2018-11-08 |
Standardise header guards across codebase
...
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.
The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.
The exceptions are files that are imported from other projects:
- CryptoCell driver
- dt-bindings folders
- zlib headers
Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 8 Nov 2018
|
2018-10-15 |
Add new defines for STM32MP1 platform
...
To boot on eMMC or SD-cards, STM32MP1 platform needs:
- GPT_IMAGE_ID to read GPT table on those devices
- STM32_IMAGE_ID and IO_TYPE_STM32IMAGE to read images with STM32 header
- IO_TYPE_MMC to have a IO for MMC devices
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Yann Gautier
committed
on 15 Oct 2018
|
2018-08-30 |
Fix MISRA defects in some common headers
...
Change-Id: I8fbb4c785e7e07c7241e0c399a9b65161985c9df
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Antonio Nino Diaz
committed
on 30 Aug 2018
|
2018-04-13 |
Fix MISRA rule 8.3 Part 4
...
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ia34fe1ae1f142e89c9a6c19831e3daf4d28f5831
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Roberto Vargas
committed
on 13 Apr 2018
|
2018-02-26 |
Add dynamic config image IDs
...
Change-Id: I147031dea9487dc1976e31ad40c89b221e44edbc
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 26 Feb 2018
|
Dynamic cfg: Add HW and TB_FW configs to CoT
...
This patch adds image IDs to `hw_config` and `tb_fw_config` and
includes them in the default Chain Of Trust (CoT).
Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Soby Mathew
committed
on 26 Feb 2018
|
2017-08-09 |
Support Trusted OS firmware extra images in TF tools
...
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
Summer Qin
authored
on 20 Apr 2017
Edison Ai
committed
on 9 Aug 2017
|
2017-05-03 |
Use SPDX license identifiers
...
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
dp-arm
committed
on 3 May 2017
|
2015-12-14 |
Replace all SCP FW (BL0, BL3-0) references
...
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):
BL0 --> SCP_BL1
BL30, BL3-0 --> SCP_BL2
bl30 --> scp_bl2
This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.
IMPORTANT: build option to specify the SCP FW image has changed:
BL30 --> SCP_BL2
IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:
BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
BL30_BASE --> SCP_BL2_BASE
bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
Juan Castillo
committed
on 14 Dec 2015
|
TBB: apply TBBR naming convention to certificates and extensions
...
This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:
* Certificate UUID names
* Certificate identifier names
* OID names
Changes apply to:
* Generic code (variables and defines)
* The default certificate identifiers provided in the generic
code
* Build system
* ARM platforms port
* cert_create tool internal definitions
* fip_create and cert_create tools command line options
* Documentation
IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:
Certificate UUIDs:
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
Certificate identifiers:
BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
OIDs:
TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
BL30_HASH_OID --> SCP_FW_HASH_OID
BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
BL31_HASH_OID --> SOC_AP_FW_HASH_OID
BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
NS_BL2U_HASH_OID --> FWU_HASH_OID
Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
Juan Castillo
committed
on 14 Dec 2015
|
2015-12-09 |
FWU: Add Generic Firmware Update framework support in BL1
...
Firmware update(a.k.a FWU) feature is part of the TBB architecture.
BL1 is responsible for carrying out the FWU process if platform
specific code detects that it is needed.
This patch adds support for FWU feature support in BL1 which is
included by enabling `TRUSTED_BOARD_BOOT` compile time flag.
This patch adds bl1_fwu.c which contains all the core operations
of FWU, which are; SMC handler, image copy, authentication, execution
and resumption. It also adds bl1.h introducing #defines for all
BL1 SMCs.
Following platform porting functions are introduced:
int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags);
This function can be used to add platform specific memory checks
for the provided base/size for the given security state.
The weak definition will invoke `assert()` and return -ENOMEM.
__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
This function can be used to initiate platform specific procedure
to mark completion of the FWU process.
The weak definition waits forever calling `wfi()`.
plat_bl1_common.c contains weak definitions for above functions.
FWU process starts when platform detects it and return the image_id
other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in
`bl1_main()`.
NOTE: User MUST provide platform specific real definition for
bl1_plat_mem_check() in order to use it for Firmware update.
Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
Yatharth Kochar
committed
on 9 Dec 2015
|
2015-06-25 |
TBB: add TBBR Chain of Trust
...
This patch adds a CoT based on the Trusted Board Boot Requirements
document*. The CoT consists of an array of authentication image
descriptors indexed by the image identifiers.
A new header file with TBBR image identifiers has been added.
Platforms that use the TBBR (i.e. ARM platforms) may reuse these
definitions as part of their platform porting.
PLATFORM PORT - IMPORTANT:
Default image IDs have been removed from the platform common
definitions file (common_def.h). As a consequence, platforms that
used those common definitons must now either include the IDs
provided by the TBBR header file or define their own IDs.
*The NVCounter authentication method has not been implemented yet.
Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
Juan Castillo
committed
on 25 Jun 2015
|