Merge changes from topic "decouple-tb-mb" into integration
* changes: refactor(renesas): disable CRYPTO_SUPPORT option refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot build: introduce CRYPTO_SUPPORT build option
This commit is contained in:
commit
b19630037d
19
Makefile
19
Makefile
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
|
||||
# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
#
|
||||
|
@ -736,6 +736,12 @@ ifeq ($(DYN_DISABLE_AUTH), 1)
|
|||
endif
|
||||
endif
|
||||
|
||||
ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),)
|
||||
CRYPTO_SUPPORT := 1
|
||||
else
|
||||
CRYPTO_SUPPORT := 0
|
||||
endif
|
||||
|
||||
# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled.
|
||||
ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1)
|
||||
$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled")
|
||||
|
@ -762,15 +768,6 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1)
|
|||
endif
|
||||
endif
|
||||
|
||||
# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the
|
||||
# code taking the measurements and recording them has not been tampered
|
||||
# with. This is referred to as the Root of Trust for Measurement.
|
||||
ifeq ($(MEASURED_BOOT),1)
|
||||
ifneq (${TRUSTED_BOARD_BOOT},1)
|
||||
$(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1)
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq ($(PSA_FWU_SUPPORT),1)
|
||||
$(info PSA_FWU_SUPPORT is an experimental feature)
|
||||
endif
|
||||
|
@ -1022,6 +1019,7 @@ $(eval $(call assert_booleans,\
|
|||
SPM_MM \
|
||||
SPMD_SPM_AT_SEL2 \
|
||||
TRUSTED_BOARD_BOOT \
|
||||
CRYPTO_SUPPORT \
|
||||
USE_COHERENT_MEM \
|
||||
USE_DEBUGFS \
|
||||
ARM_IO_IN_DTB \
|
||||
|
@ -1136,6 +1134,7 @@ $(eval $(call add_defines,\
|
|||
SPM_MM \
|
||||
SPMD_SPM_AT_SEL2 \
|
||||
TRUSTED_BOARD_BOOT \
|
||||
CRYPTO_SUPPORT \
|
||||
TRNG_SUPPORT \
|
||||
USE_COHERENT_MEM \
|
||||
USE_DEBUGFS \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -15,6 +15,7 @@
|
|||
#include <common/bl_common.h>
|
||||
#include <common/debug.h>
|
||||
#include <drivers/auth/auth_mod.h>
|
||||
#include <drivers/auth/crypto_mod.h>
|
||||
#include <drivers/console.h>
|
||||
#include <lib/cpus/errata_report.h>
|
||||
#include <lib/utils.h>
|
||||
|
@ -121,10 +122,10 @@ void bl1_main(void)
|
|||
/* Perform remaining generic architectural setup from EL3 */
|
||||
bl1_arch_setup();
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
crypto_mod_init();
|
||||
|
||||
/* Initialize authentication module */
|
||||
auth_mod_init();
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
/* Initialize the measured boot */
|
||||
bl1_plat_mboot_init();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -13,6 +13,7 @@
|
|||
#include <common/bl_common.h>
|
||||
#include <common/debug.h>
|
||||
#include <drivers/auth/auth_mod.h>
|
||||
#include <drivers/auth/crypto_mod.h>
|
||||
#include <drivers/console.h>
|
||||
#include <drivers/fwu/fwu.h>
|
||||
#include <lib/extensions/pauth.h>
|
||||
|
@ -89,10 +90,10 @@ void bl2_main(void)
|
|||
fwu_init();
|
||||
#endif /* PSA_FWU_SUPPORT */
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
crypto_mod_init();
|
||||
|
||||
/* Initialize authentication module */
|
||||
auth_mod_init();
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
/* Initialize the Measured Boot backend */
|
||||
bl2_plat_mboot_init();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -143,25 +143,6 @@ exit:
|
|||
return io_result;
|
||||
}
|
||||
|
||||
/*
|
||||
* Load an image and flush it out to main memory so that it can be executed
|
||||
* later by any CPU, regardless of cache and MMU state.
