This patch modifies the `cert_create` tool to use RSASSA-PSS scheme for
signing the certificates. This is compliant with RSA PKCS_2_1 standard as
mandated by TBBR.
Note that the certificates generated by using cert_create tool after this
patch can be authenticated during TBB only if the corresponding mbedtls
driver in ARM Trusted Firmware has the corresponding support.
Change-Id: If224f41c76b3c4765ae2af5259e67f73602818a4
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds support for RSASSA-PSS Signature Algorithm for
X509 certificates in mbedtls crypto driver. Now the driver supports
RSA PKCS2_1 standard as mandated by TBBR.
NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
is deprecated.
Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The mbedTLS library requires larger heap memory for verification of RSASSA-PSS
signature in certificates during Trusted Board Boot. This patch increases the
heap memory for the same.
Change-Id: I3c3123d7142b7b7b01463516ec436734895da159
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
mbed TLS provides the debug API `mbedtls_memory_buffer_alloc_status()`
to analyse the RAM usage of the library.
When RSA is selected as algorithm, the maximum heap usage in FVP and
Juno has been determined empirically to be approximately 5.5 KiB.
However, The default heap size used when RSA is selected is 8 KiB.
This patch reduces the buffer from 8 KiB to 6 KiB so that the BSS
sections of both BL1 and BL2 are 2 KiB smaller when the firmware is
compiled with TBB support.
Change-Id: I43878a4e7af50c97be9c8d027c728c8483f24fbf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
If UFS device is initialized, we could just make it out of
hibernation by UFS_FLAGS_SKIPINIT. And vendor's dirver is always
focus on PHY setting. We could use UFS driver directly if it
exits from hibernation.
There're eight LUNs in UFS device. The UFS driver only provides
the read/write API with LUN. User could define his own read/write
since user may want to access different LUNs.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Support BL31 and PSCI. Enable multiple cores in PSCI.
Change-Id: I66c39e1e9c4c45ac41a0142ed2070d79a3ac5ba3
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Add some bit definitions of CPUACTLR register in Cortex-A53
CPU library.
Change-Id: I142fd8ac4b06dd651a32e22951e71cdebbea123a
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
BL2 is used to load BL31 and SCP_BL2. In HiKey platform, SCP_BL2
is the mcu firmware that is used to scale cpu frequency and switch
low power mode.
Change-Id: I1621aa65bea989fd125ee8502fd56ef72362bf97
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Initialize regulators, pins and eMMC in BL1. Only SRAM could be used in BL1.
So BL2 will be loaded from eMMC into SRAM later.
Change-Id: I8e7ef82ffa29a3c647c9d2d2981e8759ee85d833
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Only the compiler is switched to ARM Compiler 6. The assembler and linker
are provided by the GCC toolchain.
ARM Compiler 6 is used to build TF when the base name of the path assigned
to `CC` matches the string 'armclang'.
`CROSS_COMPILE` is still needed and should point to the appropriate
GCC toolchain.
Tested with ARM CC 6.7.
Change-Id: Ib359bf9c1e8aeed3f662668e44830864f3fe7b4a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Only the compiler is switched to clang. The assembler and linker are
provided by the GCC toolchain.
clang is used to build TF when the base name of the path assigned to
`CC` contains the string 'clang'.
`CROSS_COMPILE` is still needed and should point to the appropriate
GCC toolchain.
Tested with clang 3.9.x and 4.0.x.
Change-Id: I53236d64e3c83ad27fc843bae5fcdae30f2e325e
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Tools are built using the compiler specified in `HOSTCC` instead of
reusing the `CC` variable. By default, gcc is used.
Change-Id: I83636a375c61f4804b4e80784db9d061fe20af87
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Since TF uses GCC extensions, switch the C environment
from c99 to gnu99.
This change allows armclang to build TF.
Change-Id: Iaacb2726ba1458af59faf607ae9405d6eedb9962
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Since ARM_DRAM2_BASE is above the 32-bit limit, the condition
is always false. Wrap this condition in an ifndef to avoid
warnings during compilation.
Change-Id: Ideabb6c65de6c62474ed03eb29df4b049d5316be
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This function was removed long ago. Remove remaining
pragma reference.
Change-Id: I66c556863d47dc17d2ffdc6c23aa524df6aade80
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The default case is impossible to hit as the `power_level`
is already checked earlier. Avoids a clang warning.
Change-Id: I707463c843adc748ee9aa1d2313f9ab7dab3a8ab
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
x8 is not a callee-saved register and can be corrupted.
Use x19 instead to be AAPCS-compliant.
FixesARM-software/tf-issues#478
Change-Id: Ib4f114c36f4c11351ae856f953c45dca92b27c3b
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This options enables an implementation of SHA-256 that has a smaller
code footprint (~1.6 KB less) but is also ~30% slower. For ARM
platforms, code size is currently considered more important than
execution speed in the mbed TLS crypto module.
Added a small note about this option to the documentation of the
authentication framework.
Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The Trusted Firmware uses a subset of the APIs provided by mbed TLS.
This subset internally uses `snprintf`, but the only format specifier
used is '%d', which is supported by `tf_snprintf`.
This patch makes mbed TLS use `tf_snprintf` instead of `snprintf`,
saving 3 KB in both debug and release builds when TBBR is enabled.
Change-Id: I7f992a21015930d7c0f4660e7a28ceefd60b9597
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This is a reduced version of `snprintf` that only supports formats '%d',
'%i' and '%u'. It can be used when the full `snprintf` is not needed in
order to save memory. If it finds an unknown format specifier, it
prints an error message and panics.
Change-Id: I2cb06fcdf74cda2c43caf73ae0762a91499fc04e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The header tbbr_oid.h contains OIDs obtained by ARM Ltd.
so there is no good reason to use platform_oid.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).
For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.
The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Some header files need to be shared between TF and host programs.
For fiptool, two headers are copied to the tools/fiptool directory,
but it looks clumsy.
This commit introduces a new directory, include/tools_share, which
collects headers that should be shared between TF and host programs.
This will clarify the interface exposed to host tools. We should
add new headers to this directory only when we really need to do so.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The current assert_boolean does not work with variables assigned with
'=' flavor instead of ':='.
For example,
FOO = $(BAR)
BAR := 1
Here, $(value FOO) is evaluated to $(BAR), not 1. This is not what
we expect. While I am here, I simplified the implementation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This Linaro release updates just the binaries:
Linaro binaries upgraded 16.12 --> 17.01
The toolchain remains at 5.3-2015.05 (gcc 5.3) for both AArch64
and AArch32.
The ARM TF codebase has been tested against these new binaries. This patch
updates the User Guide to reflect that the 17.01 release is now a supported
Linaro Release.
Change-Id: I83c579dabd3fa9861ba0d41507036efbd87abcb5
Signed-off-by: David Cunado <david.cunado@arm.com>
xlat_tables_arch.h uses the platform macro `PLAT_VIRT_ADDR_SPACE_SIZE`.
This macro is defined in xlat_tables_private.h only if the platform
still uses the deprecated `ADDR_SPACE_SIZE`.
Change-Id: I1c3b12ebd96bdfe9bf94b26d440c03bc0f8c0b24
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The commit abd2aba99e introduced a
regression to the AArch32 sp_min Juno build. This patch fixes that.
Change-Id: I4b141717684d6aee60c761ea17f23170aa6708c3
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
