2015-03-05 |
TBB: use SHA256 to generate the certificate signatures
...
This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
certificate signatures are generated according to the NSA Suite B
cryptographic algorithm requirements.
Documentation updated accordingly.
Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
Juan Castillo
committed
on 5 Mar 2015
|
Merge pull request #261 from sandrine-bailleux/sb/coding-style
...
Ignore C library files when checking coding style
Fix violations to the coding style
danh-arm
committed
on 5 Mar 2015
|
Fix violations to the coding style
...
All coding style violations have been fixed in a previous patch and
since then, each individual patch has been checked in this regard.
However, the latest version of the checkpatch.pl script from the Linux
kernel is more advanced and it is able to flag new errors in the
Trusted Firmware codebase. This patch fixes them.
Change-Id: I1f332f2440984be85d36b231bb83260368987077
Sandrine Bailleux
committed
on 5 Mar 2015
|
Ignore C library files when checking coding style
...
The C library source files embedded into the Trusted Firmware
tree are not required to comply to the Linux Coding Style.
Unfortunately, 'make checkpatch' does take them into account.
This patch modifies the Makefile so that the C library source
and header files are now ignored by 'make checkpatch'.
It also instructs the checkpatch.pl script to not treat the
presence of a 'Change-Id' line in the commit message as an error.
Change-Id: I38196202efe518bae3a57c2affe2ed7758c9f69c
Sandrine Bailleux
committed
on 5 Mar 2015
|
2015-02-25 |
Merge pull request #259 from soby-mathew/sm/plat_max_afflvl
...
Export maximum affinity using PLATFORM_MAX_AFFLVL macro
danh-arm
committed
on 25 Feb 2015
|
Merge pull request #258 from rmurphy-arm/rm/dma-smmu
...
Juno: clear DMA-330 SMMU security state
danh-arm
committed
on 25 Feb 2015
|
2015-02-19 |
Merge pull request #257 from soby-mathew/sm/opt_mmap_reg
...
Minimize MAX_MMAP_REGIONS for each BL stage
danh-arm
committed
on 19 Feb 2015
|
2015-02-16 |
Juno: clear DMA-330 SMMU security state
...
By default the SMMU for the DMA-330 is configured to mark some stream IDs
as always belonging to the Secure world. As a result, if EL1 software turns
the SMMU on, certain Non-Secure accesses get rewritten as Secure, making
them bypass translation and access Secure physical addresses directly.
Since the current Juno board firmware configures the DMA-330 hardware as
Non-Secure, rewrite the SMMU's default SSD table as well to prevent any
unexpected behaviour in EL1.
Change-Id: Iaa81d883eecf28d80eb182b9ce475684bf9c718c
Robin Murphy
committed
on 16 Feb 2015
|
2015-02-12 |
Export maximum affinity using PLATFORM_MAX_AFFLVL macro
...
This patch removes the plat_get_max_afflvl() platform API
and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
This is done because the maximum affinity level for a platform
is a static value and it is more efficient for it to be defined
as a platform macro.
NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
Fixes ARM-Software/tf-issues#265
Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
Soby Mathew
committed
on 12 Feb 2015
|
Minimize MAX_MMAP_REGIONS for each BL stage
...
This patch defines MAX_MMAP_REGIONS separately for each BL stage
as per its requirements. This minimizes the size of the mmap[]
array.
Fixes ARM-Software/tf-issues#201
Change-Id: I19b15e1a91a8365b2ecf24e2cd71937cb73916b2
Soby Mathew
committed
on 12 Feb 2015
|
2015-02-04 |
Merge pull request #256 from achingupta/ag/v1.1-rc2-fix
...
Fix model command line for legacy VE memory map
achingupta
committed
on 4 Feb 2015
|
Fix model command line for legacy VE memory map
...
The command line options specified in the User Guide to run the AEMv8 Base FVP
with the legacy VE memory map apply only when the model is configured to use GIC
v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure
that the right version of GIC is used.
Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891
Achin Gupta
committed
on 4 Feb 2015
|
2015-02-03 |
Merge pull request #254 from achingupta/ag/v1.1-doc-updates
...
Documentation for version 1.1
danh-arm
committed
on 3 Feb 2015
|
Merge pull request #255 from jcastillo-arm/jc/cert_create_gerrit
...
TBB: Add documentation for Trusted Board Boot
danh-arm
committed
on 3 Feb 2015
|
TBB: Add documentation for Trusted Board Boot
...
This patch updates the user-guide.md with the various build options related to
Trusted Board Boot and steps to build a FIP image which includes this
support. It also adds a trusted-board-boot.md which describes the scope and
design of this feature.
Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061
Achin Gupta
authored
on 25 Jan 2015
Juan Castillo
committed
on 3 Feb 2015
|
Documentation for version 1.1
...
Final updates to readme.md and change-log.md for ARM Trusted Firmware version
1.1. Also increment the version in the Makefile.
Change-Id: Ib001a6ec9a9c570985841d06f0ff80ed76c2996b
Achin Gupta
committed
on 3 Feb 2015
|
2015-02-02 |
Merge pull request #253 from danh-arm/dh/deps-for-v1.1
...
Move up dependency versions in user guide
danh-arm
committed
on 2 Feb 2015
|
Move up dependency versions in user guide
...