|
||||
*/
|
||||
static int load_image_flush(unsigned int image_id,
|
||||
image_info_t *image_data)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = load_image(image_id, image_data);
|
||||
if (rc == 0) {
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
/*
|
||||
* This function uses recursion to authenticate the parent images up to the root
|
||||
|
@ -202,30 +183,6 @@ static int load_auth_image_recursive(unsigned int image_id,
|
|||
return -EAUTH;
|
||||
}
|
||||
|
||||
if (is_parent_image == 0) {
|
||||
/*
|
||||
* Measure the image.
|
||||
* We do not measure its parents because these only play a role
|
||||
* in authentication, which is orthogonal to measured boot.
|
||||
*
|
||||
* TODO: Change this code if we change our minds about measuring
|
||||
* certificates.
|
||||
*/
|
||||
rc = plat_mboot_measure_image(image_id, image_data);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
/*
|
||||
* Flush the image to main memory so that it can be executed
|
||||
* later by any CPU, regardless of cache and MMU state. This
|
||||
* is only needed for child images, not for the parents
|
||||
* (certificates).
|
||||
*/
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
@ -239,7 +196,7 @@ static int load_auth_image_internal(unsigned int image_id,
|
|||
}
|
||||
#endif
|
||||
|
||||
return load_image_flush(image_id, image_data);
|
||||
return load_image(image_id, image_data);
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
|
@ -266,6 +223,25 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data)
|
|||
} while ((err != 0) && (plat_try_next_boot_source() != 0));
|
||||
#endif /* PSA_FWU_SUPPORT */
|
||||
|
||||
if (err == 0) {
|
||||
/*
|
||||
* If loading of the image gets passed (along with its
|
||||
* authentication in case of Trusted-Boot flow) then measure
|
||||
* it (if MEASURED_BOOT flag is enabled).
|
||||
*/
|
||||
err = plat_mboot_measure_image(image_id, image_data);
|
||||
if (err != 0) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/*
|
||||
* Flush the image to main memory so that it can be executed
|
||||
* later by any CPU, regardless of cache and MMU state.
|
||||
*/
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
}
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
|
|
|
@ -529,9 +529,9 @@ Common build options
|
|||
the build. The default value is 40 in debug builds and 20 in release builds.
|
||||
|
||||
- ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot
|
||||
feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well
|
||||
in order to provide trust that the code taking the measurements and recording
|
||||
them has not been tampered with.
|
||||
feature. This flag can be enabled with ``TRUSTED_BOARD_BOOT`` in order to
|
||||
provide trust that the code taking the measurements and recording them has
|
||||
not been tampered with.
|
||||
|
||||
This option defaults to 0.
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -339,9 +339,6 @@ void auth_mod_init(void)
|
|||
/* Check we have a valid CoT registered */
|
||||
assert(cot_desc_ptr != NULL);
|
||||
|
||||
/* Crypto module */
|
||||
crypto_mod_init();
|
||||
|
||||
/* Image parser module */
|
||||
img_parser_init();
|
||||
}
|
||||
|
|
|
@ -46,8 +46,13 @@ void crypto_mod_init(void)
|
|||
{
|
||||
assert(crypto_lib_desc.name != NULL);
|
||||
assert(crypto_lib_desc.init != NULL);
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
assert(crypto_lib_desc.verify_signature != NULL);
|
||||
assert(crypto_lib_desc.verify_hash != NULL);
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
#if MEASURED_BOOT
|
||||
assert(crypto_lib_desc.calc_hash != NULL);
|
||||
#endif /* MEASURED_BOOT */
|
||||
|
||||
/* Initialize the cryptographic library */
|
||||
crypto_lib_desc.init();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -60,6 +60,7 @@ static void init(void)
|
|||
mbedtls_init();
|
||||
}
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
/*
|
||||
* Verify a signature.
