Patch fdae0b95852e087d8a19187f4d40babc67f0e57a in the CI bumped it to
6.23. Reflect this in docs
Change-Id: I39f3cd6fb03f81066fbbae3672c79802c607e3cd
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This new update to the LTS branch of MbedTLS provides
the fix for a buffer underrun vulnerability. TF-A does
not use the previously vulnerable functions
`mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2.
Change-Id: Ibc4a8712c92019648fe0e75390cd3540d86b735d
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Bump `dtc`, `clang` and `sphinx` to reconcile our minimum requirements
with the versions used in CI.
Change-Id: Ia848b4bdd93dc833ea03eda5b002561468042f52
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This small change removes the footnote from Poetry that it is only used
for building documentation, as it is now used for some of the Python
tooling in the repository from the build system.
Additionally, add a link to the official installation guide for Poetry.
Change-Id: Ie36b7ecd8066cbf2a14a1085d84fa9bd9c4409ba
Signed-off-by: Chris Kay <chris.kay@arm.com>
Updating toolchain to the latest production release version
13.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: If5915fdc14a6c65ce58ac7fccfddd6fe85c0d7c9
This new update to the LTS branch of MbedTLS provides minor
enhancements and bug fixes; including some security
fixes, and a fix to a compilation warning which
previously affected TF-A.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1.
Change-Id: I1a68dfcb52a8361c1689cb6ef12d265a6462fda3
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
With Commit@55aed7d798f3d48d6aa08d58eb46c4cda318bcfb
we have now updated to use mbedtls 3.6.0.
Update document to reflect the same.
Change-Id: I6bd8fcca795373a05bc6beb2e085d24fdd14932f
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The ordering of the setup guide is quite confusing, primarly because the
min requirements section is overly verbose. Reconcile this information
into a single table, and present the most important information at the
start of the document i.e. how to get the source, and the tools to
compile.
Change-Id: I1c4d708259e152b101c7282dad19e467d6c36519
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Our code does not preclude the use of versions 1.0.x of OpenSSL.
Instead, we discourage it's use due to security concerns. Update the
documentation to reflect this.
Change-Id: I5c60907337f10b05d5c43b0384247c5d4135db50
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Updating toolchain to the latest production release version
13.2.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Change-Id: I9b60728bcb1a48508ccd4fcbe0114b3029509a64
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Our build system extensively uses syntax and tools that are not natively
supported by Windows shells (i.e., CMD.exe and Powershell). This
dependency necessitates a UNIX-compatible build environment. This commit
updates the prerequisites section in our documentation to reflect this.
Change-Id: Ia7e02d7a335e6c88bbaa0394650f1313cdfd6e40
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e6e1477cf991e765b97c446684fc6ef9b9
Updating toolchain to the latest production release version
12.3.Rel1 publicly available on:
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
We build TF-A in CI using x86_64 Linux hosted cross toolchains:
---------------------------------------------------------------
* AArch32 bare-metal target (arm-none-eabi)
* AArch64 bare-metal target (aarch64-none-elf)
Change-Id: Ifcabb7fb9d8e13b87e164c3c1be8c8d32c31b49a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Update TF-A documentation to recommend using the latest and greatest
release of mbedTLS library to this date, i.e. version 3.4.1. The
upgrade was successfully tested by the OpenCI running all existing
test configs, in particular trusted boot and measured boot related
ones.
The reason for this upgrade is simply to obey TF-A's guideline to
always use up-to-date security libraries. mbedTLS 3.4.1 release
notes [1] do not list any changes that should affect TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ifc31c2fc825a2fc9ca318ea8baadd51b670e7a4e
Update to use the following software:
- mbed TLS == 3.4.0
- (DTC) >= 1.4.7
- Ubuntu 22.04 for builds.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I384aab4dfee9cae9453eebf4091abe82ef9ccfaa
Updating toolchain to the latest production release version
12.2.Rel1 publicly available on https://developer.arm.com/
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: Ib603cf7417e6878683a1100d5f55311188e36e8e
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Some parts of the documentation referring to Poetry provides incorrect
build instructions and has some minor formatting errors. Reformat the
bits that require formatting, and fix the build instructions. These
were originally part of the patch stack that added Poetry support but
were accidentally reverted prior to merge.