Move up the version numbers in the user guide of:
* DS-5 (to v5.20)
* EDK2 (to v2.1-rc0)
* Linux Kernel (to 1.3-Juno)
* Linaro file-system (to 14.12)
* Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1).
Also remove duplicate information that is available from the
ARM Connected Community website.
* Base FVP (to 6.2)
* Foundation FVP (to 9.1). Also update the name of the Foundation
FVP binary since it has changed since version 2.1.
Co-Authored-By: Dan Handley <dan.handley@arm.com>
Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0
Sandrine Bailleux
authored
on 14 Jan 2015
Dan Handley
committed
on 2 Feb 2015
|
Merge pull request #252 from sandrine-bailleux/v1.1-misc-doc-fixes
...
Miscellaneous doc fixes for v1.1
danh-arm
committed
on 2 Feb 2015
|
Miscellaneous doc fixes for v1.1
...
Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9
Sandrine Bailleux
committed
on 2 Feb 2015
|
2015-01-30 |
Merge pull request #251 from soby-mathew/sm/reset_handler_fix_v2
...
Fix the Cortex-A57 reset handler register usage v2
danh-arm
committed
on 30 Jan 2015
|
Fix the Cortex-A57 reset handler register usage
...
The CPU specific reset handlers no longer have the freedom
of using any general purpose register because it is being invoked
by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
specific reset handler was overwriting x20 register which was being
used by the BL3-1 entry point to save the entry point information.
This patch fixes this bug by reworking the register allocation in the
Cortex-A57 reset handler to avoid using x20. The patch also
explicitly mentions the register clobber list for each of the
callee functions invoked by the reset handler
Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df
Soby Mathew
committed
on 30 Jan 2015
|
2015-01-28 |
Merge pull request #249 from danh-arm/jc/tbb_prototype
...
Trusted Board Boot Prototype
danh-arm
committed
on 28 Jan 2015
|
TBB: authenticate BL3-x images and certificates
...
This patch adds support to authenticate the Trusted Key certificate
and the BL3-x certificates and images at BL2.
Change-Id: I69a8c13a14c8da8b75f93097d3a4576aed71c5dd
Juan Castillo
authored
on 28 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
FVP: initialize IO framework in bl2_early_platform_setup()
...
This patch moves fvp_io_setup() to bl2_early_platform_setup() in order
to allow BL2 to use the IO framework before bl2_platform_setup().
Change-Id: I75e1a772ab5f9b4727f6727822a2527c30f3c63d
Juan Castillo
authored
on 28 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
TBB: authenticate BL2 image and certificate
...
This patch adds support to authenticate the BL2 content certificate
and image using the authentication module in BL1.
The FIP driver has been extended to include the BL2 certificate
UUID.
FVP and Juno ports include the BL2 certificate FIP file
definition.
Change-Id: I32680e9bd123c8db4a4193c14448c9b32b0e9325
Juan Castillo
authored
on 7 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
TBB: add authentication module interface
...
This patch provides an API to access the authentication module that
will be used to verify the authenticity of the images loaded into
memory as part of the Trusted Board Boot process.
To include the authentication module as part of the build, set the
boolean build option TRUSTED_BOARD_BOOT. One single authentication
module must be registered at build time by setting the build option
AUTH_MOD=<mod_name>. All authentication modules will be located in
'common/auth/<mod_name>' and must present the <mod_name>.mk file that
will be included by the build system to compile the module sources.
To create an authentication module, an instance of auth_mod_t called
'auth_mod' must be declared in the module sources. The initialization
and verification functions provided by the module will be exported
through the function pointers specified when declaring this instance.
If an authentication module includes third party sources that do not
adhere to the C99 standard, the -pedantic option may be removed from
the build options by setting the flag DISABLE_PEDANTIC in the module
file <mod_name>.mk.
Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
Juan Castillo
authored
on 13 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
TBB: add PolarSSL based authentication module
...
This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.
PolarSSL sources must be fetched separately. The POLARSSL_DIR
build option may be used to indicate the path to the PolarSSL
main directory (this directory must contain the 'include' and
'library' subdirectories).
To be able to build PolarSSL sources as a part of the Trusted
Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
will tell the build system to remove the -pedantic option from
the CFLAGS.
Inclusion of PolarSSL increases the memory requirements of the BL1
and BL2 images. The following are the changes made to the FVP and
Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
defined:
Changes on FVP:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- BL2 memory region has been increased to 112 KB
Changes on Juno:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- Trusted ROM region in Flash has been increased to 128 KB.
- BL2 memory region has been increased to 116 KB
Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
Juan Castillo
authored
on 13 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|
stdlib: add missing features to build PolarSSL
...
This patch adds the missing features to the C library included
in the Trusted Firmware to build PolarSSL:
- strcasecmp() function
- exit() function
- sscanf()* function
- time.h header file (and its dependencies)
* NOTE: the sscanf() function is not a real implementation. It just
returns the number of expected arguments by counting the number of
'%' characters present in the formar string. This return value is
good enough for PolarSSL because during the certificate parsing
only the return value is checked. The certificate validity period
is ignored.
Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d
Juan Castillo
authored
on 17 Nov 2014
Dan Handley
committed
on 28 Jan 2015
|
TBB: add a platform specific function to validate the ROTPK
...
This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.
The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).
TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.
For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.
Documentation updated accordingly.
Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
Juan Castillo
authored
on 7 Jan 2015
Dan Handley
committed
on 28 Jan 2015
|