This patch extends the FIP tool to include the certificates
generated by the 'cert_create' tool.
If GENERATE_COT build option is enabled, the Makefile adds the
certificates as dependencies to create the FIP file. Thus, make
target 'fip' will also build the certificates as part of the
Trusted Firmware build process.
Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074
This patch adds a tool that generates all the necessary elements
to establish the chain of trust (CoT) between the images.
The tool reads the binary images and signing keys and outputs the
corresponding certificates that will be used by the target at run
time to verify the authenticity of the images.
Note: the platform port must provide the file platform_oid.h. This
file will define the OIDs of the x509 extensions that will be added
to the certificates in order to establish the CoT.
Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
If one of the files passed to fip_create on the command line doesn't
exist, it will print an error message but produce an incomplete
fip.bin file and report success. This behaviour could potentially
hide errors made in the command line arguments.
This patch addresses the issue by having the tool bail out if one of
the supplied files can't be processed.
Signed-off-by: Kévin Petit <kevin.petit@arm.com>
FixesARM-software/tf-issues#279
Change-Id: I1c7d87d09eb4c063005b7969bdaad1d043c29dec
The 'fiptool' target doesn't depend on fip_create's source files,
neither directly nor indirectly. As a result, the FIP tool is not
rebuilt whenever its source files change.
This patch makes the ${FIPTOOL} target into a phony target so that the
FIP tool's sub-makefile is always called. The sub-makefile correctly
handles the dependencies. It also moves the completion message into
the sub-makefile so that it is only displayed when the tool is
actually recompiled.
FixesARM-software/tf-issues#278
Change-Id: Ia027519fe51d3c42be30665d1ad20a7b89fa350f
Add tag names to all unnamed structs in header files. This
allows forward declaration of structs, which is necessary to
reduce header file nesting (to be implemented in a subsequent
commit).
Also change the typedef names across the codebase to use the _t
suffix to be more conformant with the Linux coding style. The
coding style actually prefers us not to use typedefs at all but
this is considered a step too far for Trusted Firmware.
Also change the IO framework structs defintions to use typedef'd
structs to be consistent with the rest of the codebase.
Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.
Also remove pm.h as it is no longer used.
Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
Previously to this path, the FIP tool used to print the following,
misleading error message when called without any argument or with
'--help' option:
ERROR: Too many arguments
This patch fixes this behavior by printing the following error
message instead:
ERROR: Missing FIP filename
If called with '--help', no error message is printed and only the
help message is displayed.
Change-Id: Ib281b056f5cd3bc2f66d98be0b0cb2a0aed7c6a8
This patch makes use of different values for '--dump' and other
command-line options. This makes the code simpler and also
optimises it a bit (because it avoids a string comparison).
Change-Id: I1c8345f210074fc5f962ea0282fd3625775dec69
At present the fip.bin depends on phony targets for BL images, resulting
in unconditional remake of fip.bin. Also the build messages doesn't
match with the rest of build system.
This patch modifies the fip.bin dependencies to the actual BL binary
images so that fip.bin is remade only when the component images are
rebuilt/modified. The build messages and FIP Makefile are modified to
match the style of rest of the build system.
Change-Id: I8dd08666ff766d106820a5b4b037c2161bcf140f
This tool can be used to create a Firmware Image Packages (FIP). These
FIPs store a combined set of firmware images with a Table of Contents
(ToC) that can be loaded by the firmware from platform storage.
- Add uuid.h from FreeBSD.
- Use symbolic links to shared headers otherwise unwanted headers and
definitions are pulled in.
- A FIP is created as part of the default FVP build.
- A BL3-3 image(e.g. UEFI) must be provided.
Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
Juan Castillo
Kévin Petit
Sandrine Bailleux
Harry Liebel
Dan Handley
Jeenu Viswambharan