The object target in the fiptool Makefile only depends on the
corresponding source file so it won't rebuild the object, if a header
file used by the source file is changed.
To make it rebuild the object file for both source and header file
changes, a dependency file will now be generated for each object and
included in the Makefile.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I0468c6e9c54126242150667268d471f28e011b0d
Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.
However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3
Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
SAVE_KEYS is set to '0' by default, causing cert_create to
show the 'Key filename not specified' message on each run
even though this is perfectly normal. Show the message only
in the VERBOSE log level.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Change-Id: I472cdec2670055ab0edd99d172f79d01ad575972
Move all plat_fiptool.mks into tools, change the logic to recursively
check for tools/fiptool/plat_fiptool/<plat_path>/plat_fiptool.mk
I.e. for a platform that has the path "plat/arm/board/tc/platform.mk",
the makefile will now load the first existing file from:
- tools/fiptool/plat_fiptool/arm/board/tc/plat_fiptool.mk
- tools/fiptool/plat_fiptool/arm/board/plat_fiptool.mk
- tools/fiptool/plat_fiptool/arm/plat_fiptool.mk
This enables fiptool to support multiple platforms, or a specific one.
Remove file-copying previously being used to handle old default path.
Remove custom file cleaning in plat_fiptool.mk.
Change-Id: I95245bcf7143b329481d4394ab64f29bfe9de5ab
Signed-off-by: Raef Coles <raef.coles@arm.com>
When FIP is programmed in a disk partition, fiptool cannot be used
directly; this forces the user to temporarily copy the partition
to a file, apply fiptool and copy back the file. This is caused by
fstat() that returns zero file size on a block special file, thus
making fiptool commands info, update, unpack and remove to exit.
For either Linux host or Linux target, recover the partition size
with ioctl() and use it as FIP file size. E.g.:
fiptool info /dev/disk/by-partlabel/fip-a
fiptool info /dev/mtdblock4
While there, rework two identical error log messages to provide
more details about the failure and update the date in copyright.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Change-Id: I7cab60e577422d94c24ba7e39458f58bcebc2336
In the generated sp_gen.mk, add a dependency to the image described in
the sp_layout.json file to make sure that the pkg file is re-generated
if the SP image is updated.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Id936f907d6baa6b0627c4bb9608323e5157c7a9b
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
Replace the "is/is not" operator by "==/!=" for literals, to fix the
syntax warnings below:
tools/sptool/sp_mk_generator.py:93: SyntaxWarning: "is not" with a literal. Did you mean "!="?
return len(sppkg_rule) is not 0
tools/sptool/sp_mk_generator.py:203: SyntaxWarning: "is" with a literal. Did you mean "=="?
assert(len(uuid_lines) is 1)
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I10800f6b607942542aa2cbaaecac86b854f6b56a
The script 'sp_mk_generator.py' was reworked in [1]. There was a
reference the variable 'data' left. This variable 'data' used to refer
to the json data of a the sp layout file.
This patch fixed the reference with the proper variable according to the
rework [1].
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a96a07bfb66b7d38fe3da824e8ba183967659008
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I9ddbfa8d55a114bcef6997920522571e070fc7d2
Add dependency between rules to generate SP packages and their dtb files
to ensure the dtb files are built before the sptool attempts to generate
the SP package.
Change-Id: I071806f4aa09f39132e3e1990c91d71dc9acd728
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1ba559e188ad8c33cb0e643d7a2fc6fb96736ab9
Selection of the cca chain of trust is done through the COT build
option:
> make COT=cca
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I123c0a841f67434633a3123cc1fa3e2318585482
Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.
Changes were made following the OpenSSL 3.0 migration guide:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
In some cases, those changes are straightforward and only
a small modification on the types or API calls was needed
(e.g.: replacing BN_pseudo_rand() with BN_rand(). Both identical
since v1.1.0).
