This patch adds the authentication framework that will be used as
the base to implement Trusted Board Boot in the Trusted Firmware.
The framework comprises the following modules:
- Image Parser Module (IPM)
This module is responsible for interpreting images, check
their integrity and extract authentication information from
them during Trusted Board Boot.
The module currently supports three types of images i.e.
raw binaries, X509v3 certificates and any type specific to
a platform. An image parser library must be registered for
each image type (the only exception is the raw image parser,
which is included in the main module by default).
Each parser library (if used) must export a structure in a
specific linker section which contains function pointers to:
1. Initialize the library
2. Check the integrity of the image type supported by
the library
3. Extract authentication information from the image
- Cryptographic Module (CM)
This module is responsible for verifying digital signatures
and hashes. It relies on an external cryptographic library
to perform the cryptographic operations.
To register a cryptographic library, the library must use the
REGISTER_CRYPTO_LIB macro, passing function pointers to:
1. Initialize the library
2. Verify a digital signature
3. Verify a hash
Failing to register a cryptographic library will generate
a build time error.
- Authentication Module (AM)
This module provides methods to authenticate an image, like
hash comparison or digital signatures. It uses the image parser
module to extract authentication parameters, the crypto module
to perform cryptographic operations and the Chain of Trust to
authenticate the images.
The Chain of Trust (CoT) is a data structure that defines the
dependencies between images and the authentication methods
that must be followed to authenticate an image.
The Chain of Trust, when added, must provide a header file named
cot_def.h with the following definitions:
- COT_MAX_VERIFIED_PARAMS
Integer value indicating the maximum number of authentication
parameters an image can present. This value will be used by the
authentication module to allocate the memory required to load
the parameters in the image descriptor.
Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
This patch adds a tool that generates all the necessary elements
to establish the chain of trust (CoT) between the images.
The tool reads the binary images and signing keys and outputs the
corresponding certificates that will be used by the target at run
time to verify the authenticity of the images.
Note: the platform port must provide the file platform_oid.h. This
file will define the OIDs of the x509 extensions that will be added
to the certificates in order to establish the CoT.
Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
Move the remaining IO storage source file (io_storage.c) from the
lib to the drivers directory. This requires that platform ports
explicitly add this file to the list of source files.
Also move the IO header files to a new sub-directory, include/io.
Change-Id: I862b1252a796b3bcac0d93e50b11e7fb2ded93d6
Update code base to remove variables from the .data section,
mainly by using const static data where possible and adding
the const specifier as required. Most changes are to the IO
subsystem, including the framework APIs. The FVP power
management code is also affected.
Delay initialization of the global static variable,
next_image_type in bl31_main.c, until it is realy needed.
Doing this moves the variable from the .data to the .bss
section.
Also review the IO interface for inconsistencies, using
uintptr_t where possible instead of void *. Remove the
io_handle and io_dev_handle typedefs, which were
unnecessary, replacing instances with uintptr_t.
FixesARM-software/tf-issues#107.
Change-Id: I085a62197c82410b566e4698e5590063563ed304
Reduce the number of header files included from other header
files as much as possible without splitting the files. Use forward
declarations where possible. This allows removal of some unnecessary
"#ifndef __ASSEMBLY__" statements.
Also, review the .c and .S files for which header files really need
including and reorder the #include statements alphabetically.
FixesARM-software/tf-issues#31
Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.
Also remove pm.h as it is no longer used.
Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
The modified implementation uses the IO abstraction rather than
making direct semi-hosting calls. The semi-hosting driver is now
registered for the FVP platform during initialisation of each boot
stage where it is used. Additionally, the FVP platform includes a
straightforward implementation of 'plat_get_image_source' which
provides a generic means for the 'load_image' function to determine
how to access the image data.
Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
Ctags seem to have a problem with generating tags for assembler symbols
when a comment immediately follows an assembly label.
This patch inserts a single space character between the label
definition and the following comments to help ctags.
The patch is generated by the command:
git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'
Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
- Add instructions for contributing to ARM Trusted Firmware.
- Update copyright text in all files to acknowledge contributors.
Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
Juan Castillo
Dan Handley
James Morrissey
Jeenu Viswambharan
Achin Gupta