mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-17 18:14:24 +00:00
09d40e0e08
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
52 lines
1.4 KiB
C
52 lines
1.4 KiB
C
/*
|
|
* Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include <string.h>
|
|
|
|
#include <drivers/auth/auth_mod.h>
|
|
#include <plat/common/platform.h>
|
|
#if USE_TBBR_DEFS
|
|
#include <tools_share/tbbr_oid.h>
|
|
#else
|
|
#include <platform_oid.h>
|
|
#endif
|
|
|
|
/*
|
|
* Store a new non-volatile counter value. This implementation
|
|
* only allows updating of the platform's Trusted NV counter when a
|
|
* certificate protected by the Trusted NV counter is signed with
|
|
* the ROT key. This avoids a compromised secondary certificate from
|
|
* updating the platform's Trusted NV counter, which could lead to the
|
|
* platform becoming unusable. The function is suitable for all TBBR
|
|
* compliant platforms.
|
|
*
|
|
* Return: 0 = success, Otherwise = error
|
|
*/
|
|
int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc,
|
|
unsigned int nv_ctr)
|
|
{
|
|
int trusted_nv_ctr;
|
|
|
|
assert(cookie != NULL);
|
|
assert(img_desc != NULL);
|
|
|
|
trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0;
|
|
|
|
/*
|
|
* Only update the Trusted NV Counter if the certificate
|
|
* has been signed with the ROT key. Non Trusted NV counter
|
|
* updates are unconditional.
|
|
*/
|
|
if (!trusted_nv_ctr || img_desc->parent == NULL)
|
|
return plat_set_nv_ctr(cookie, nv_ctr);
|
|
|
|
/*
|
|
* Trusted certificates not signed with the ROT key are not
|
|
* allowed to update the Trusted NV Counter.
|
|
*/
|
|
return 1;
|
|
}
|