The use of low level APIs is now deprecated. In some cases,
the new API provides a simplified solution for our goals and
therefore the code was simplified accordingly (e.g.: generating
RSA keys through EVP_RSA_gen() without the need of handling the
exponent). However, in some cases, a more
sophisticated approach was necessary, as the use of a context
object was required (e.g.: when retrieving the digest value from
an SHA file).
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I978e8578fe7ab3e71307450ebe7e7812fbcaedb6
To cope with the changes/design decisions in the implementation of
boot protocol, from FF-A v1.1 specification in the S-EL2 SPM, we have
changed the format of the sp pkg header.
These changes need to be reflected in the sptool, used for packaging
the SP binary, and the SP's FF-A manifest. Now the SP pkg can
contain the boot information blob as defined by the FF-A specification.
To cater for these changes, bring to the TF-A project an equivalent to
the tool used in the Hafnium project.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I046f5d6e3c2ef0ba6c87f65302e127dedef34c28
The "sp_mk_generator.py" is responsible for processing the SP layout
file, which contains information about the SPs to be deployed on top of
the SPM, to generate the "sp_gen.mk" file which appends information
specific to each SP that shall help with packing all SPs into a fip
binary.
Before this patch the "sp_mk_generator.py" was a monolithic script,
which has now been broken down into functions for each identified
configuration action.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I8ee7487f2e07d53e508d17d0fe4510e22957f5ca
Developed python framework to help with SPs configuration. The framework
allows for functions (dubbed "actions" in the framework) to be defined
that should process the "sp_layout.json" file.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I278cd5a7aa0574168473e28f3b0fe231d7b548ee
Add some entries in blx_symbols, that are used when the flag
SEPARATE_CODE_AND_RODATA is not enabled (__RO_* and __TEXT_RESIDENT_*).
Add all new symbols that were not yet present in the script.
Correct __BSS_END to __BSS_END__, and add __BSS_START__.
Add new *_XLAT_TABLE_* symbols.
As those strings are longer than 22, update display format string to
be dependent on the longest string.
The script also skips lines for which the _START__ and _END__
symbols have the same address (empty sections).
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I6c510ced6116b35d14ee2cb7a6711405604380d6
Replace bl2_offset with bl2_loc, and fix byte-swapping for
Chassis2 SoC(s) only.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ieb5fd6468178325bfb6fb89b6c31c75cd9030363
The stm32image tool is updated to manage new header v2.0 for BL2
images.
Add new structure for the header v2.0 management.
Adapt to keep compatibility with v1.0.
Add the header version major and minor in the command line
when executing the tool, as well as binary type (0x10 for BL2).
Change-Id: I70c187e8e7e95b57ab7cfad63df314307a78f1d6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Extract the UUID from the SP layout JSON file if the optional 'uuid'
field exists otherwise fall back to the current method for extracting
the SP UUID from the partition manifest file.
This change gives a way to decouple TF-A's dependency on the SP
manifest file's format which is tied to the SPMC.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I13af066c1de58bfb9c3fd470ee137ea0275cd98c
The UUID conversion drops leading zeroes, so make sure that
all hex strings always are 8 digits long
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I5d7e3cf3b53403a02bf551f35f17dbdb96dec8ae
These fields were not updated accidentally on the v2.6.0 release.
Change-Id: I215105da618ff6f72057eaa40a34ff4b24f7ee36
Signed-off-by: Chris Kay <chris.kay@arm.com>
Updated the fiptool to avoid packing the zero size images in
the FIP.
Also, updated the commitlint-json file to cover the fiptool
changes under a separate scope.
Change-Id: Id7ac3dcff0c7318546e49308d0f17b6cbd5eb24b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
fiptool links to libcrypto, so as with the other tools it should respect
OPENSSL_DIR for include/library paths.
Change-Id: Icd8c15fa5097db1da9a3a9222d9e267548c4c7e2
Signed-off-by: Ross Burton <ross.burton@arm.com>
This change introduces a new NPM run script to automatically generate
the release changelog, as well as bump version numbers across the
code-base and create the release tag.
