This makes the code a little bit smaller. No functional change
intended.
Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Certificates must not allow trailing junk after them.
Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This is already checked by the crypto module or by mbedTLS, but checking
it in the X.509 parser is harmless.
Change-Id: Ifdbe3b4c6d04481bb8e93106ee04b49a70f50d5d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Instead, it suffices to parse one of them, and then check that the other
fits in the remaining buffer space and is equal to the first.
Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This reduces the likelihood of future problems later.
Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Digests must not have padding after the SEQUENCE or OCTET STRING.
Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.
Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The extensions must use all remaining bytes in the TBSCertificate.
Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
v1 and v2 are forbidden as at least one extension is required. Instead
of actually parsing the version number, just compare it with a
hard-coded string.
Change-Id: Ib8fd34304a0049787db77ec8c2359d0930cd4ba1
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The functions stm32_pka_get_platdata() and stm32_saes_get_platdata()
are not used. They can be removed as we always use DT to retrieve
the device configuration.
This issue was triggered by sparse tool or when enabling warning
-Wmissing-prototypes.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I5cce9a0765144d694e8ddece37361ccbb85d1734
with reference to feature 04c730 (feat(cpus): make cache ops conditional),
booting with caches in debug recovery means SCTLR_C_BIT will be 0.
Wrap the assert for the d-cache enabled check in CONDITIONAL_CMO and
plat_can_cmo calls to allow booting with d-cache disabled.
Signed-off-by: Channagoud kadabi <kadabi@google.com>
Change-Id: I80153df493d1ec9e5e354c7c2e6a14322d22c446
This corrects MISRA C2012-10.6:
The value of a composite expression shall not be assigned to an object
with wider essential type.
While at it change all the shift values to unsigned.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Idf9915313af965db2106095df7cb48a84f50c519
Fix MISRA C2012-10.3:
The value of an expression shall not be assigned to an object with
a narrower essential type or of a different essential type category.
Check buffer size is less than 4GB before casting the command argument.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Iac1afcfe905c99b22cb39dc4104d351b0e647e5d
This corrects MISRA C2012-18.4:
The +, -, += and -= operators should not be applied to an expression
of pointer type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9128f567a7c83d8e3381428b07e6bd785be2703b
This corrects MISRA C2012-9.5:
Where designated initializers are used to initialize an array object
the size of the array shall be specified explicitly.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4c331b0225af975fd022ffe9e5fd1d536ed59879
This corrects MISRA C2012-16.6:
Every switch statement shall have at least two switch-clauses.
While at it, remove useless rate variable.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I123784e7184dbf4146fd0d7faeffd6a0382fc6a1
This corrects MISRA C2012-14.4
The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id217d3da223caf75cd0439d7ce11c9efab87b4d2
This corrects MISRA C2012-14.4
The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Iacc58349cc3ab558fb4ffe0605a623e84e21e035
This corrects MISRA C2012-20.7:
Expressions resulting from the expansion of macro parameters shall be
enclosed in parentheses.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9989a5aaacf17f6f7a65381c8d41f21a35f6ddd9
This corrects MISRA C2012-18.4:
The +, -, += and -= operators should not be applied to an expression
of pointer type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ie1a196b875eae2eff9242cf83abfc1a79bdee6f3
This corrects the MISRA violation C2012-12.1:
The precedence of operators within expressions should be made explicit.
This is done either by adding parentheses, or by creating dedicated
variables.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If8312442222ba848ac1f5e38df1bed0a367646a7
This corrects MISRA C2012-9.5:
Where designated initializers are used to initialize an array object
the size of the array shall be specified explicitly.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4f8da6b0ce73df65b2b45ba10d4ca16ed8b70113
This corrects MISRA C2012-20.7
Expressions resulting from the expansion of macro parameters shall be
enclosed in parentheses.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9269d7a5b6aa4573bc0ca55b3054c3475dc4b6b2
Coverity Issue 21268351
Fixed unused value of xspi read while reading training values from
xspi during warm reset.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I779587afedb1c73d174a132bbfbcb21bf45bdff8
rss_comms_init() should return with success (0) in case of an internal
MHU_ERR_ALREADY_INIT error code which is harmless (occurs when
rss_comms_init() is called multiple times in a row).
Change-Id: Ibb1fef48a60866e80d3a389128cb8eef1332ea01
Signed-off-by: David Vincze <david.vincze@arm.com>
The platform.mk can add extra MbedTLS source files to LIBMBEDTLS_SRC.