|
||||
*
|
||||
|
@ -218,6 +219,7 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
|
|||
|
||||
return CRYPTO_SUCCESS;
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
#if MEASURED_BOOT
|
||||
/*
|
||||
|
@ -366,7 +368,7 @@ static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
|
|||
/*
|
||||
* Register crypto library descriptor
|
||||
*/
|
||||
#if MEASURED_BOOT
|
||||
#if MEASURED_BOOT && TRUSTED_BOARD_BOOT
|
||||
#if TF_MBEDTLS_USE_AES_GCM
|
||||
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
|
||||
auth_decrypt);
|
||||
|
@ -374,11 +376,13 @@ REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
|
|||
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
|
||||
NULL);
|
||||
#endif
|
||||
#else /* MEASURED_BOOT */
|
||||
#elif TRUSTED_BOARD_BOOT
|
||||
#if TF_MBEDTLS_USE_AES_GCM
|
||||
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash,
|
||||
auth_decrypt);
|
||||
#else
|
||||
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
|
||||
#endif
|
||||
#endif /* MEASURED_BOOT */
|
||||
#elif MEASURED_BOOT
|
||||
REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash);
|
||||
#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -7,8 +7,6 @@
|
|||
#ifndef AUTH_MOD_H
|
||||
#define AUTH_MOD_H
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
|
||||
#include <common/tbbr/cot_def.h>
|
||||
#include <common/tbbr/tbbr_img_def.h>
|
||||
#include <drivers/auth/auth_common.h>
|
||||
|
@ -46,7 +44,13 @@ typedef struct auth_img_desc_s {
|
|||
#endif /* COT_DESC_IN_DTB && !IMAGE_BL1 */
|
||||
|
||||
/* Public functions */
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
void auth_mod_init(void);
|
||||
#else
|
||||
static inline void auth_mod_init(void)
|
||||
{
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id);
|
||||
int auth_mod_verify_img(unsigned int img_id,
|
||||
void *img_ptr,
|
||||
|
@ -85,6 +89,4 @@ extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
|
|||
|
||||
#endif
|
||||
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
#endif /* AUTH_MOD_H */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -76,7 +76,14 @@ typedef struct crypto_lib_desc_s {
|
|||
} crypto_lib_desc_t;
|
||||
|
||||
/* Public functions */
|
||||
#if CRYPTO_SUPPORT
|
||||
void crypto_mod_init(void);
|
||||
#else
|
||||
static inline void crypto_mod_init(void)
|
||||
{
|
||||
}
|
||||
#endif /* CRYPTO_SUPPORT */
|
||||
|
||||
int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
|
||||
void *sig_ptr, unsigned int sig_len,
|
||||
void *sig_alg_ptr, unsigned int sig_alg_len,
|
||||
|
@ -93,7 +100,9 @@ int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
|
|||
int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
|
||||
unsigned int data_len,
|
||||
unsigned char output[CRYPTO_MD_MAX_SIZE]);
|
||||
#endif /* MEASURED_BOOT */
|
||||
|
||||
#if MEASURED_BOOT && TRUSTED_BOARD_BOOT
|
||||
/* Macro to register a cryptographic library */
|
||||
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
|
||||
_calc_hash, _auth_decrypt) \
|
||||
|
@ -105,7 +114,7 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
|
|||
.calc_hash = _calc_hash, \
|
||||
.auth_decrypt = _auth_decrypt \
|
||||
}
|
||||
#else
|
||||
#elif TRUSTED_BOARD_BOOT
|
||||
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
|
||||
_auth_decrypt) \
|
||||
const crypto_lib_desc_t crypto_lib_desc = { \
|
||||
|
@ -115,7 +124,14 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
|
|||
.verify_hash = _verify_hash, \
|
||||
.auth_decrypt = _auth_decrypt \
|
||||
}
|
||||
#endif /* MEASURED_BOOT */
|
||||
#elif MEASURED_BOOT
|
||||
#define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \
|
||||
const crypto_lib_desc_t crypto_lib_desc = { \
|
||||
.name = _name, \
|
||||
.init = _init, \
|
||||
.calc_hash = _calc_hash, \
|
||||
}
|
||||
#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */
|
||||
|
||||
extern const crypto_lib_desc_t crypto_lib_desc;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2021, Arm Limited. All rights reserved.
