* changes:
refactor(changelog): change all occurrences of RSS to RSE
refactor(qemu): change all occurrences of RSS to RSE
refactor(fvp): change all occurrences of RSS to RSE
refactor(fiptool): change all occurrences of RSS to RSE
refactor(psa): change all occurrences of RSS to RSE
refactor(fvp): remove leftovers from rss measured boot support
refactor(tc): change all occurrences of RSS to RSE
docs: change all occurrences of RSS to RSE
refactor(measured-boot): change all occurrences of RSS to RSE
refactor(rse): change all occurrences of RSS to RSE
refactor(psa): rename all 'rss' files to 'rse'
refactor(tc): rename all 'rss' files to 'rse'
docs: rename all 'rss' files to 'rse'
refactor(measured-boot): rename all 'rss' files to 'rse'
refactor(rss): rename all 'rss' files to 'rse'
Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I8982c203375250d6c709a26f33fb88673d69da50
OpenSSL has brainpool support only since version 1.1.0, make sure we
put a proper guardrail around it.
Change-Id: Ia2ee686904ed80699f77b1da953546ab7538ec37
Signed-off-by: Donald Chan <donachan@tesla.com>
Currently when RSA-PSS signing is invoked, a salt length of 32 bytes
is assumed. This works well when SHA-256 is the digest algorithm, but
the standard industry practice is that the salt length should follow
the digest length (e.g. 48/64 bytes for SHA-384/SHA-512).
Various cloud services' key management services (KMS) offering have
such restrictions in place, so if someone wants to integrate cert_create
against these services for signing key/content certs, they will have
problem with integration.
Furthermore, JWS (RFC7518) defined these specific combinations as valid
specs and other combinations are not supported:
- PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256
- PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384
- PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512
Change-Id: Iafc7c60ccb36f4681053dbeb4147bac01b9d724d
Signed-off-by: Donald Chan <donachan@tesla.com>
When generating fiptool for STM32MP2, a new parameter is added to
put DDR firmware inside the FIP.
To avoid duplicating fiptool platform files, move
tools/fiptool/plat_fiptool/st/stm32mp1 files in their parent directory
and move plat_def_fip_uuid.h in in plat/st/common/include.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1dd796847869e2bfb6ee8c2bcef25c595fa5197a
When configuring GNU GCC as the C compiler, we usually use the GNU BFD
linker directly to link by default. However, this complicates things
because we also need to support LTO, which can only be done when linking
is done via the C compiler, and we cannot change the linker later on if
some other part of the build system wants to enable LTO.
This change migrates the default choice of linker to GCC if the C
compiler is GCC, in order to enable this use-case. This should have no
impact on anything outside of the build system, as by default GCC merely
acts as a wrapper around BFD.
Change-Id: I40771be2b0571def67bbfde9e877e7629ec8cdaa
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change migrates the values of `CC`, `CPP`, `AS` and other toolchain
variables to the new `$(toolchain)-$(tool)` variables, which were
introduced by the toolchain refactor patch. These variables should be
equivalent to the values that they're replacing.
Change-Id: I644fe4ce82ef1894bed129ddb4b6ab94fb04985d
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change refactors how we identify the toolchain, with the ultimate
aim of eventually cleaning up the various mechanisms that we employ to
configure default tools, identify the tools in use, and configure
toolchain flags.
To do this, we introduce three new concepts in this change:
- Toolchain identifiers,
- Tool class identifiers, and
- Tool identifiers.
Toolchain identifiers identify a configurable chain of tools targeting
one platform/machine/architecture. Today, these are:
- The host machine, which receives the `host` identifier,
- The AArch32 architecture, which receives the `aarch32` identifier, and
- The AArch64 architecture, which receivs the `aarch64` identifier.
The tools in a toolchain may come from different vendors, and are not
necessarily expected to come from one single toolchain distribution. In
most cases it is perfectly valid to mix tools from different toolchain
distributions, with some exceptions (notably, link-time optimization
generally requires the compiler and the linker to be aligned).
Tool class identifiers identify a class (or "role") of a tool. C
compilers, assemblers and linkers are all examples of tool classes.
Tool identifiers identify a specific tool recognized and supported by
the build system. Every tool that can make up a part of a toolchain must
receive a tool identifier.
These new identifiers can be used to retrieve information about the
toolchain in a more standardized fashion.
