Tree:
8d91ecfe3c
dependabot/npm_and_yarn/word-wrap-1.2.4
dependabot/pip/docs/markdown-it-py-2.2.0
dependabot/pip/requests-2.31.0
dependabot/pip/urllib3-2.0.6
master
arm_cca_v0.1
arm_cca_v0.2
arm_cca_v0.3
for-v0.4-rc0
for-v0.4/05.20
for-v0.4/05.21
for-v0.4/05.22
lts-test
lts-v2.10.1
lts-v2.10.2
lts-v2.10.3
lts-v2.10.4
lts-v2.8-rc0
lts-v2.8.0
lts-v2.8.1
lts-v2.8.10
lts-v2.8.11
lts-v2.8.12
lts-v2.8.13
lts-v2.8.14
lts-v2.8.15
lts-v2.8.16
lts-v2.8.17
lts-v2.8.18
lts-v2.8.2
lts-v2.8.3
lts-v2.8.4
lts-v2.8.5
lts-v2.8.6
lts-v2.8.7
lts-v2.8.8
lts-v2.8.9
sandbox/lts-v2.10.3-20240319T0822
sandbox/lts-v2.10.3-20240319T1236
sandbox/lts-v2.10.3-20240404T0850
sandbox/lts-v2.10.3-20240405T0714
sandbox/lts-v2.10.3-test1
v0.2
v0.3
v0.3-Juno
v0.3-Juno-0.2
v0.3-Juno-0.3
v0.4
v0.4-Juno-0.4
v0.4-Juno-0.4-rc0
v0.4-Juno-0.5
v0.4-Juno-0.5-rc0
v0.4-Juno-0.5-rc1
v0.4-Juno-0.6-rc0
v0.4-Juno-0.6-rc1
v0.4-rc1
v0.4-rc2
v1.0
v1.0-rc0
v1.1
v1.1-Juno-0.1
v1.1-rc0
v1.1-rc1
v1.1-rc2
v1.1-rc3
v1.2
v1.2-rc0
v1.3
v1.3-rc0
v1.3_rc1
v1.3_rc2
v1.4
v1.4-rc0
v1.5
v1.5-rc0
v1.5-rc1
v1.5-rc2
v1.5-rc3
v1.6
v1.6-rc0
v1.6-rc1
v2.0
v2.0-rc0
v2.1
v2.1-rc0
v2.1-rc1
v2.10
v2.10-rc0
v2.10-rc1
v2.10.0
v2.2
v2.2-rc0
v2.2-rc1
v2.2-rc2
v2.3
v2.3-rc0
v2.3-rc1
v2.3-rc2
v2.4
v2.4-rc0
v2.4-rc1
v2.4-rc2
v2.5
v2.5-rc0
v2.5-rc1
v2.6
v2.6-rc0
v2.6-rc1
v2.7
v2.7-rc0
v2.7-rc1
v2.7.0
v2.8
v2.8-rc0
v2.8.0
v2.9
v2.9-rc0
v2.9-rc1
v2.9.0
${ noResults }
1 Commits (8d91ecfe3c04ed8a56a9b59768757ce853904420)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Juan Castillo
|
05799ae0c8 |
TBB: add authentication framework
This patch adds the authentication framework that will be used as
the base to implement Trusted Board Boot in the Trusted Firmware.
The framework comprises the following modules:
- Image Parser Module (IPM)
This module is responsible for interpreting images, check
their integrity and extract authentication information from
them during Trusted Board Boot.
The module currently supports three types of images i.e.
raw binaries, X509v3 certificates and any type specific to
a platform. An image parser library must be registered for
each image type (the only exception is the raw image parser,
which is included in the main module by default).
Each parser library (if used) must export a structure in a
specific linker section which contains function pointers to:
1. Initialize the library
2. Check the integrity of the image type supported by
the library
3. Extract authentication information from the image
- Cryptographic Module (CM)
This module is responsible for verifying digital signatures
and hashes. It relies on an external cryptographic library
to perform the cryptographic operations.
To register a cryptographic library, the library must use the
REGISTER_CRYPTO_LIB macro, passing function pointers to:
1. Initialize the library
2. Verify a digital signature
3. Verify a hash
Failing to register a cryptographic library will generate
a build time error.
- Authentication Module (AM)
This module provides methods to authenticate an image, like
hash comparison or digital signatures. It uses the image parser
module to extract authentication parameters, the crypto module
to perform cryptographic operations and the Chain of Trust to
authenticate the images.
The Chain of Trust (CoT) is a data structure that defines the
dependencies between images and the authentication methods
that must be followed to authenticate an image.
The Chain of Trust, when added, must provide a header file named
cot_def.h with the following definitions:
- COT_MAX_VERIFIED_PARAMS
Integer value indicating the maximum number of authentication
parameters an image can present. This value will be used by the
authentication module to allocate the memory required to load
the parameters in the image descriptor.
Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
|
10 years ago |