|
||||
* Copyright (c) 2021-2022, Arm Limited. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -87,6 +87,7 @@ int plat_mboot_measure_critical_data(unsigned int critical_data_id,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
static int fvp_populate_critical_data(struct fvp_critical_data *critical_data)
|
||||
{
|
||||
char *nv_ctr_oids[MAX_NV_CTR_IDS] = {
|
||||
|
@ -104,17 +105,26 @@ static int fvp_populate_critical_data(struct fvp_critical_data *critical_data)
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
static int fvp_populate_and_measure_critical_data(void)
|
||||
{
|
||||
int rc = 0;
|
||||
|
||||
/*
|
||||
* FVP platform only measures 'platform NV-counter' and hence its
|
||||
* measurement makes sense during Trusted-Boot flow only.
|
||||
*/
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
struct fvp_critical_data populate_critical_data;
|
||||
|
||||
int rc = fvp_populate_critical_data(&populate_critical_data);
|
||||
rc = fvp_populate_critical_data(&populate_critical_data);
|
||||
if (rc == 0) {
|
||||
rc = plat_mboot_measure_critical_data(CRITICAL_DATA_ID,
|
||||
&populate_critical_data,
|
||||
sizeof(populate_critical_data));
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -117,10 +117,15 @@ const mmap_region_t plat_arm_mmap[] = {
|
|||
#if TRUSTED_BOARD_BOOT
|
||||
/* To access the Root of Trust Public Key registers. */
|
||||
MAP_DEVICE2,
|
||||
#if !BL2_AT_EL3
|
||||
ARM_MAP_BL1_RW,
|
||||
#endif
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
#if CRYPTO_SUPPORT && !BL2_AT_EL3
|
||||
/*
|
||||
* To access shared the Mbed TLS heap while booting the
|
||||
* system with Crypto support
|
||||
*/
|
||||
ARM_MAP_BL1_RW,
|
||||
#endif /* CRYPTO_SUPPORT && !BL2_AT_EL3 */
|
||||
#if SPM_MM
|
||||
ARM_SP_IMAGE_MMAP,
|
||||
#endif
|
||||
|
@ -444,7 +449,7 @@ void fvp_interconnect_disable(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
#if CRYPTO_SUPPORT
|
||||
int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
|
||||
{
|
||||
assert(heap_addr != NULL);
|
||||
|
@ -452,7 +457,7 @@ int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
|
|||
|
||||
return arm_get_mbedtls_heap(heap_addr, heap_size);
|
||||
}
|
||||
#endif
|
||||
#endif /* CRYPTO_SUPPORT */
|
||||
|
||||
void fvp_timer_init(void)
|
||||
{
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2014-2021, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -144,12 +144,10 @@
|
|||
* PLAT_ARM_MAX_BL2_SIZE is calculated using the current BL2 debug size plus a
|
||||
* little space for growth.