This script runs [Standard Version] to execute this, which is a tool
designed around automating substantial parts of the release process.
This can be done by running:
npm run release -- [<standard-version args>]
Standard Version expects the project to adhere to the [Semantic
Versioning] convention which TF-A does not, so you may need to specify
the version manually, e.g.:
npm run release -- --release-as 2.6.0
Individual steps of the release process may also be skipped at-will,
which may be necessary when, for example, tweaking the changelog:
npm run release -- --skip.commit --skip.tag
Standard Version is configured by the `.versionrc.js` file, which
contains information about the Conventional Commits types and scopes
used by the project, and how they map to the changelog.
To maintain continuity with the existing changelog style - at least to
the extent possible in the move from manual to automatic creation - a
customized changelog template has been introduced, based on the
Conventional Commits template provided by Standard Version.
This template package extends the Conventional Commits template package
by introducing support for parsing the Conventional Commits scopes into
changelog sections, similarly to how they were previously organized.
[Standard Version]:
https://github.com/conventional-changelog/standard-version
[Semantic Versioning]: https://semver.org
Change-Id: I5bafa512daedc631baae951651c38c1c62046b0a
Signed-off-by: Chris Kay <chris.kay@arm.com>
The changes include:
- A new build option (ENABLE_RME) to enable FEAT_RME
- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.
- Support for RMM image in fiptool
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
The UUID field in SP manifest DTS is represented as an array of four
integers that the SPMC consumes using the little endian representation.
The reason is that those values are directly mapped to the SMCCC section
5.3 recommendation and the way they are exposed to the
FFA_PARTITION_INFO_GET interface.
Per [1] TF-A build flow expects a big endian representation of the UUID
so the sp_mk_generator script is updated to accommodate this conversion.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9563
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7c7b295225e23ea64f49170e27d97442b289703b
The memory area size of OP-TEE was changed from 1MB to 2MB
because the size of OP-TEE has increased.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Ic8a165c83a3a9ef2829f68d5fabeed9ccb6da95e
Add parameters to fill header version:
Two new options are added (m and n) to fill header version major and minor.
The default is v1.0 (major = 1, minor = 0)
Fix image header on big endian hosts:
Three header fields are not properly converted to little endian
before assignment, resulting in incorrect header while executing
stm32image on big endian hosts.
Convert the value of the header fields version_number,
image_checksum and edcsa_algorithm to little endian before the
assignment.
Don't force the base of strtol, since it's able to select the base
automatically depending on the prefix of the value.
This does not breaks the current build script that extracts the
addresses, including the 0x prefix, from the map file.
This change helps using stm32image in shell scripts where the
addresses can be computed using the shell arithmetic expansion
"$((...))", that produces a value in base decimal.
The variable stm32image_header is declared with global visibility
but is use in one function only, move it as local variable in the function.
Fix error message on destination file:
The error message on mmap() failure of destination file reports
incorrectly information about the source file.
Change the error message to match the file that causes the error.
Change-Id: Iebc8c915297306845b3847b32f9516443a515c97
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Antonio Borneo <antonio.borneo@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Calling 'make clean' in 'all' target is causing recompilation of binary
at every 'make' call, which is wrong.
Also building a new target via 'make TARGET' can cause infinite loop as
it is not defined as explicit make dependency. Dependent targets must be
specified after colon when defining target, which also prevents infinite
loops as make is able to detect these circular dependencies.
Moreover calling 'make clean' is supposed to be done by user when
configuration is changing.
So remove calling 'make clean' in 'all' target and define dependency for
'${PROJECT}' at correct place.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I70e7fd2b04b02f6a0650c82df91d58c9a4cb24d9
NXP tool to create pbl from bl2 binary:
- RCW is prepended to BL2.bin
- If TRUSTED_BOARD_BOOT=1, pre-append the CSF header
to be understood by NXP boot-rom.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Iddc7336a045222e2073ddad86358ebc4440b8bcf
Generic framework is added to include platform defined UUID.
