
The fconf is an abstraction layer for platform specific data, allowing
a "property" to be queried and a value retrieved without the requesting
entity knowing what backing store is being used to hold the data.
The default backing store used is C structure. If another backing store
has to be used, the platform integrator needs to provide a "populate()"
function to fill the corresponding C structure.
The "populate()" function must be registered to the fconf framework with
the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
be called inside the "fconf_populate()" function.
A two level macro is used as getter:
- the first macro takes 3 parameters and converts it to a function
call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
- the second level defines a__b_getter(c) to the matching C structure,
variable, array, function, etc..
Ex: Get a Chain of trust property:
1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]
Change-Id: Id394001353ed295bc680c3f543af0cf8da549469
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 7 Feb 2020
|
2020-02-04 |
Coverity: remove unnecessary header file includes
...
This patch removes unnecessary header file includes
discovered by Coverity HFA option.
Change-Id: I2827c37c1c24866c87db0e206e681900545925d4
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Zelalem
committed
on 4 Feb 2020
|
2020-01-28 |
Measured Boot: add function for hash calculation
...
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
committed
on 28 Jan 2020
|
2020-01-08 |
Remove redundant declarations.
...
In further patches, we wish to enable -wredundant-decls check as
part of warning flags by default.
Change-Id: I43410d6dbf40361a503c16d94ccf0f4cf29615b7
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 8 Jan 2020
|
2019-12-11 |
cryptocell: add cryptocell 712 RSA 3K support
...
Add the support needed to enable using CryptoCell integration with
with RSA 3K support.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
Gilad Ben-Yossef
committed
on 11 Dec 2019
|
2019-09-12 |
Remove RSA PKCS#1 v1.5 support from cert_tool
...
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.
Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.
Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
Support larger RSA key sizes when using MBEDTLS
...
Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.
Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Justin Chadwell
committed
on 12 Sep 2019
|
2019-07-25 |
cryptocell: add product version awareness support
...
Add support for multiple Cryptocell revisions which
use different APIs.
This commit only refactors the existing code in preperation to the addition
of another Cryptocell revisions later on.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I16d80b31afb6edd56dc645fee5ea619cc74f09b6
Gilad Ben-Yossef
committed
on 25 Jul 2019
|
cryptocell: move Cryptocell specific API into driver
...
Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
API and products.
Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
Gilad Ben-Yossef
committed
on 25 Jul 2019
|
2019-06-13 |
Fix type of cot_desc_ptr
...
The chain of trust description and the pointer pointing to its first
element were incompatible, thus requiring an explicit type cast for
the assignment.
- cot_desc was an array of
const pointers to const image descriptors.
- cot_desc_ptr was a const pointer to
(non-constant) pointers to const image descriptors.
Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would
generate the following compiler warning:
drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards
‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
REGISTER_COT(cot_desc);
^~~~~~~~
Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Sandrine Bailleux
committed
on 13 Jun 2019
|
2019-04-12 |
Mbed TLS: Remove weak heap implementation
...
The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.
The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.
Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 12 Apr 2019
|
2019-04-09 |
Checkpatch: Style fix
...
Change-Id: I0cb9f0db1ef3491f55c038a10db5a88d37e89697
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Joel Hutton
committed
on 9 Apr 2019
|
2019-04-08 |
cot-desc: optimise memory further
...
This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.
memory diff:
bl1: bl2:
text text
-12 -12
bss bss
-1463 0
data data
-56 -48
rodata rodata
-5688 -2592
total total
-7419 -2652
Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Joel Hutton
committed
on 8 Apr 2019
|
Reduce memory needed for CoT description
...
When Trusted Board Boot is enabled, we need to specify the Chain of
Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
of image descriptors. The authentication module assumes that each
image descriptor in this array is indexed by its unique image
identifier. For example, the Trusted Boot Firmware Certificate has to
be at index [TRUSTED_BOOT_FW_CERT_ID].
Unique image identifiers may not necessarily be consecutive. Also,
a given BL image might not use all image descriptors. For example, BL1
does not need any of the descriptors related to BL31. As a result, the
CoT array might contain holes, which unnecessarily takes up space in
the BL binary.
Using pointers to auth_img_desc_t structs (rather than structs
themselves) means these unused elements only use 1 pointer worth of
space, rather than one struct worth of space. This patch also changes
the code which accesses this array to reflect the change to pointers.
Image descriptors not needed in BL1 or BL2 respectively are also
ifdef'd out in this patch. For example, verifying the BL31 image is
the responsibility of BL2 so BL1 does not need any of the data
structures describing BL31.
memory diff:
bl1: bl2:
text text
-20 -20
bss bss
-1463 0
data data
-256 -48
rodata rodata
-5240 -1952
total total
-6979 -2020
Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Joel Hutton
committed
on 8 Apr 2019
|
2019-04-01 |
Remove several warnings reported with W=2
...
Improved support for W=2 compilation flag by solving some nested-extern
and sign-compare warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed.
Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Ambroise Vincent
committed
on 1 Apr 2019
|
2019-02-28 |
Remove Mbed TLS dependency from plat_bl_common.c
...
Due to the shared Mbed TLS heap optimisation introduced in 6d01a463,
common code files were depending on Mbed TLS specific headers. This
dependency is now removed by moving the default, unoptimised heap
implementation inside the Mbed TLS specific files.
Change-Id: I11ea3eb4474f0d9b6cb79a2afd73a51a4a9b8994
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 28 Feb 2019
|
2019-01-04 |
Sanitise includes across codebase
...
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 4 Jan 2019
|
2018-09-28 |
Remove all other deprecated interfaces and files
...
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 28 Sep 2018
|
2018-09-04 |
Prepare Mbed TLS drivers for shared heap
...
The Mbed TLS drivers, in order to work, need a heap for internal usage.
This heap, instead of being directly referenced by the drivers, now it
is being accessed indirectly through a pointer. Also, the heap, instead
of being part of the drivers, now it is being received through the
plat_get_mbedtls_heap() function. This function requests a heap from the
current BL image which utilises the Mbed TLS drivers.
Those changes create the opportunity for the Mbed TLS heap to be shared
among different images, thus saving memory. A default heap
implementation is provided but it can be overridden by a platform
specific, optimised implemenetation.
Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 4 Sep 2018
|
2018-08-22 |
libc: Use printf and snprintf across codebase
...
tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.
Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 22 Aug 2018
|
2018-08-03 |
Add atexit function to libc
...
We had exit but we didn't have atexit, and we were calling panic and
tf_printf from exit, which generated a dependency from exit to them.
Having atexit allows to set a different function pointer in every image.
Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 3 Aug 2018
|
Don't include mbebtls include paths in INCLUDES
...
Mbebtls include paths are controlled by the user using the variable
MBEDTLS_DIR and they are out of the TF source tree. Since these
includes have a different origin it is better to move them to a
different variable.
This change makes easier for the romlib Makefile to parse the include
paths.
Change-Id: I3e4c99300f1012bc7f88c6b9f5bc0ec1f7b5aa8d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 3 Aug 2018
|