For example, logic in a Makefile that should only execute when the C
compiler is GNU GCC can now check the tool identifier for the C compiler
in the relevant toolchain:
ifeq ($($(ARCH)-cc-id),gnu-gcc)
...
endif
Change-Id: Icc23e43aaa32f4fd01d8187c5202f5012a634e7c
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
build: remove the `NM` variable
build: prefer `gcc-ar` over `ar`
build: add `--no-warn-rwx-segments` when linking with GCC
build: always use the C compiler to assemble
build: always use the C compiler to preprocess
fix(rcar): fix implicit rule invocations in tools
The `rzg_layout_create` and `rcar_layout_create` tools have a rule to
build object files from C files, but it depends on object files in the
parent directory when it should depend on object files in the current
directory. Consequently, the rule is not triggering and the implicit C
compilation rule is executed instead. This rule works, so I have
replaced the broken rule with exactly the same command as what the
implicit rule is executing and fixed the dependency.
Change-Id: Ib8d640361adff8c4d660738dda230e5536bec629
Signed-off-by: Chris Kay <chris.kay@arm.com>
When PIE is enabled, it can be handy to display the .rela.dyn section.
Add RELA in the list of symbols parsed, to display this section in
memory map.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic40da54ce6fb6e281fb1a6627e9b8830993cfb2c
When building BL1 with SEPARATE_CODE_AND_RODATA=0, symbol names
__RO_{START|END}__ are ignored by memory map dump script.
Fix it by including the symbol in regular expression.
While at it, update the copyright year to current.
Change-Id: Iafeab75c5711429ea0b744510caf27dd8784a29a
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Silence warning from sp_mk_generator that 'is not' operator
is not meant for integers. This replaces the referred instance
with '!='.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d31ad65466dbeafebbfc929e506c3e290913aca
Calculate the free space as the range between the
limit and the end of the memory region *_REGION_END.
Change-Id: I9cacadea2543c9f5ddaebca82344a83678cd7d55
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The FF-A specification has made it such that SPs
may optionally specify their load address in the manifest.
This info was being retrieved to generate some information
for the SPMC manifest. However, it is not a mandatory utility.
This change relaxes the case in which the SP manifest doesn't
have a load address.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ic4c1b1ec6666522900c113903be45ba0eb5d0bf6
The same was done for other platforms: stm32mp1, tc before in
commit 034a2e3ef8 ('refactor(fiptool):
move plat_fiptool.mk to tools')
Additionally this will make ignore generated files:
Untracked files:
plat/arm/board/juno/fip/plat_def_uuid_config.d
plat/arm/board/juno/fip/plat_def_uuid_config.o
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Change-Id: Ia5f1082fcd6d9dfc0be012759493e61ddb869956
Fixed the check of the address range which the program is loaded to.
Use the addresses and sizes in the BL31 and BL32 certificates to check
that they are within the range of the target address and size
defined inside the TF-A.
It also uses the addresses and sizes in the BL33x certificates to check
that they are outside the protected area defined inside the TF-A.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> # Code clean up
Change-Id: Iade15431fc86587489fb0ca9106f6baaf7e926e2
mbedtls/version.h needs to be included before the use of any
mbedtls config variables.
Fixes a build failure regression from commit a8eadc51a.
Change-Id: Idd955d7955b0a55ffd127f31053335542cb15e22
Signed-off-by: Henrik Nordstrom <henrik.nordstrom@addiva.se>
Added changelog for v2.10 release.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Id06263047fcc1ec60e82f85cd09e2e4bc95830f5
This reverts commit 0abbfab320.
Reason for revert: Changelog was based on rc0 tag but we got few more patches after that which were not captured.
Change-Id: I9829f2b6dc09f0bd5c538845cbae051f6e4c8a75
When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.
The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.
Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:
- If using v3+, KEY_ERROR_LOAD is returned.
- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().
This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.
Fixes: 616b3ce27d "feat(cert-create): add pkcs11 engine support"
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reported-by: Wenchen Tan <xtaens@qq.com>
Change-Id: Ia78ff442e04c5ff98e6ced8d26becbd817a8ccb7
Provide a STATIC command line build option for platforms willing to
build fiptool statically and remove dependency to toolchain and OpenSSL
libraries.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1d1b6676df50081828170e2b0ab7b71c4ec19d6e
Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compliant PKCS11 URI to a key instead of a file as an
argument to one of the key options. This change is fully backwards
compatible.