This framework is added for the following:
- All NXP SoC based platforms needed additional fip-fuse.bin
- NXP SoC lx2160a based platforms requires additional fip-ddr.bin
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ibe05d9c596256e34077287a490dfcd5b731ef2cf
Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.
NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.
Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
This bug manifests itself as a segfault triggered by a double-free.
I noticed that right before the double-free, the sk list contained 2
elements with the same address.
(gdb) p sk_X509_EXTENSION_value(sk, 1)
$34 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_value(sk, 0)
$35 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_num(sk)
$36 = 2
This caused confusion; this should never happen.
I figured that this was caused by a ext_new_xxxx function freeing
something before it is added to the list, so I put a breakpoint on
each of them to step through. I was suprised to find that none of my
breakpoints triggered for the second element of the iteration through
the outer loop just before the double-free.
Looking through the code, I noticed that it's possible to avoid doing
a ext_new_xxxx, when either:
* ext->type == NVCOUNTER and ext->arg == NULL
* ext->type == HASH and ext->arg == NULL and ext->optional == false
So I put a breakpoint on both.
It turns out that it was the HASH version, but I added a fix for both.
The fix for the Hash case is simple, as it was a mistake. The fix for
the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
be optional, and when it's optional we can skip it. The other case,
when the NVCOUNTER is required (not optinal), the `check_cmd_params`
function has already verified that the `ext->arg` must be non-NULL.
We assert that before processing it to covert any possible segfaults
into more descriptive errors.
This should no longer cause double-frees by adding the same ext twice.
Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the command line parameters.
Code is optimized to avoid unnecessary attempts to create
non-requested certificates.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
Add tool support for creating bootparam and cert_header images
for RZ/G2 SoC based platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Iab8ba6eda442c8d75f23c5633b8178f86339e4c9
Don't depend on clean when building, as the user is capable of cleaning
if required and this introduces a race where "all" depends on both the
compile and the clean in parallel. It's quite possible for some of the
compile to happen in parallel with the clean, which results in the link
failing as objects just built are missing.
Change-Id: I710711eea7483cafa13251c5d94ec693148bd001
Signed-off-by: Ross Burton <ross.burton@arm.com>
When OpenSSL's macro allocates the HASH struct, it allocates the fields
as well. After this allocation, the prior code would assign over the
pointers inside the HASH struct, leaking these fields. This patch
avoids allocating extra copies of these members.
Change-Id: I50a38b0a04b52ec54d6388db0f694feb578d2818
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Previously, we would leak these extensions as they are not freed by the
stack. An except from the `sk_TYPE_free` documentation:
sk_TYPE_free() frees up the sk structure. It does not free up any
elements of sk. After this call sk is no longer valid.
The fix is to drain the stack and free its elements before freeing the
stack. sk_TYPE_pop_free does this, so we use that instead.
Change-Id: Ie70c302f9dda5af1a7243f163d36e99916ee639c
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Although support for building fiptool on a Windows host was present,
the binary was not built when the top level makefile was invoked.
This patch makes the necessary changes to the to support building of
fiptool on a Windows host PC from the main makefile.
Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Elyes Haouas
Mikael Olsson
Govindraj Raja
laurenw-arm
Raef Coles
Antonio Borneo
Jiafei Pan
Jens Wiklander
Lionel Debieve
Juan Pablo Conde
J-Alves
Daniel Boulby
Jayanth Dodderi Chidanand
Yann Gautier
Biwen Li
Nicolas Le Bayon
Imre Kis
Anders Dellien
Chris Kay
Manish V Badarkhe
Ross Burton
Zelalem Aweke
Olivier Deprez
Toshiyuki Ogasahara
Pali Rohár
Pankaj Gupta
Jimmy Brisson
Biju Das
Sami Mujawar