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Change-Id: I336d3a7bbe99f75262430ae436f8ebc2cb050d2c
New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management framework for Python. The two main upsides
of using poetry instead of the traditional requirements.txt are
maintainability and reproducibility.
Poetry provides a proper lock file for pinning dependencies, similar to
npm for JavaScript. This allows for separate environments (i.e. docs,
tools) to be created efficiently, and in a reproducible manner, wherever
the project is deployed. Having dependencies pinned in this manner is a
boon as a security focused project. An additional upside is that we will
receive security updates for dependencies via GitHub's Dependabot.
Change-Id: I5a3c2003769b878a464c8feac0f789e5ecf8d56c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
TF-A carries its own compiler-rt so higher versions of the compilers may
not necessarily work. Because TF-A is only tested on the specified
versions in the CI, any breakage remains unknown. Update the
prerequisites guide to make it more apparent that this is the case.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia5da9c5ff505ead99f579f3f5fbe3a480d697c1d
* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build
The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.
Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I02e88f8c279db6d8eda68f634e8473c02b733963
Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.
The change was tested with a full build on a clean install of Ubuntu 20.04.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command line hint
has been replaced with the snippet provided by NVM's user guide, and the
second line now automatically installs a version of Node.js compatible
with TF-A's repository scripts.
Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20
Signed-off-by: Chris Kay <chris.kay@arm.com>
In anticpation of the next Trusted Firmware release update the to newest
2.x Mbed TLS library [1].
Note that the Mbed TLS project published version 3.x some time ago.
However, as this is a major release with API breakages, upgrading to
this one might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to Mbed TLS 3.x after the v2.8 release
of TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/tree/v2.28.1
Change-Id: I7594ad062a693d2ecc3b1705e944dce2c3c43bb2
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This toolchain provides multiple cross compilers and is publicly
available on https://developer.arm.com/
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: I94e13f6c1ebe3a4a58ca6c79c1605bd300b372d3
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.
This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3
Add an empty line just before the "Build Host" title.
Without this, the title is not properly recognized, it does not get
added to the table of contents and the underlining characters appear
as dashes, as can be seen here:
https://trustedfirmware-a.readthedocs.io/en/v2.7/getting_started/prerequisites.html#prerequisites
Change-Id: Ia89cf3de0588495cbe64b0247dc860619f5ea6a8
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
GCC 11 and Clang 14 now use the DWARF 5 standard by default however
Arm-DS currently only supports up to version 4. Therefore, for debug
builds, ensure the DWARF 4 standard is used.
Also update references for Arm DS-5 to it's successor Arm-DS (Arm
Development Studio).
Change-Id: Ica59588de3d121c1b795b3699f42c31f032cee49
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.
Changes were made following the OpenSSL 3.0 migration guide:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
In some cases, those changes are straightforward and only
a small modification on the types or API calls was needed
(e.g.: replacing BN_pseudo_rand() with BN_rand(). Both identical
since v1.1.0).
The use of low level APIs is now deprecated. In some cases,
the new API provides a simplified solution for our goals and
therefore the code was simplified accordingly (e.g.: generating
RSA keys through EVP_RSA_gen() without the need of handling the
exponent). However, in some cases, a more
sophisticated approach was necessary, as the use of a context
object was required (e.g.: when retrieving the digest value from
an SHA file).
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I978e8578fe7ab3e71307450ebe7e7812fbcaedb6
Makefile updated to use LLVM utilities instead of GNU utilities when
compiling with clang. `CROSS_COMPILE` is not required since this
dependency has been removed.
Change-Id: I19706b84b9310e07935516681b86596c04ef8ad6
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Upgrade to the latest and greatest 2.x release of Mbed TLS library
(i.e. v2.28.0) to take advantage of their bug fixes.
Note that the Mbed TLS project published version 3.x some time
ago. However, as this is a major release with API breakages, upgrading
to 3.x might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7
release of TF-A.
