2019-02-28 |
Remove Mbed TLS dependency from plat_bl_common.c
...
Due to the shared Mbed TLS heap optimisation introduced in 6d01a463,
common code files were depending on Mbed TLS specific headers. This
dependency is now removed by moving the default, unoptimised heap
implementation inside the Mbed TLS specific files.
Change-Id: I11ea3eb4474f0d9b6cb79a2afd73a51a4a9b8994
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 28 Feb 2019
|
2019-01-04 |
Sanitise includes across codebase
...
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 4 Jan 2019
|
2018-09-28 |
Remove all other deprecated interfaces and files
...
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 28 Sep 2018
|
2018-09-04 |
Prepare Mbed TLS drivers for shared heap
...
The Mbed TLS drivers, in order to work, need a heap for internal usage.
This heap, instead of being directly referenced by the drivers, now it
is being accessed indirectly through a pointer. Also, the heap, instead
of being part of the drivers, now it is being received through the
plat_get_mbedtls_heap() function. This function requests a heap from the
current BL image which utilises the Mbed TLS drivers.
Those changes create the opportunity for the Mbed TLS heap to be shared
among different images, thus saving memory. A default heap
implementation is provided but it can be overridden by a platform
specific, optimised implemenetation.
Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 4 Sep 2018
|
2018-08-22 |
libc: Use printf and snprintf across codebase
...
tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.
Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 22 Aug 2018
|
2018-08-03 |
Add atexit function to libc
...
We had exit but we didn't have atexit, and we were calling panic and
tf_printf from exit, which generated a dependency from exit to them.
Having atexit allows to set a different function pointer in every image.
Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 3 Aug 2018
|
Don't include mbebtls include paths in INCLUDES
...
Mbebtls include paths are controlled by the user using the variable
MBEDTLS_DIR and they are out of the TF source tree. Since these
includes have a different origin it is better to move them to a
different variable.
This change makes easier for the romlib Makefile to parse the include
paths.
Change-Id: I3e4c99300f1012bc7f88c6b9f5bc0ec1f7b5aa8d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 3 Aug 2018
|
Create a library file for libmbedtls
...
TF Makefile was linking all the objects files generated for the
Mbed TLS library instead of creating a static library that could be
used in the linking stage.
Change-Id: I8e4cd843ef56033c9d3faeee71601d110b7e4c12
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 3 Aug 2018
|
2018-06-18 |
Move to mbedtls-2.10.0 tag
...
To build with the new release, we pick couple of more files from mbedTLS
library.
Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Jeenu Viswambharan
committed
on 18 Jun 2018
|
2018-05-18 |
Dynamic cfg: Enable support on CoT for other configs
...
This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.
Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 18 May 2018
|
2018-04-13 |
Fix MISRA rule 8.4 Part 4
...
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 13 Apr 2018
|
Fix MISRA rule 8.3 Part 4
...
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 13 Apr 2018
|
2018-03-27 |
Clean usage of void pointers to access symbols
...
Void pointers have been used to access linker symbols, by declaring an
extern pointer, then taking the address of it. This limits symbols
values to aligned pointer values. To remove this restriction an
IMPORT_SYM macro has been introduced, which declares it as a char
pointer and casts it to the required type.
Change-Id: I89877fc3b13ed311817bb8ba79d4872b89bfd3b0
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Joel Hutton
committed
on 27 Mar 2018
|
2018-02-26 |
Dynamic cfg: Add HW and TB_FW configs to CoT
...
This patch adds image IDs to `hw_config` and `tb_fw_config` and
includes them in the default Chain Of Trust (CoT).
Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 26 Feb 2018
|
2018-01-18 |
bl2-el3: Don't compile BL1 when BL2_AT_EL3 is defined in FVP
...
This patch modifies the makefiles to avoid the definition
of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and
it lets to the platform makefiles to define them if they
actually need these images. In the case of BL2_AT_EL3
BL1 will not be needed usually because the Boot ROM will
jump directly to BL2.
Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 18 Jan 2018
|
2017-11-21 |
tbbr: Add build flag HASH_ALG to let the user to select the SHA
...
The flag support the following values:
- sha256 (default)
- sha384
- sha512
Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Qixiang Xu
committed
on 21 Nov 2017
|
2017-09-22 |
Dynamic selection of ECDSA or RSA
...
Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects
rsa or ecdsa depending on the certificate used.
Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Qixiang Xu
committed
on 22 Sep 2017
|
2017-09-21 |
Add support for TBBR using ECDSA keys in ARM platforms
...
