Broadcom-s Trusted Firmware A https://git-03.infra.openwrt.org/project/bcm63xx/atf/atom?h=master 2019-09-12T14:27:41Z 2019-09-12T14:27:41Z Justin Chadwell 2019-09-09T14:24:31Z urn:sha1:6a415a508ea6acec321e4609d3f8e5c03ba67664 Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> 2019-09-12T14:27:41Z Justin Chadwell 2019-07-29T16:13:45Z urn:sha1:dfe0f4c2999cef10f9c8fb6115e53891f6b2c190 cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> 2018-11-08T10:20:19Z Antonio Nino Diaz 2018-11-08T10:20:19Z urn:sha1:c3cf06f1a3a9b9ee8ac7a0ae505f95c45f7dca84 All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> 2018-05-18T11:26:38Z Soby Mathew 2018-03-29T13:29:55Z urn:sha1:17bc617e80e2b31ddaa65215526c556c23ca1374 This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew <soby.mathew@arm.com> 2018-02-26T16:31:10Z Soby Mathew 2017-11-07T16:50:31Z urn:sha1:e24659df354c31626f78f4d46d453e14959a9953 This patch updates the `fiptool` and `cert_create` for the `hw_config` and `tb_fw_config` dynamic configuration files. The necessary UUIDs and OIDs are assigned to these files and the `cert_create` is updated to generate appropriate hashes and include them in the "Trusted Boot FW Certificate". The `fiptool` is updated to allow the configs to be specified via cmdline and included in the generated FIP. Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15 Signed-off-by: Soby Mathew <soby.mathew@arm.com> 2017-11-21T06:16:18Z Qixiang Xu 2017-11-09T05:51:58Z urn:sha1:2972247cb4ae84ed660532cac426259a4f17c816 This option enables the user to select the secure hash algorithm to be used for generating the hash. It supports the following options: - sha256 (default) - sha384 - sha512 Change-Id: Icb093cec1b5715e248c3d1c3749a2479a7ab4b89 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com> 2017-08-31T15:42:11Z Soby Mathew 2017-08-31T10:50:29Z urn:sha1:a8eb286adaa73e86305317b9cae15d41c57de8e7 This patch enables choice of RSA version at run time to be used for generating signatures by the cert_tool. The RSA PSS as defined in PKCS#1 v2.1 becomes the default version and this patch enables to specify the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line -a option. Also, the build option `KEY_ALG` can be used to pass this option from the build system. Please note that RSA PSS is mandated by Trusted Board Boot requirements (TBBR) and legacy RSA support is being added for compatibility reasons. Fixes ARM-Software/tf-issues#499 Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73 Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com> 2017-08-09T10:06:05Z Summer Qin 2017-04-20T15:28:39Z urn:sha1:71fb396440f51b21401f24c925b9a97a224a4d24 Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com> 2017-07-12T13:45:31Z Isla Mitchell 2017-07-11T13:54:08Z urn:sha1:2a4b4b71ba8a14148708719077d80889faa6f47b This fix modifies the order of system includes to meet the ARM TF coding standard. There are some exceptions in order to retain header groupings, minimise changes to imported headers, and where there are headers within the #if and #ifndef statements. Change-Id: I65085a142ba6a83792b26efb47df1329153f1624 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com> 2017-05-03T08:39:28Z dp-arm 2017-05-03T08:38:09Z urn:sha1:82cb2c1ad9897473743f08437d0a3995bed561b9 To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>