Add support for tabulating static memory consumption data from ELF
binaries. This relies on static symbols, defined in the linker files,
that provide information about the memory ranges.
Change-Id: Ie19cd2b80a7b591607640feeb84c63266963ea4d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Make the symbol table produced by the memory mapping script more
readable. Add a generic interface for interacting with ELF binaries.
This interface enables us to get symbols that provide some insights into
TF-A's memory usage.
Change-Id: I6646f817a1d38d6184b837b78039b7465a533c5c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The fill_image_descs() function in fiptool adds images until
.cmdline_name is NULL.
Add a void entry to STM32MP1 plat_def_toc_entries[] to properly
escape the loop.
Also reported by Valentyn Korniienko (@ValentiWorkLearning) on github
with pull requests [1] and [2].
[1] https://github.com/ARM-software/arm-trusted-firmware/pull/1997
[2] https://github.com/STMicroelectronics/arm-trusted-firmware/pull/8
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I94fd36ca677d46ce6df95c7674c6b6bd365b28c7
The object target in the fiptool Makefile only depends on the
corresponding source file so it won't rebuild the object, if a header
file used by the source file is changed.
To make it rebuild the object file for both source and header file
changes, a dependency file will now be generated for each object and
included in the Makefile.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I0468c6e9c54126242150667268d471f28e011b0d
Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.
However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3
Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
SAVE_KEYS is set to '0' by default, causing cert_create to
show the 'Key filename not specified' message on each run
even though this is perfectly normal. Show the message only
in the VERBOSE log level.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Change-Id: I472cdec2670055ab0edd99d172f79d01ad575972
Move all plat_fiptool.mks into tools, change the logic to recursively
check for tools/fiptool/plat_fiptool/<plat_path>/plat_fiptool.mk
I.e. for a platform that has the path "plat/arm/board/tc/platform.mk",
the makefile will now load the first existing file from:
- tools/fiptool/plat_fiptool/arm/board/tc/plat_fiptool.mk
- tools/fiptool/plat_fiptool/arm/board/plat_fiptool.mk
- tools/fiptool/plat_fiptool/arm/plat_fiptool.mk
This enables fiptool to support multiple platforms, or a specific one.
Remove file-copying previously being used to handle old default path.
Remove custom file cleaning in plat_fiptool.mk.
Change-Id: I95245bcf7143b329481d4394ab64f29bfe9de5ab
Signed-off-by: Raef Coles <raef.coles@arm.com>
When FIP is programmed in a disk partition, fiptool cannot be used
directly; this forces the user to temporarily copy the partition
to a file, apply fiptool and copy back the file. This is caused by
fstat() that returns zero file size on a block special file, thus
making fiptool commands info, update, unpack and remove to exit.
For either Linux host or Linux target, recover the partition size
with ioctl() and use it as FIP file size. E.g.:
fiptool info /dev/disk/by-partlabel/fip-a
fiptool info /dev/mtdblock4
While there, rework two identical error log messages to provide
more details about the failure and update the date in copyright.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Change-Id: I7cab60e577422d94c24ba7e39458f58bcebc2336
In the generated sp_gen.mk, add a dependency to the image described in
the sp_layout.json file to make sure that the pkg file is re-generated
if the SP image is updated.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Id936f907d6baa6b0627c4bb9608323e5157c7a9b
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
Replace the "is/is not" operator by "==/!=" for literals, to fix the
syntax warnings below:
tools/sptool/sp_mk_generator.py:93: SyntaxWarning: "is not" with a literal. Did you mean "!="?
return len(sppkg_rule) is not 0
tools/sptool/sp_mk_generator.py:203: SyntaxWarning: "is" with a literal. Did you mean "=="?
assert(len(uuid_lines) is 1)
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I10800f6b607942542aa2cbaaecac86b854f6b56a
The script 'sp_mk_generator.py' was reworked in [1]. There was a
reference the variable 'data' left. This variable 'data' used to refer
to the json data of a the sp layout file.
This patch fixed the reference with the proper variable according to the
rework [1].
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a96a07bfb66b7d38fe3da824e8ba183967659008
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I9ddbfa8d55a114bcef6997920522571e070fc7d2
Add dependency between rules to generate SP packages and their dtb files
to ensure the dtb files are built before the sptool attempts to generate
the SP package.
Change-Id: I071806f4aa09f39132e3e1990c91d71dc9acd728
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1ba559e188ad8c33cb0e643d7a2fc6fb96736ab9
Selection of the cca chain of trust is done through the COT build
option:
> make COT=cca
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I123c0a841f67434633a3123cc1fa3e2318585482
Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.
Changes were made following the OpenSSL 3.0 migration guide:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
In some cases, those changes are straightforward and only
a small modification on the types or API calls was needed
(e.g.: replacing BN_pseudo_rand() with BN_rand(). Both identical
since v1.1.0).
