LuminaSensum/arm-trusted-firmware

Fork: 0

LuminaSensum / arm-trusted-firmware

History for arm-trusted-firmware / tools / cert_create / src / key.c

2017-05-03	82cb2c1 Browse files » Use SPDX license identifiers ... To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com> dp-arm committed on 3 May 2017
2017-02-10	c893c73 Browse files » cert_create: remove unneeded initializers ... These variables store return values of functions. Remove all of meaningless initializers. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Masahiro Yamada committed on 10 Feb 2017
2017-02-10	762f1eb Browse files » cert_create: fix memory leak bug caused by key container overwrite ... In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Masahiro Yamada committed on 10 Feb 2017
2016-01-07	159807e Browse files » cert_create: update help message ... The help message printed by the cert_create tool using the command line option -h (or --help) does not correctly list all the available command line options. This patch reworks the print_help() function to print the help messages in a data driven approach. For each command line option registered, an optional help message can be specified, which will be printed by print_help(). Help messages for the TBBR options (certificates, keys and images) are also provided. Fix a small bug in the short options string passed to getopt_long: the ':' was missing in the '-a' option (this option must take an argument). Fixes ARM-software/tf-issues#337 Change-Id: I9d08c2dfd349022808fcc884724f677eefdc1452 Juan Castillo committed on 7 Jan 2016
2015-10-23	ad2c1a9 Browse files » cert_create: specify command line options in the CoT ... This patch introduces a new API that allows to specify command line options in the Chain of Trust description. These command line options may be used to specify parameters related to the CoT (i.e. keys or certificates), instead of keeping a hardcoded list of options in main.c. Change-Id: I282b0b01cb9add557b26bddc238a28253ce05e44 Juan Castillo committed on 23 Oct 2015
2015-07-01	ed2a76e Browse files » TBB: build 'cert_create' with ECDSA only if OpenSSL supports it ... Some Linux distributions include an OpenSSL library which has been built without ECDSA support. Trying to build the certificate generation tool on those distributions will result in a build error. This patch fixes that issue by including ECDSA support only if OpenSSL has been built with ECDSA. In that case, the OpenSSL configuration file does not define the OPENSSL_NO_EC macro. The tool will build successfully, although the resulting binary will not support ECDSA keys. Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902 Juan Castillo committed on 1 Jul 2015
2015-06-25	ccbf890 Browse files » TBB: add ECDSA support to the certificate generation tool ... This patch extends the 'cert_create' tool to support ECDSA keys to sign the certificates. The '--key-alg' command line option can be used to specify the key algorithm when invoking the tool. Available options are: * 'rsa': create RSA-2048 keys (default option) * 'ecdsa': create ECDSA-SECP256R1 keys The TF Makefile has been updated to allow the platform to specify the key algorithm by declaring the 'KEY_ALG' variable in the platform makefile. The behaviour regarding key management has changed. After applying this patch, the tool will try first to open the keys from disk. If one key does not exist or no key is specified, and the command line option to create keys has been specified, new keys will be created. Otherwise an error will be generated and the tool will exit. This way, the user may specify certain keys while the tool will create the remaining ones. This feature is useful for testing purposes and CI infrastructures. The OpenSSL directory may be specified using the build option 'OPENSSL_DIR' when building the certificate generation tool. Default is '/usr'. Change-Id: I98bcc2bfab28dd7179f17f1177ea7a65698df4e7 Juan Castillo committed on 25 Jun 2015
2015-01-28	6f97162 Browse files » TBB: add tool to generate certificates ... This patch adds a tool that generates all the necessary elements to establish the chain of trust (CoT) between the images. The tool reads the binary images and signing keys and outputs the corresponding certificates that will be used by the target at run time to verify the authenticity of the images. Note: the platform port must provide the file platform_oid.h. This file will define the OIDs of the x509 extensions that will be added to the certificates in order to establish the CoT. Change-Id: I2734d6808b964a2107ab3a4805110698066a04be Juan Castillo authored on 21 Oct 2014 Dan Handley committed on 28 Jan 2015