Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.
Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.
Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
This patch adds documentation for the new KEY_SIZE build option that is
exposed by cert_create, and instructions on how to use it.
Change-Id: I09b9b052bfdeeaca837e0f0026e2b01144f2472c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.
Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.
Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
Disable gic cpu interface for powered down cpu. This patch also removes
core reset during power off as core reset will be done during power on
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2ca96d876b6e71e56d24a9a7e184b6d6226b8673
As part of the code refactoring fix the order of the include files
across all the source files.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ice72f687cc26ee881a9051168149467688100cfb
Make the header guards more generic and contextually remove the
GXBB_BL31_PLAT_PARAM_VAL value that is unused on the GXL platform.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I842fa2e084e71280ae17b39c67877e844821a171
Zeus supports the SSBS mechanism and also the new MSR instruction to
immediately apply the mitigation. Hence, the new instruction is utilised
in the Zeus-specific reset function.
Change-Id: I962747c28afe85a15207a0eba4146f9a115b27e7
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Sparse warns this:
lib/libc/assert.c:29:6: error: symbol '__assert' redeclared with different type (originally declared at include/lib/libc/assert.h:36) - different modifiers
Add __dead2 to match the header declaration and C definition.
I also changed '__dead2 void' to 'void __dead2' for the consistency
with other parts.
Change-Id: Iefa4f0e787c24fa7e7e499d2e7baf54d4deb49ef
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Common ipi_table needs to be initialized before using any
IPI command (i.e send/receive). Move zynqmp ipi config table
initialization from sip_svc_setup() to zynqmp_config_setup().
Change-Id: Ic8aaa0728a43936cd4c6e1ed590e01ba8f0fbf5b
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Jolly Shah <jolly.shah@xilinx.com>
* changes:
mmc: stm32_sdmmc2: correctly manage block size
mmc: stm32_sdmmc2: manage max-frequency property from DT
stm32mp1: move check_header() to common code
stm32mp1: keep console during runtime
stm32mp1: sp_min: initialize MMU and cache earlier
stm32mp1: add support for LpDDR3
stm32mp1: use a common function to check spinlock is available
clk: stm32mp: enable RTCAPB clock for dual-core chips
stm32mp1: check if the SoC is single core
stm32mp1: print information about board
stm32mp1: print information about SoC
stm32mp1: add watchdog support
A new build flag, CTX_INCLUDE_MTE_REGS, has been added; this patch adds
documentation for it in the User Guide along with instructions of what
different values mean.
Change-Id: I430a9c6ced06b1b6be317edbeff4f5530e30f63a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
This patch adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that support
at EL0. To enable it at ELx for both the non-secure and the secure
world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
and restoring when necessary in order to prevent register leakage
between the worlds.
Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Remove the GXBB prefix where needed and add SoC specific prefixes for
GXBB/GXL.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic3eb3a77ca2d9c779a9dee5cee786e9c16ecdb27
Remove the GXBB prefix from the code in the common directory and add
SoC-specific prefixes in the SoC specific code.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic983ef70b0ef23f95088dd8df488d8c42c3bc030
Add a new aml_* prefix to the SCPI related function calls.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I697812ac1c0df28cbb639a1dc3e838f1107fb739
Make the MHU code AML specific adding a new aml_* prefix and remove the
GXBB prefix from the register names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I8f20918e29f08542bd71bd679f88e65b4efaa7d2
All the SIP/SVC related code is currently the same between GXL and GXBB.
Rename function names and register names to avoid hardcoding the GXBB
prefix.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I7e58ab68489df8d4762663fc01fb64e6899cc8bf
The header file is shared between all the SoCs. Better avoiding
hardcoding the SoC name in the function names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I9074871bd1ed8a702c1a656e0f50f2d3c6cb0425
The efuse driver is hardcoding the GXBB prefix. No need to do that since
the driver is shared between multiple SoCs.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I97691b0bbd55170d8216d301a3fc04feb8c2af2e
Fixing at the same time the related register names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ib1130d50abe6088f1c0826878d1ae454a0f23008
The code is the common directory is now generic, no need to have the SoC
prefix hardcoded in the function names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ied3a5e506b9abd4c2d6f893bafef50019bff24f1
Now that every piece is in place, the makefiles can be refactored and
slightly beautified removing useless and redundant parts.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: If74e1909df52d475cf4b0dfed819d07d3a4c85b9
The code is the same between GXBB and GXL. Move it to the common source
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I875689a6fd029971aa755fc2725217e90ed06b6c
As done already for multiple files, move the topology file to the common
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaca357a089593ad58c35c05c929239132249dcda
As for most of the Amlogic code, this is common between the Amlogic
SoCs. Move the code to the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Id3f0073ff1f0b9ddbe964f80303323ee4a2f27b0
The MHU code is shared between all the supported platforms. Move it to
the common directory instead.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaf53122866eae85c13f772927d16836dcfa877a3
The efuse code is the same between GXL and GXBB. Move the code to common
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ie37f21d1907a36292724f1fb645a78041fe4a6b3
The platform macros are shared between all the SoCs. Move it to common
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ia04c3ffe4d7b068aa701268ed99f69995d8db92b
Now that also the SHA256 DMA driver is shared between all the SoCs, we
can have one single private platform header file.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I77d51915f9d8233aeceeed66ed1f491573402cfc
The SCPI code is the same between GXBB and GXL. No need to have it
replicated for each SoCs. Move it to the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I7e416caf1e9538b3ce7702c0363ee00a054e2451
The SHA256 DMA driver can be used by multiple SoCs. Move it to the
common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I96319eeeeeebd503ef0dcb07c0e4ff6a67afeaa5
The assembly helpers are common to all the amlogic SoCs. Move the .S
file to the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I0d8616a7ae22dbcb14848cefd0149b6bb5814ea6
Make the platform name a parameter for the source directories. Besides a
cosmetic fix, this is going to be helpful when reusing the same Makefile
for different SoCs.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I307897a21800cca8ad68a5ab8972d27e9356ff2a
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
The #include "mbedtls/check_config.h" directive first searches for
the header in the relative path to mbedtls_config.h, i.e.
include/drivers/auth/mbedtls/mbedtls/check_config.h
Obviously, it does not exist since check_config.h is located in
the mbedtls project.
It is more sensible to use #include <...> form.
Change-Id: If72a71381f84e7748a2c9f07dd1176559d9bb1d2
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Justin Chadwell
Soby Mathew
Hadi Asyrafi
Carlo Caione
John Tsichritzis
Masahiro Yamada
Jolly Shah
Sandrine Bailleux
zelalem-aweke