Change-Id: Ida9abfd59d8b02eae23ec0a7f326db060b42bf49
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Fixed coverity issue for "shifting by a negtive value", returned
before go to the next shifting code.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I00171b057b8948cb9e9ec5d9405b2e32aba568fb
Coverity Issue detail:
underrun-local: Underrunning array bin[i].cl[k].caslat
at element index -1 (byte offset -1)
using index j (which evaluates to -1).
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I1ec4833bbd5db1ac51436eac606484eefc4338ee
In function "desc_length", LSB byte of the first word of the
descriptor will be anded with 0x7F, to get the number of words
constructing the descriptor.
LSB byte of the first word of the descriptor is auto-incremented
with each add_word used while constructing the descriptor.
But if function "desc_add_word" is called more than
MAX_DESC_SIZE_WORDS times, then only the function "desc_length",
can return number of words greater than MAX_DESC_SIZE_WORDS.
This is the condition when core can overwrite the out of bound
memory.
Hence, the following fix is needed:
- Before adding any new word to the descriptor, a check for
max word length needs to be added, into these functions:
"desc_add_word" & "desc_add_ptr".
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If896cd2e02ecde72fb09c5147119dec4f2f84bc3
Fixed the following coverity issues:
Using uninitialized value cmd_id1, cmd_id2.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I8cd430ec015fc617521db455a6ffe16b33f42b78
Updated the event log driver's function to accept metadata as an
argument, to remove the platform function usage from the event log
driver to make it a standalone driver.
Change-Id: I512cf693d51dc3c0b9d2c1bfde4f89414e273049
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Setting 2MB shared memory and following 64MB secure memory.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ia992d21f205d305a6fff92fc11435634ce7c9d21
Timing CFG 0 and Timing CFG 4 are ddr controller registers that
have been affected by 1d phy training during cold boot. They are
needed to be stored and restored along with phy training values.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I29c55256e74456515aaeb098e2e0e3475697a466
we need to apply the value of CDD write to write for the write to
read CDD delay calculations. Since the current implementation always
provide a negative value of CDDwr so a value of zero was selected.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6829997d2ea6ba6cddaaab8332b82b8c66752d7e
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.
Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Correct the warning due to comparison between signed and
unsigned variable.
drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext':
drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30:
error: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'unsigned int'}
[-Werror=sign-compare]
120 | if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
| ^~
Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove unused mode for HASH driver. The driver will only be
used in BL2 scope.
Change-Id: I1fce09cdaa9da0c11554ac5f73433b4bee776011
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
This driver manages the STM32 Random Number Generator
peripheral.
Change-Id: I4403ebb2dbdaa8df993a4413f1ef48eeba00427c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add code to be able to use STMicroelectronics SAES IP. This driver
can manage many AES algorithms (CBC, ECB, CCM, GCM). It will be used
by the authenticated decryption framework (AES-GCM only).
Change-Id: Ibd4030719fb12877dcecd5d2c395d13b4b15c260
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Add code to be able to use STMicroelectronics PKA peripheral
in the authentication framework.
Change-Id: Ifeafe84c68db483cd18674f2280576cc065f92ee
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.
For STM32_HASH_V2: no change.
Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When spi_id_max is 5119, the expression `(spi_id_max - 4096U + 1U >> 5)`
evaluates to 32 leading to undefined behavior when using it to left
shift 1. Fix this undefined behavior.
Reported-by coverity scan:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/RMB4U7COL6IONZWEGF2FWXOQ6FPDIT4U/
```
large_shift: In expression 1 << (spi_id_max - 4096U + 1U >> 5), left
shifting by more than 31 bits has undefined behavior. The shift
amount, spi_id_max - 4096U + 1U >> 5, is as much as 32.
```
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I5e77a78b81a6d0367875e7ea432a82b6ba0e587c
Platform must define the maximum size of the message
over MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I91a6c132c946f4465178910b8ea83544f562e837
Without setting the correct size of sw_type the metadata won't
be propagated to RSS through rss_measured_boot_extend_measurement()
API.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I4066d4762689c96ac2ac8e8b8db5d2b1f108b550
Demi Marie Obenour
Yann Gautier
Channagoud kadabi
Maninder Singh
David Vincze
Mate Toth-Pal
Jiafei Pan
Pankaj Gupta
Manish V Badarkhe
Lionel Debieve
Nicolas Toromanoff
Sandrine Bailleux
Vijayenthiran Subramaniam
Tamas Ban