|
||||
*/
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
#if COT_DESC_IN_DTB
|
||||
#if TRUSTED_BOARD_BOOT && COT_DESC_IN_DTB
|
||||
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1E000) - FVP_BL2_ROMLIB_OPTIMIZATION)
|
||||
#else
|
||||
#elif CRYPTO_SUPPORT
|
||||
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - FVP_BL2_ROMLIB_OPTIMIZATION)
|
||||
#endif
|
||||
#else
|
||||
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
|
||||
#endif
|
||||
|
@ -187,17 +185,17 @@
|
|||
* Size of cacheable stacks
|
||||
*/
|
||||
#if defined(IMAGE_BL1)
|
||||
# if TRUSTED_BOARD_BOOT
|
||||
# if CRYPTO_SUPPORT
|
||||
# define PLATFORM_STACK_SIZE UL(0x1000)
|
||||
# else
|
||||
# define PLATFORM_STACK_SIZE UL(0x500)
|
||||
# endif
|
||||
# endif /* CRYPTO_SUPPORT */
|
||||
#elif defined(IMAGE_BL2)
|
||||
# if TRUSTED_BOARD_BOOT
|
||||
# if CRYPTO_SUPPORT
|
||||
# define PLATFORM_STACK_SIZE UL(0x1000)
|
||||
# else
|
||||
# define PLATFORM_STACK_SIZE UL(0x600)
|
||||
# endif
|
||||
# endif /* CRYPTO_SUPPORT */
|
||||
#elif defined(IMAGE_BL2U)
|
||||
# define PLATFORM_STACK_SIZE UL(0x400)
|
||||
#elif defined(IMAGE_BL31)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
|
||||
# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
#
|
||||
|
@ -376,10 +376,6 @@ endif
|
|||
include plat/arm/board/common/board_common.mk
|
||||
include plat/arm/common/arm_common.mk
|
||||
|
||||
ifeq (${TRUSTED_BOARD_BOOT}, 1)
|
||||
BL1_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
|
||||
BL2_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
|
||||
|
||||
ifeq (${MEASURED_BOOT},1)
|
||||
BL1_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
|
||||
plat/arm/board/fvp/fvp_bl1_measured_boot.c
|
||||
|
@ -387,6 +383,10 @@ BL2_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
|
|||
plat/arm/board/fvp/fvp_bl2_measured_boot.c
|
||||
endif
|
||||
|
||||
ifeq (${TRUSTED_BOARD_BOOT}, 1)
|
||||
BL1_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
|
||||
BL2_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
|
||||
|
||||
# FVP being a development platform, enable capability to disable Authentication
|
||||
# dynamically if TRUSTED_BOARD_BOOT is set.
|
||||
DYN_DISABLE_AUTH := 1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -202,10 +202,10 @@ void arm_bl1_platform_setup(void)
|
|||
assert(desc != NULL);
|
||||
desc->ep_info.args.arg0 = fw_config_info->config_addr;
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
#if CRYPTO_SUPPORT
|
||||
/* Share the Mbed TLS heap info with other images */
|
||||
arm_bl1_set_mbedtls_heap();
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
#endif /* CRYPTO_SUPPORT */
|
||||
|
||||
/*
|
||||
* Allow access to the System counter timer module and program
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
|
||||
# Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
#
|
||||
|
@ -358,10 +358,8 @@ endif
|
|||
ifneq (${TRUSTED_BOARD_BOOT},0)
|
||||
|
||||
# Include common TBB sources
|
||||
AUTH_SOURCES := drivers/auth/auth_mod.c \
|
||||
drivers/auth/crypto_mod.c \
|
||||
drivers/auth/img_parser_mod.c \
|
||||
lib/fconf/fconf_tbbr_getter.c
|
||||
AUTH_SOURCES := drivers/auth/auth_mod.c \
|
||||
drivers/auth/img_parser_mod.c
|
||||
|
||||
# Include the selected chain of trust sources.
|
||||
ifeq (${COT},tbbr)
|
||||
|
@ -389,6 +387,12 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
|
|||
|
||||
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
|
||||
|
||||
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
|
||||
|
||||
$(info Including ${IMG_PARSER_LIB_MK})
