a93084be95
Upgrade to the latest and greatest 2.x release of Mbed TLS library (i.e. v2.28.0) to take advantage of their bug fixes. Note that the Mbed TLS project published version 3.x some time ago. However, as this is a major release with API breakages, upgrading to 3.x might require some more involved changes in TF-A, which we are not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7 release of TF-A. Actually, the upgrade this time simply boils down to including the new source code module 'constant_time.c' into the firmware. To quote mbed TLS v2.28.0 release notes [1]: The mbedcrypto library includes a new source code module constant_time.c, containing various functions meant to resist timing side channel attacks. This module does not have a separate configuration option, and functions from this module will be included in the build as required. As a matter of fact, if one is attempting to link TF-A against mbed TLS v2.28.0 without the present patch, one gets some linker errors due to missing symbols from this new module. Apart from this, none of the items listed in mbed TLS release notes [1] directly affect TF-A. Special note on the following one: Fix a bug in mbedtls_gcm_starts() when the bit length of the iv exceeds 2^32. In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption feature is enabled with AES-GCM as the authenticated decryption algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a 32-bit value which by definition is always less than 2**32. Therefore, we are immune to this bug. With this upgrade, the size of BL1 and BL2 binaries does not appear to change on a standard sample test build (with trusted boot and measured boot enabled). [1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0 Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> |
||
|---|---|---|
| .husky | ||
| bl1 | ||
| bl2 | ||
| bl2u | ||
| bl31 | ||
| bl32 | ||
| common | ||
| docs | ||
| drivers | ||
| fdts | ||
| include | ||
| lib | ||
| licenses | ||
| make_helpers | ||
| plat | ||
| services | ||
| tools | ||
| .checkpatch.conf | ||
| .commitlintrc.js | ||
| .cz.json | ||
| .editorconfig | ||
| .gitignore | ||
| .gitreview | ||
| .versionrc.js | ||
| Makefile | ||
| changelog.yaml | ||
| dco.txt | ||
| license.rst | ||
| package-lock.json | ||
| package.json | ||
| readme.rst | ||
readme.rst
Trusted Firmware-A
Trusted Firmware-A (TF-A) is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor. It provides a suitable starting point for productization of secure world boot and runtime firmware, in either the AArch32 or AArch64 execution states.
TF-A implements Arm interface standards, including:
- Power State Coordination Interface (PSCI)
- Trusted Board Boot Requirements CLIENT (TBBR-CLIENT)
- SMC Calling Convention
- System Control and Management Interface (SCMI)
- Software Delegated Exception Interface (SDEI)
The code is designed to be portable and reusable across hardware platforms and software models that are based on the Armv8-A and Armv7-A architectures.
In collaboration with interested parties, we will continue to enhance TF-A with reference implementations of Arm standards to benefit developers working with Armv7-A and Armv8-A TrustZone technology.
Users are encouraged to do their own security validation, including penetration testing, on any secure world code derived from TF-A.
More Info and Documentation
To find out more about Trusted Firmware-A, please view the full documentation that is available through trustedfirmware.org.
Copyright (c) 2013-2019, Arm Limited and Contributors. All rights reserved.