The use of low level APIs is now deprecated. In some cases,
the new API provides a simplified solution for our goals and
therefore the code was simplified accordingly (e.g.: generating
RSA keys through EVP_RSA_gen() without the need of handling the
exponent). However, in some cases, a more
sophisticated approach was necessary, as the use of a context
object was required (e.g.: when retrieving the digest value from
an SHA file).
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I978e8578fe7ab3e71307450ebe7e7812fbcaedb6
To cope with the changes/design decisions in the implementation of
boot protocol, from FF-A v1.1 specification in the S-EL2 SPM, we have
changed the format of the sp pkg header.
These changes need to be reflected in the sptool, used for packaging
the SP binary, and the SP's FF-A manifest. Now the SP pkg can
contain the boot information blob as defined by the FF-A specification.
To cater for these changes, bring to the TF-A project an equivalent to
the tool used in the Hafnium project.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I046f5d6e3c2ef0ba6c87f65302e127dedef34c28
The "sp_mk_generator.py" is responsible for processing the SP layout
file, which contains information about the SPs to be deployed on top of
the SPM, to generate the "sp_gen.mk" file which appends information
specific to each SP that shall help with packing all SPs into a fip
binary.
Before this patch the "sp_mk_generator.py" was a monolithic script,
which has now been broken down into functions for each identified
configuration action.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I8ee7487f2e07d53e508d17d0fe4510e22957f5ca
Developed python framework to help with SPs configuration. The framework
allows for functions (dubbed "actions" in the framework) to be defined
that should process the "sp_layout.json" file.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I278cd5a7aa0574168473e28f3b0fe231d7b548ee
Add some entries in blx_symbols, that are used when the flag
SEPARATE_CODE_AND_RODATA is not enabled (__RO_* and __TEXT_RESIDENT_*).
Add all new symbols that were not yet present in the script.
Correct __BSS_END to __BSS_END__, and add __BSS_START__.
Add new *_XLAT_TABLE_* symbols.
As those strings are longer than 22, update display format string to
be dependent on the longest string.
The script also skips lines for which the _START__ and _END__
symbols have the same address (empty sections).
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I6c510ced6116b35d14ee2cb7a6711405604380d6
Replace bl2_offset with bl2_loc, and fix byte-swapping for
Chassis2 SoC(s) only.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ieb5fd6468178325bfb6fb89b6c31c75cd9030363
The stm32image tool is updated to manage new header v2.0 for BL2
images.
Add new structure for the header v2.0 management.
Adapt to keep compatibility with v1.0.
Add the header version major and minor in the command line
when executing the tool, as well as binary type (0x10 for BL2).
Change-Id: I70c187e8e7e95b57ab7cfad63df314307a78f1d6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
* changes:
docs(layerscape): add ls1046a soc and board support
feat(ls1046aqds): add board ls1046aqds support
feat(ls1046afrwy): add ls1046afrwy board support
feat(ls1046ardb): add ls1046ardb board support
feat(ls1046a): add new SoC platform ls1046a
fix(nxp-tools): fix tool location path for byte_swape
fix(nxp-qspi): fix include path for QSPI driver
build(changelog): add new scopes for NXP layerscape platforms
Extract the UUID from the SP layout JSON file if the optional 'uuid'
field exists otherwise fall back to the current method for extracting
the SP UUID from the partition manifest file.
This change gives a way to decouple TF-A's dependency on the SP
manifest file's format which is tied to the SPMC.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I13af066c1de58bfb9c3fd470ee137ea0275cd98c
The UUID conversion drops leading zeroes, so make sure that
all hex strings always are 8 digits long
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I5d7e3cf3b53403a02bf551f35f17dbdb96dec8ae
These fields were not updated accidentally on the v2.6.0 release.
Change-Id: I215105da618ff6f72057eaa40a34ff4b24f7ee36
Signed-off-by: Chris Kay <chris.kay@arm.com>
Updated the fiptool to avoid packing the zero size images in
the FIP.
Also, updated the commitlint-json file to cover the fiptool
changes under a separate scope.
Change-Id: Id7ac3dcff0c7318546e49308d0f17b6cbd5eb24b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
fiptool links to libcrypto, so as with the other tools it should respect
OPENSSL_DIR for include/library paths.
Change-Id: Icd8c15fa5097db1da9a3a9222d9e267548c4c7e2
Signed-off-by: Ross Burton <ross.burton@arm.com>
This change introduces a new NPM run script to automatically generate
the release changelog, as well as bump version numbers across the
code-base and create the release tag.
This script runs [Standard Version] to execute this, which is a tool
designed around automating substantial parts of the release process.