Change-Id: I887dfd87893169c7be53b986e6c43338d15949d7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, TF-A documentation recommends downloading Arm compilers
from:
https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads
However, this page is now deprecated, as indicated by the banner at
the top of the page. When navigating to the new recommended page, one
can see the following note, which provides the rationale for the
deprecation:
GNU Toolchain releases from Arm were published previously as two
separate releases - one for A-profile and the other for R & M
profiles (GNU Toolchain for A-profile processors and GNU Arm
Embedded Toolchain).
Arm GNU Toolchain releases unifies these two into a single release
and the previous way of releases therefore have been
discontinued. However, the previous releases will continue to be
available for reference.
This patch updates the link to the new recommended place for compiler
downloads.
Change-Id: Iefdea3866a1af806a5db2d2288edbb63c543b8ee
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This toolchain provides multiple cross compilers and is publicly
available on developer.arm.com.
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: Ia14de2c7d9034a6f0bc56535e961fffc81bcbf29
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Updates the Node.js version installed by the prerequisite instructions
from v14 to v16, which is the latest LTS release.
The instructions for installing the Node Version Manager (NVM) have
also been updated for v0.39.0 (previously v0.38.0).
Change-Id: I85528b3906305914ba6169b4dc5aafcf5b36a339
Signed-off-by: Chris Kay <chris.kay@arm.com>
This toolchain provides multiple cross compilers and is publicly
available on developer.arm.com
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: I673e0dce8eb3ca3a004a43158a948431b032e93a
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
We currently use Linaro release software stack version
20.01 in the CI. Reflect that change in the docs.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0fa9f0163afb0bf399ec503abe9af4f17231f173
Two issues in documentation were identified after the release.
This patch fixes these typos.
1. Matternhorn ELP CPU was made available through v2.5 release, not
Matternhorn CPU
2. We had upgraded TF-A to use GCC 10.2 toolchain family and used this
toolchain for release testing
Change-Id: I33e59bb5a6d13f4d40dbb3352004d5b133431d65
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
To avoid the mistake fixed by the previous commit, ensure users install
the Node.js dependencies without polluting the lock file by passing
`--no-save` to the `npm install` line.
Change-Id: I10b5cc17b9001fc2e26deee02bf99ce033a949c1
Signed-off-by: Chris Kay <chris.kay@arm.com>
Husky is a tool for managing Git hooks within the repository itself.
Traditionally, commit hooks need to be manually installed on a per-user
basis, but Husky allows us to install these hooks either automatically
when `npm install` is invoked within the repository, or manually with
`npx husky install`.
This will become useful for us in the next few patches when we begin
introducing tools for enforcing a commit message style.
Change-Id: I64cae147e9ea910347416cfe0bcc4652ec9b4830
Signed-off-by: Chris Kay <chris.kay@arm.com>
Updated the documentation with latest Mbed TLS supported
version i.e. Mbed TLS v2.26.0
Fixes available in this version of Mbed TLS mainly affect
key generation/writing and certificates writing, which
are features used in the cert_create tool.
Release notes of Mbed TLSv2.26.0 are available here:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
Change-Id: Ie15ee45d878b7681e15ec4bf64d54b416a31aa2f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.
Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This toolchain provides multiple cross compilers and are publicly
available on developer.arm.com
We build TF-A in CI using:
AArch32 bare-metal target (arm-none-eabi)
AArch64 ELF bare-metal target (aarch64-none-elf)
Change-Id: I910200174d5bad985504d1af4a1ae5819b524003
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The User Guide document has grown organically over time and
now covers a wide range of topics, making it difficult to
skim read and extract information from. Currently, it covers
these topics and maybe a couple more:
- Requirements (hardware, tools, libs)
- Checking out the repo
- Basic build instructions
- A comprehensive list of build flags
- FIP packaging
- Building specifically for Juno
- Firmware update images
- EL3 payloads
- Preloaded BL33 boot flow
- Running on FVPs
- Running on Juno
I have separated these out into a few groups that become new
documents. Broadly speaking, build instructions for the tools,
for TF-A generally, and for specific scenarios are separated.
Content relating to specific platforms (Juno and the FVPs are
Arm-specific platforms, essentially) has been moved into the
documentation that is specific to those platforms, under
docs/plat/arm.
Change-Id: Ica87c52d8cd4f577332be0b0738998ea3ba3bbec
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