- fixed compile error when KEY_ALG=ecdsa
- add new option ecdsa for TF_MBEDTLS_KEY_ALG
- add new option devel_ecdsa for ARM_ROTPK_LOCATION
- add ecdsa key at plat/arm/board/common/rotpk/
- reduce the mbedtls heap memory size to 13k
Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Qixiang Xu
committed
on 21 Sep 2017
|
2017-08-31 |
cert_tool: Support for legacy RSA PKCS#1 v1.5
...
This patch enables choice of RSA version at run time to be used for
generating signatures by the cert_tool. The RSA PSS as defined in
PKCS#1 v2.1 becomes the default version and this patch enables to specify
the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
-a option. Also, the build option `KEY_ALG` can be used to pass this
option from the build system. Please note that RSA PSS is mandated
by Trusted Board Boot requirements (TBBR) and legacy RSA support is
being added for compatibility reasons.
Fixes ARM-Software/tf-issues#499
Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 31 Aug 2017
|
Export KEY_ALG as a user build option
...
The `KEY_ALG` variable is used to select the algorithm for key
generation by `cert_create` tool for signing the certificates. This
variable was previously undocumented and did not have a global default
value. This patch corrects this and also adds changes to derive the
value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
platform. The corresponding assignment of these variables are also now
removed from the `arm_common.mk` makefile.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
Soby Mathew
committed
on 31 Aug 2017
|
2017-08-09 |
Support Trusted OS firmware extra images in TF tools
...
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
Summer Qin
authored
on 20 Apr 2017
Edison Ai
committed
on 9 Aug 2017
|
2017-07-12 |
Fix order of #includes
...
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.
Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
Isla Mitchell
committed
on 12 Jul 2017
|
2017-06-28 |
Do basic CryptoCell LCS check
...
This patch implements the basic lifecycle state check when CryptoCell
SBROM is initialized. Currently the check ensures that if the lifecycle
state is Security Disabled (SD), the boot process does not proceed
further.
Change-Id: I5101335453cd3ea413e97bcfb9138a96c05e1aea
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 28 Jun 2017
|
Add CC crypto driver to the Auth module
...
This patch adds a crypto driver which utilizes the ARM® TrustZone®
CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
with this driver, the CryptoCell SBROM library is required to successfully
build the BL image. The path to this library is specified via
the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required
to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for
signature and hash verification.
Change-Id: If82dfbae0d7772ba1c64839f0b27850c103fe253
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 28 Jun 2017
|
2017-06-09 |
Merge pull request #968 from antonio-nino-diaz-arm/an/snprintf-alt
...
mbedtls: Don't use tf_snprintf if option not defined
davidcunado-arm
authored
on 9 Jun 2017
GitHub
committed
on 9 Jun 2017
|
2017-06-06 |
mbedtls: Don't use tf_snprintf if option not defined
...
If `MBEDTLS_PLATFORM_SNPRINTF_ALT` isn't used, the function
`mbedtls_platform_set_snprintf()` isn't defined.
In case a platform uses a different mbed TLS configuration file than
the one provided by the Trusted Firmware, and it doesn't define the
mentioned build option, this will result in a build error.
This patch modifies the initialization code so that
`mbedtls_platform_set_snprintf()` is only used if
`MBEDTLS_PLATFORM_SNPRINTF_ALT` is defined, allowing platforms to use
it or not depending on their needs.
Change-Id: I1d5c86d57e9b2871ba463030bf89210ebec5178e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 6 Jun 2017
|
2017-06-05 |
Add support for RSASSAPSS algorithm in mbedtls crypto driver
...
This patch adds support for RSASSA-PSS Signature Algorithm for
X509 certificates in mbedtls crypto driver. Now the driver supports
RSA PKCS2_1 standard as mandated by TBBR.
NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
is deprecated.
Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 5 Jun 2017
|
Increase heapsize for mbedtls library
...
The mbedTLS library requires larger heap memory for verification of RSASSA-PSS
signature in certificates during Trusted Board Boot. This patch increases the
heap memory for the same.
Change-Id: I3c3123d7142b7b7b01463516ec436734895da159
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 5 Jun 2017
|
2017-05-31 |
mbedtls: Define optimized mbed TLS heap size
...
mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()`
to analyse the RAM usage of the library.
When RSA is selected as algorithm, the maximum heap usage in FVP and
Juno has been determined empirically to be approximately 5.5 KiB.
However, The default heap size used when RSA is selected is 8 KiB.
This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS
sections of both BL1 and BL2 are 2 KiB smaller when the firmware is
compiled with TBB support.
Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 31 May 2017
|
2017-05-30 |
Merge pull request #949 from antonio-nino-diaz-arm/an/printf-memory
...
Reduce code size when building with Trusted Board Boot enabled
davidcunado-arm
authored
on 30 May 2017
GitHub
committed
on 30 May 2017
|