To avoid timing side-channel attacks, it is needed to use a constant
time memory comparison function when comparing hashes. The affected
code only cheks for equality so it isn't needed to use any variant of
memcmp(), bcmp() is enough.
Also, timingsafe_bcmp() is as fast as memcmp() when the two compared
regions are equal, so this change incurrs no performance hit in said
case. In case they are unequal, the boot sequence wouldn't continue as
normal, so performance is not an issue.
Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.
For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)
For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.
Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like
follows:
$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
$(OBJ): $(2)
@echo " CC $$<"
$$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
This means, IMAGE_BL* is defined when building the corresponding
image, but *undefined* for the other images.
So, IMAGE_BL* belongs to the latter group where we should use #ifdef
or #ifndef.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
In mbedtls_x509_parser.c there are some static arrays that are filled
during the integrity check and then read whenever an authentication
parameter is requested. However, they aren't cleared in case of an
integrity check failure, which can be problematic from a security
point of view. This patch clears these arrays in the case of failure.
Change-Id: I9d48f5bc71fa13e5a75d6c45b5e34796ef13aaa2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
We are duplicating this macro define, and it is useful enough
to be placed in the common place.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tbz check for RDR status is to check for a bit being zero.
Unfortunately, we are using a mask rather than the bit position.
Further as per http://www.ti.com/lit/ds/symlink/pc16550d.pdf (page 17),
LSR register bit 0 is Data ready status (RDR), not bit position 2.
Update the same to match the specification.
Reported-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
This comment block says the default algorithm is ESDSA, while the
code obviously sets the default to RSA:
ifeq (${MBEDTLS_KEY_ALG},)
MBEDTLS_KEY_ALG := rsa
endif
The git log of commit 7d37aa1711 ("TBB: add mbedTLS authentication
related libraries") states available options are:
* 'rsa' (for RSA-2048) (default option)
* 'ecdsa' (for ECDSA-SECP256R1)
So, my best guess is the comment block is wrong.
The mismatch between the code and the comment is confusing. Fix it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate. This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.
The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.
Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.
A new optional platform API has been introduced, named
plat_set_nv_ctr2(). Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters. A default weak implementation is available
that just calls into plat_set_nv_ctr().
FixesARM-software/tf-issues#426
Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Some GICv3 implementations have provision for power management
operations at Redistributor level. This patch introduces and provides
place-holders for Redistributor power management. The default
implementations are empty stubs, but are weakly bound so as to enable
implementation-specific drivers to override them.
Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch makes following miscellaneous fixes:
* pl011_console.S: Fixed the bit mask used to check if the
transmit FIFO is full or empty.
* smcc_macros.S: Added `_fsxc` suffix while updating the SPSR.
By default the assembler assumes `_fc` suffix which does not
update all the fields in SPSR. By adding `_fsxc` suffix all
the fields gets updated.
* platform_helpers.S: Removed the weak definition for
`plat_my_core_pos()` as this is a mandatory function which
needs to be defined by all platforms.
Change-Id: I8302292533c943686fff8d7c749a07132c052a3b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Currently the GICv3 driver mandates that platform populate
both G1S and G0 interrupts. However, it is possible that a
given platform is not interested in both the groups and
just needs to specify either one of them.
This patch modifies the `gicv3_rdistif_init()` & `gicv3_distif_init()`
functions to allow either G1S or G0 interrupts to be configured.
FixesARM-software/tf-issues#400
Change-Id: I43572b0e08ae30bed5af9334f25d35bf439b0d2b
Support CMD23. When CMD23 is used, CMD12 could be avoided.
Two scenarios:
1. CMD17 for single block, CMD18 + CMD12 for multiple blocks.
2. CMD23 + CMD18 for both single block and multiple blocks.
The emmc_init() should initialize whether CMD23 is supported
or not.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
As per the GICv3 specification, to power down a processor using GICv3
and allow automatic power-on if an interrupt must be sent to a processor,
software must set Enable to zero for all interrupt groups(by writing to
GICC_CTLR or ICC_IGRPEN{0,1}_EL1/3 as appropriate.
Also, NonSecure EL1 software may not be aware of the CPU power state
details and fail to choose right states that require quiescing the CPU
interface. So it's preferred that the PSCI implementation handles it as
it is fully aware of the CPU power states.
This patch adds disabling of Group1 NonSecure interrupts during processor
power down along with Group0 and Group1 Secure interrupts so that all the
interrupt groups are handled at once as per specification.
Change-Id: Ib564d773c9c4c41f2ca9471451c030e3de75e641
This patch modifies GICv3 and TZC drivers to add AArch32 support.
No modifications are required for the GICv2 driver for AArch32 support.
The TZC driver assumes that the secure world is running in Little-Endian
mode to do 64 bit manipulations. Assertions are present to validate the
assumption.
Note: The legacy GICv3 driver is not supported for AArch32.
Change-Id: Id1bc75a9f5dafb9715c9500ca77b4606eb1e2458
This patch moves the various assembly console drivers
into `aarch64` architecture specific folder. Stub files,
which include files from new location, are retained at the
original location for platform compatibility reasons.
Change-Id: I0069b6c1c0489ca47f5204d4e26e3bc3def533a8
If buffer address parameter isn't aligned, it may cause
DMA issue in block device driver, as eMMC. Now check the buffer
address. If it's not aligned, use temporary buffer in io block
driver instead.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
This patch fixes the offset of GICD_IROUTER register defined in gicv3.h.
Although the GICv3 documention mentions that the offset for this register
is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is :
0x6000 + 8n, where n >= 32
This requires the offset for GICD_IROUTER to be defined as 0x6000.