This can be done by running:
npm run release -- [<standard-version args>]
Standard Version expects the project to adhere to the [Semantic
Versioning] convention which TF-A does not, so you may need to specify
the version manually, e.g.:
npm run release -- --release-as 2.6.0
Individual steps of the release process may also be skipped at-will,
which may be necessary when, for example, tweaking the changelog:
npm run release -- --skip.commit --skip.tag
Standard Version is configured by the `.versionrc.js` file, which
contains information about the Conventional Commits types and scopes
used by the project, and how they map to the changelog.
To maintain continuity with the existing changelog style - at least to
the extent possible in the move from manual to automatic creation - a
customized changelog template has been introduced, based on the
Conventional Commits template provided by Standard Version.
This template package extends the Conventional Commits template package
by introducing support for parsing the Conventional Commits scopes into
changelog sections, similarly to how they were previously organized.
[Standard Version]:
https://github.com/conventional-changelog/standard-version
[Semantic Versioning]: https://semver.org
Change-Id: I5bafa512daedc631baae951651c38c1c62046b0a
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
The changes include:
- A new build option (ENABLE_RME) to enable FEAT_RME
- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.
- Support for RMM image in fiptool
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
* changes:
feat(plat/rcar3): keep RWDT enabled
feat(drivers/rcar3): add extra offset if booting B-side
feat(plat/rcar3): modify LifeC register setting for R-Car D3
feat(plat/rcar3): modify SWDT counter setting for R-Car D3
feat(plat/rcar3): update DDR setting for R-Car D3
feat(plat/rcar3): remove access to RMSTPCRn registers in R-Car D3
feat(plat/rcar3): add process of SSCG setting for R-Car D3
feat(plat/rcar3): add process to back up X6 and X7 register's value
feat(plat/rcar3): modify operation register from SYSCISR to SYSCISCR
feat(plat/rcar3): add SYSCEXTMASK bit set/clear in scu_power_up
feat(plat/rcar3): change the memory map for OP-TEE
feat(plat/rcar3): use PRR cut to determine DRAM size on M3
feat(plat/rcar3): apply ERRATA_A53_1530924 and ERRATA_A57_1319537
fix(plat/rcar3): fix disabling MFIS write protection for R-Car D3
fix(plat/rcar3): fix eMMC boot support for R-Car D3
fix(plat/rcar3): fix version judgment for R-Car D3
fix(plat/rcar3): fix source file to make about GICv2
fix(drivers/rcar3): console: fix a return value of console_rcar_init
The UUID field in SP manifest DTS is represented as an array of four
integers that the SPMC consumes using the little endian representation.
The reason is that those values are directly mapped to the SMCCC section
5.3 recommendation and the way they are exposed to the
FFA_PARTITION_INFO_GET interface.
Per [1] TF-A build flow expects a big endian representation of the UUID
so the sp_mk_generator script is updated to accommodate this conversion.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9563
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7c7b295225e23ea64f49170e27d97442b289703b
The memory area size of OP-TEE was changed from 1MB to 2MB
because the size of OP-TEE has increased.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Ic8a165c83a3a9ef2829f68d5fabeed9ccb6da95e
Add parameters to fill header version:
Two new options are added (m and n) to fill header version major and minor.
The default is v1.0 (major = 1, minor = 0)
Fix image header on big endian hosts:
Three header fields are not properly converted to little endian
before assignment, resulting in incorrect header while executing
stm32image on big endian hosts.
Convert the value of the header fields version_number,
image_checksum and edcsa_algorithm to little endian before the
assignment.
Don't force the base of strtol, since it's able to select the base
automatically depending on the prefix of the value.
This does not breaks the current build script that extracts the
addresses, including the 0x prefix, from the map file.
This change helps using stm32image in shell scripts where the
addresses can be computed using the shell arithmetic expansion
"$((...))", that produces a value in base decimal.
The variable stm32image_header is declared with global visibility
but is use in one function only, move it as local variable in the function.
Fix error message on destination file:
The error message on mmap() failure of destination file reports
incorrectly information about the source file.
Change the error message to match the file that causes the error.
Change-Id: Iebc8c915297306845b3847b32f9516443a515c97
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Antonio Borneo <antonio.borneo@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Calling 'make clean' in 'all' target is causing recompilation of binary
at every 'make' call, which is wrong.
Also building a new target via 'make TARGET' can cause infinite loop as
it is not defined as explicit make dependency. Dependent targets must be
specified after colon when defining target, which also prevents infinite
loops as make is able to detect these circular dependencies.
Moreover calling 'make clean' is supposed to be done by user when
configuration is changing.
So remove calling 'make clean' in 'all' target and define dependency for
'${PROJECT}' at correct place.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I70e7fd2b04b02f6a0650c82df91d58c9a4cb24d9