This change makes use of the openssl engine API which is deprecated
since openssl 3.0 and will most likely be removed in version 4. So
pkcs11 support will have to be updated to the openssl provider API
in the near future.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: If96725988ca62c5613ec59123943bf15922f5d1f
key->key and k will point to the same if PEM_read_PrivateKey
(pem_read_bio_key_decoder) succeeds. There is no need for the temporary
'k' pointer here.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: I219c49d331eb6dd7200b49b75d47fd66da3d82dd
TF-A makefile accepts a device-tree snippet to override hardcoded SP
nodes, via the `ARM_BL2_SP_LIST_DTS` variable. However the SPs declared
in `ARM_BL2_SP_LIST_DTS` must be in the same order as they are in the
FIP image, otherwise hash authentication will fail when loaded by BL2.
This patch generates the `ARM_BL2_SP_LIST_DTS` file from the
`sp_layout.json` file. The SPs in the FIP image are also generated from
`sp_layout.json`, so this ensures that there is only one source of truth
for the SP list, removing the possibility to have the lists disagree
with each other.
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I7d76715135c596605c6a02aad5196d967dfeb1ce
The build flags to enable the Arm(R) Ethos(TM)-N NPU driver are in arm
platform specific make files i.e. plat/arm/common/arm_common.mk. These
flags are renamed and moved to ethosn_npu.mk. Other source and make
files are changed to reflect the changes in these flags.
Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Change-Id: I6fd20225343c574cb5ac1f0f32ff2fc28ef37ea6
In their respective makefiles, cert_create, encrypt_fw and fiptool
depend on the --openssl phony target as a prerequisite. This forces
those tools to be re-linked each time.
Move the dependencies on the --openssl target from the tools to their
makefiles all targets, to avoid unnecessary linking while preserving the
OpenSSL version printing done in the --openssl targets when in debug.
Fixes: cf2dd17ddd ("refactor(security): add OpenSSL 1.x compatibility")
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Change-Id: I98a3ab30f36dffc253cecaaf3a57d2712522135d
Add symbols to mark end of TEXT/RODATA before page alignment.
Similar change was done by commit 8d69a03f6a ("Various
improvements/cleanups on the linker scripts") for
RO_END/COHERENT_RAM. These symbols help to know how much free
space is in the final binary because of page alignment.
Also show all *UNALIGNED__ symbols via poetry.
For example:
poetry run memory -p zynqmp -b debug
Change-Id: I322beba37dad76be9f4e88ca7e5b3eff2df7d96e
Signed-off-by: Michal Simek <michal.simek@amd.com>
The intial patch stack only supported ELF files, which proved
particularly problematic when dealing with incomplete builds (i.e. build
didn't complete due to linker errors). This adds support for GNU map
files. Most analysis performed by the tool should be possible with map
files alone.
Change-Id: I89f775a98efc5aef6671a17d0e6e973df555a6fa
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
* changes:
feat(fvp): mock support for CCA NV ctr
feat(auth): add CCA NV ctr to CCA CoT
feat(build): pass CCA NV ctr option to cert_create
feat(cert-create): add new option for CCA NV ctr
Extends cert_create tool with a new option for CCA NV
counter: ccafw_nvctr.
And changes the non-volatile counter used to protect
the CCA Content Certificate from the Trusted FW NV counter
to the CCA FW NV counter in the CCA CoT description.
Change-Id: I27f3ab2e25809f0dcc56fa05e5c3a25a2e861ef6
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
In response to feedback provided during review of the v2.9 changelog,
commits with the `build` type and without a scope are now treated as
though they have the `build` scope as well.
Change-Id: I9628e0faf1fcf31fe88758ad3e75ca8febf1bb36
Signed-off-by: Chris Kay <chris.kay@arm.com>
plat_fiptool.mk files now need to be in tools/fiptool/plat_fiptool/, so
this file has been moved to the new location so that it is picked up
correctly by the build system.
Change-Id: Id3596b08bc856362e300f3dfefcaab5d75b4c400
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Present memory usage in hierarchical view. This view maps modules to
their respective segments and sections.
Change-Id: I5c374b46738edbc83133441ff3f4268f08cb011d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