|
||||
include ${IMG_PARSER_LIB_MK}
|
||||
endif
|
||||
|
||||
# Include Measured Boot makefile before any Crypto library makefile.
|
||||
# Crypto library makefile may need default definitions of Measured Boot build
|
||||
# flags present in Measured Boot makefile.
|
||||
|
@ -398,20 +402,21 @@ ifeq (${MEASURED_BOOT},1)
|
|||
include ${MEASURED_BOOT_MK}
|
||||
endif
|
||||
|
||||
ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),)
|
||||
CRYPTO_SOURCES := drivers/auth/crypto_mod.c \
|
||||
lib/fconf/fconf_tbbr_getter.c
|
||||
BL1_SOURCES += ${CRYPTO_SOURCES}
|
||||
BL2_SOURCES += ${CRYPTO_SOURCES}
|
||||
|
||||
# We expect to locate the *.mk files under the directories specified below
|
||||
ifeq (${ARM_CRYPTOCELL_INTEG},0)
|
||||
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
|
||||
else
|
||||
CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
|
||||
endif
|
||||
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
|
||||
ifeq (${ARM_CRYPTOCELL_INTEG},0)
|
||||
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
|
||||
else
|
||||
CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
|
||||
endif
|
||||
|
||||
$(info Including ${CRYPTO_LIB_MK})
|
||||
include ${CRYPTO_LIB_MK}
|
||||
|
||||
$(info Including ${IMG_PARSER_LIB_MK})
|
||||
include ${IMG_PARSER_LIB_MK}
|
||||
|
||||
endif
|
||||
|
||||
ifeq (${RECLAIM_INIT_CODE}, 1)
|
||||
|
@ -419,4 +424,3 @@ ifeq (${RECLAIM_INIT_CODE}, 1)
|
|||
$(error "To reclaim init code xlat tables v2 must be used")
|
||||
endif
|
||||
endif
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -13,9 +13,9 @@
|
|||
#include <common/debug.h>
|
||||
#include <common/desc_image_load.h>
|
||||
#include <common/tbbr/tbbr_img_def.h>
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
#if CRYPTO_SUPPORT
|
||||
#include <drivers/auth/mbedtls/mbedtls_config.h>
|
||||
#endif
|
||||
#endif /* CRYPTO_SUPPORT */
|
||||
#include <lib/fconf/fconf.h>
|
||||
#include <lib/fconf/fconf_dyn_cfg_getter.h>
|
||||
#include <lib/fconf/fconf_tbbr_getter.h>
|
||||
|
@ -23,7 +23,7 @@
|
|||
#include <plat/arm/common/arm_dyn_cfg_helpers.h>
|
||||
#include <plat/arm/common/plat_arm.h>
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
#if CRYPTO_SUPPORT
|
||||
|
||||
static void *mbedtls_heap_addr;
|
||||
static size_t mbedtls_heap_size;
|
||||
|
@ -118,7 +118,7 @@ void arm_bl1_set_mbedtls_heap(void)
|
|||
#endif /* !MEASURED_BOOT */
|
||||
}
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
#endif /* CRYPTO_SUPPORT */
|
||||
|
||||
/*
|
||||
* BL2 utility function to initialize dynamic configuration specified by
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (c) 2018-2021, Renesas Electronics Corporation. All rights reserved.
|
||||
# Copyright (c) 2018-2022, Renesas Electronics Corporation. All rights reserved.
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
#
|
||||
|
@ -17,6 +17,11 @@ MULTI_CONSOLE_API := 1
|
|||
CRASH_REPORTING := 1
|
||||
HANDLE_EA_EL3_FIRST := 1
|
||||
|
||||
# This option gets enabled automatically if the TRUSTED_BOARD_BOOT
|
||||
# is set via root Makefile, but Renesas support Trusted-Boot without
|
||||
# Crypto module.
|
||||
override CRYPTO_SUPPORT := 0
|
||||
|
||||
$(eval $(call add_define,PLAT_EXTRA_LD_SCRIPT))
|
||||
|
||||
ifeq (${SPD},none)
|
||||
|
|
Loading…
Reference in New Issue