Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1ba559e188ad8c33cb0e643d7a2fc6fb96736ab9
The changes include:
- A new build option (ENABLE_RME) to enable FEAT_RME
- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.
- Support for RMM image in fiptool
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
Added support in fiptool to include fw_config image
in FIP.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.
A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.
Following new options added to cert_tool:
--sip-sp-cert --> SiP owned Secure Partition Content Certificate
--sp-pkg1 --> Secure Partition Package1 file
--sp-pkg2
.....
--sp-pkg8
Trusted world key pair is used for signing.
Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
RFC4122 defines that fields are stored in network order (big endian),
but TF-A stores them in machine order (little endian by default in TF-A).
We cannot change the future UUIDs that are already generated, but we can store
all the bytes using arrays and modify fiptool to generate the UUIDs with
the correct byte order.
Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.
Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.
Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
This fix modifies the order of system includes to meet the ARM TF coding
standard whilst retaining header groupings.
Change-Id: Ib91968f8e2cac9e96033d73d3ad9d0a2ae228b13
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.
Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
Some header files need to be shared between TF and host programs.
For fiptool, two headers are copied to the tools/fiptool directory,
but it looks clumsy.
This commit introduces a new directory, include/tools_share, which
collects headers that should be shared between TF and host programs.
This will clarify the interface exposed to host tools. We should
add new headers to this directory only when we really need to do so.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
To allow operating on images with unknown UUIDs, fiptool needs to
be able to track an arbitrary amount of images and not be limited
to the set of images described by the builtin table.
Convert the table to a list to accommodate this scenario.
Change-Id: I0e6d738eece7795d74fc72d165a3098f223d4414
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The `toc_entry` and `image` data structures had a cyclic
relationship. This patch removes the explicit dependencies and introduces
functions to link them via the UUID.
This change highlights the intent of the code better and makes it more
flexible for future enhancements.
Change-Id: I0c3dd7bfda2a631a3827c8ba4831849c500affe9
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
fiptool provides a more consistent and intuitive interface compared to
the fip_create program. It serves as a better base to build on more
features in the future.
fiptool supports various subcommands. Below are the currently
supported subcommands:
1) info - List the images contained in a FIP file.
2) create - Create a new FIP file with the given images.
3) update - Update an existing FIP with the given images.
4) unpack - Extract a selected set or all the images from a FIP file.
5) remove - Remove images from a FIP file. This is a new command that
was not present in fip_create.
To create a new FIP file, replace "fip_create" with "fiptool create".
To update a FIP file, replace "fip_create" with "fiptool update".
To dump the contents of a FIP file, replace "fip_create --dump" with
"fiptool info".
A compatibility script that emulates the basic functionality of
fip_create is provided. Existing scripts might or might not work with
the compatibility script. Users are strongly encouraged to migrate to
fiptool.
FixesARM-Software/tf-issues#87FixesARM-Software/tf-issues#108FixesARM-Software/tf-issues#361
Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
