Following macros removed
- handle_async_ea : It duplicates "check_and_unmask_ea" functionality
- check_if_serror_from_EL3: This macro is small and called only once,
replace this macro with instructions at the caller.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Id7eec6263ec23cc8792139f491c563f616fd3618
SCHAR_MIN definition should use SCHAR_MAX, and not itself.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If8c1751a381dac50fe3ec5fdf19d6a4918470b58
In FCONF_REGISTER_POPULATOR macro, add static for the fconf_populator
struct. This avoids this kind of sparse warning:
plat/st/common/stm32mp_fconf_io.c:181:1: warning:
symbol 'stm32mp_io__populator' was not declared. Should it be static?
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Icaa7da3079e82497e112585150f6348ef2ebf5e6
IOMMU kernel driver has changed the function parameters, so update
IOMMU TF-A driver to be consistent with it.
Change-Id: I2adda69bdbdc31833781fac5e6c1f4b10da161be
Signed-off-by: Chengci.Xu <chengci.xu@mediatek.com>
Increase TC_TZC_DRAM1_SIZE for Trusty image and its memory size.
Update OP-TEE reserved memory range in DTS
Change-Id: Iad433c3c155f28860b15bde2398df653487189dd
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
* changes:
refactor(auth): do not include SEQUENCE tag in saved extensions
fix(auth): reject junk after certificates
fix(auth): require bit strings to have no unused bits
This makes the code a little bit smaller. No functional change
intended.
Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Certificates must not allow trailing junk after them.
Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.
Change-Id: Ifdbe3b4c6d04481bb8e93106ee04b49a70f50d5d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
* changes:
refactor(auth): partially validate SubjectPublicKeyInfo early
fix(auth): reject padding after BIT STRING in signatures
fix(auth): reject invalid padding in digests
fix(auth): require at least one extension to be present
fix(auth): forbid junk after extensions
fix(auth): only accept v3 X.509 certificates
Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Instead, it suffices to parse one of them, and then check that the other
fits in the remaining buffer space and is equal to the first.
Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This reduces the likelihood of future problems later.
Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Digests must not have padding after the SEQUENCE or OCTET STRING.
Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.
Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The extensions must use all remaining bytes in the TBSCertificate.
Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
v1 and v2 are forbidden as at least one extension is required. Instead
of actually parsing the version number, just compare it with a
hard-coded string.
Change-Id: Ib8fd34304a0049787db77ec8c2359d0930cd4ba1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Neoverse N2 erratum 2743089 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Idec862226bd32c91374a8bbd5d73d7ee480a34d9
When a platform decides to use FEAT_RNG_TRAP, every RNDR or RNDRSS read
will trap into EL3. The platform can then emulate those instructions, by
either executing the real CPU instructions, potentially conditioning the
results, or use rate-limiting or filtering to protect the hardware
entropy pool. Another possiblitiy would be to use some platform specific
TRNG device to get entropy and returning this.
To demonstrate platform specific usage, add a demo implementation for the
FVP: It will execute the actual CPU instruction and just return the
result. This should serve as reference code to implement platform specific
policies.
We change the definition of read_rndr() and read_rndrrs() to use the
alternative sysreg encoding, so that all assemblers can handle that.
Add documentation about the new platform specific RNG handler function.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ibce817b3b06ad20129d15531b81402e3cc3e9a9e
At the moment we only handle SMC traps from lower ELs, but ignore any
other synchronous traps and just panic.
To cope with system register traps, which we might need to emulate,
introduce a C function to handle those traps, and wire that up in the
exception handler to be called.
We provide a dispatcher function (in C), that will call platform
specific implementation for certain (classes of) system registers.
For now this is empty.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: If147bcb49472eb02791498700300926afbcf75ff
Cortex-A78 erratum 2772019 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0362da463eca777aa7a385bcdeb39b8549799f02
Neoverse V1 erratum 2743093 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ee7c16c14c4fd6ee35d20c855273ecfce0d1b32
make it part of the restricted dma pool to ensure it is not used for
general dma operations.
Change-Id: Ia14738de70b4d7719d7460ed8d16e727aea8d8c4
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Moving ARM_ROTPK_S to default to arm_dev_rotpk.S as it was not being
set for Juno cryptocell and this should be the value in most cases.
Change-Id: I56a5a4e61f1ca728b87322b0b09a0d73ed1d5ee0
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
This patch adds Delegated Attestation and Measured Boot tests to the
plat/arm/board/tc platform.
The test suite can be activated by adding the build time option
`PLATFORM_TEST=1` to the make command. In this case the boot sequence is
not finished, plat_error_handler is called after the tests are run
(regardless of the test result.)
The actual test code is coming from the Trusted-Firmware-M project. Some
of the files of the tf-m-tests and tf-m-extras repo are linked to the
BL31 image.
Versions used for testing:
https://git.trustedfirmware.org/TF-M/tf-m-tests
614e8c358377e4146e8ee13d1246e59d01b4bf1b
https: //git.trustedfirmware.org/TF-M/tf-m-extras
3be9fdd557e6df449de93c2101973fb011699b3d
Change-Id: I98f0f5f760a39d2d7e0dd11d33663ddb75f0b6fc
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
OEN Number 48 to 63 is for Trusted App and OS.
GET_SMC_OEN limits the return value of OEN number to 63 by bitwise AND
operation with 0x3F. Thus the upper limit check for OEN value returned
by GET_SMC_OEN is not required.
Removing the upper limit check for the OEN value returned by GET_SMC_OEN
resolves integer handling issue CONSTANT_EXPRESSION_RESULT
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Change-Id: Ie04a4e2fb7cc85ec6055a5662736a805a89f7085