FixesARM-software/tf-issues#410
Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
The legacy GIC driver assumes that the SGIs and PPIs are Group0 during
initialization. This is true if the driver is the first one to initialize
the GIC hardware after reset. But in some cases, earlier BL stages could
have already initialized the GIC hardware which means that SGI and PPI
configuration are not the expected reset values causing assertion failure
in `gicd_set_ipriorityr()`. This patch explicitly resets the SGI and PPI
to Group0 prior to their initialization in the driver. The same patch is
not done in the GICv2-only driver because unlike in the legacy driver,
`gicd_set_ipriorityr()` of GICv2 driver doesn't enforce this policy and
the appropriate group is set irrespective of the initial value.
FixesARM-software/tf-issues#396
Change-Id: I521d35caa37470ce542c796c2ba99716e4763105
A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.
FixesARM-software/tf-issues#381
Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
On some platform gpio can set/get pull status when input, add these
function so we can set/get gpio pull status when need it. And they are
optional function.
This patch adds the API `ccn_get_part0_id` to query the PART0 ID from the
PERIPHERAL_ID 0 register in the CCN driver. This ID allows to distinguish
the variant of CCN present on the system and possibly enable dynamic
configuration of the IP based on the variant. Also added an assert in
`ccn_master_to_rn_id_map()` to ensure that the master map bitfield provided
by the platform is within the expected interface id.
Change-Id: I92d2db7bd93a9be8a7fbe72a522cbcba0aba2d0e
Add delay timer implementation based on the system generic counter.
This either uses the platform's implementation of
`plat_get_syscnt_freq()` or explicit clock multiplier/divider values
provided by the platform.
The current implementation of udelay has been modified to avoid
unnecessary calculations while waiting on the loop and to make it
easier to check for overflows.
Change-Id: I9062e1d506dc2f68367fd9289250b93444721732
Allow to handle cases where some images are pre-loaded (by debugger for
instance) without introducing many switches in files calling load_* functions.
Fixes: arm-software/tf-issues#398
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
In a lot of embedded platforms, eMMC device is the only one storage
device. So loading content from eMMC device is required in ATF.
Create the emmc stack that could co-work with IO block driver.
Support to read/write/erase eMMC blocks on both rpmb and normal
user area. Support to change the IO speed and bus width.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
FIP is accessed as memory-mapped type. eMMC is block device type.
In order to support FIP based on eMMC, add the new io_block layer.
io_block always access eMMC device as block size. And it'll only
copy the required data into buffer in io_block driver. So preparing
an temporary buffer is required.
When use io_block device, MAX_IO_BLOCK_DEVICES should be declared
in platform_def.h. It's used to support multiple block devices.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Currently the `tzc400_configure_region` and `tzc_dmc500_configure_region`
functions uses uintptr_t as the data type for `region_top` and `region_base`
variables, which will be converted to 32/64 bits for AArch32/AArch64
respectively. But the expectation is to keep these addresses at least 64 bit.
This patch modifies the data types to make it at least 64 bit by using
unsigned long long instead of uintptr_t for the `region_top` and
`region_base` variables. It also modifies the associated macros
`_tzc##fn_name##_write_region_xxx` accordingly.
Change-Id: I4e3c6a8a39ad04205cf0f3bda336c3970b15a28b
The ARM CoreLink DMC-500 Dynamic Memory Controller provides the
programmable address region control of a TrustZone Address Space
Controller. The access permissions can be defined for eight
separate address regions plus a background or default region.
This patch adds a DMC-500 driver to define address regions and
program their access permissions as per ARM 100131_0000_02_en
(r0p0) document.
Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6
TrustZone protection can be programmed by both memory and TrustZone
address space controllers like DMC-500 and TZC-400. These peripherals
share a similar programmer's view.
Furthermore, it is possible to have multiple instances of each type of
peripheral in a system resulting in multiple programmer's views.
For example, on the TZC-400 each of the 4 filter units can be enabled
or disabled for each region. There is a single set of registers to
program the region attributes. On the DMC-500, each filter unit has its
own programmer's view resulting in multiple sets of registers to program
the region attributes. The layout of the registers is almost the same
across all these variations.
Hence the existing driver in `tzc400\tzc400.c` is refactored into the
new driver in `tzc\tzc400.c`. The previous driver file is still maintained
for compatibility and it is now deprecated.
Change-Id: Ieabd0528e244582875bc7e65029a00517671216d
This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.
The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.
** NEW PLATFORM APIs (mandatory when TBB is enabled) **
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
This API sets a new counter value. The cookie may be
used to select the counter to be updated.
An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.
** IMPORTANT **
THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.
Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
Hence memmap device can be used to load an image without being wrapped in a
FIP.
Fixesarm-software/tf-issues#371
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
The PL011 initialization function disables the UART, flushes the FIFO
and waits for the current character to be transmitted before applying
the configuration and enabling the UART. This waiting might result in
a deadlock if the FIFO is disabled while another CPU is printing a
message since the flush of FIFO will never finish.
This patch fixes the problem by removing the flush operation and the
loop for last character completion from the initialization function.
The UART is disabled, configured and enabled again.
Change-Id: I1ca0b6bd9f352c12856f10f174a9f6eaca3ab4ea
Antonio Nino Diaz
danh-arm
Masahiro Yamada
Haojian Zhuang
davidcunado-arm
Nishanth Menon
dp-arm
Jeenu Viswambharan
Yatharth Kochar
Sudeep Holla
Soby Mathew
Caesar Wang
Gerald Lejeune
Soren Brinkmann
Vikram Kanigiri
Juan Castillo