bcm63xx/atf/tools/cert_create/src, branch master

Remove RSA PKCS#1 v1.5 support from cert_tool

2019-09-12T14:27:41Z

Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell

Add cert_create tool support for RSA key sizes

2019-09-12T14:27:41Z

cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell

Reduce the number of memory leaks in cert_create

2019-08-16T13:11:18Z

The valgrind checks for cert_create have not been run in a long while - as such there are a few memory leaks present. This patch fixes a few of the major ones reported by valgrind. However, a few do remain. Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85 Signed-off-by: Justin Chadwell

tools: Remove unused cert_create defines

2019-03-12T13:42:08Z

Change-Id: Iea72ef9ba16325cbce07eea1a975d2a96eede274 Signed-off-by: Paul Beesley

make_cert: return error when invalid options are used

2018-06-27T07:25:20Z

Print_help was used in different contexts and returning no error in that function was hiding the error when incorrect options were used. Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439 Signed-off-by: Roberto Vargas

Dynamic cfg: Enable support on CoT for other configs

2018-05-18T11:26:38Z

This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew

Dynamic cfg: Update the tools

2018-02-26T16:31:10Z

This patch updates the `fiptool` and `cert_create` for the `hw_config` and `tb_fw_config` dynamic configuration files. The necessary UUIDs and OIDs are assigned to these files and the `cert_create` is updated to generate appropriate hashes and include them in the "Trusted Boot FW Certificate". The `fiptool` is updated to allow the configs to be specified via cmdline and included in the generated FIP. Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15 Signed-off-by: Soby Mathew

tools: add an option -hash-alg for cert_create

2017-11-21T06:16:18Z

This option enables the user to select the secure hash algorithm to be used for generating the hash. It supports the following options: - sha256 (default) - sha384 - sha512 Change-Id: Icb093cec1b5715e248c3d1c3749a2479a7ab4b89 Signed-off-by: Qixiang Xu

Merge pull request #1120 from michpappas/tf-issues#521_cert_tool_does_not_build_with_openssl_v1.1

2017-10-11T15:39:10Z

cert_tool: update for compatibility with OpenSSL v1.1

cert_tool: Fix ECDSA certificates create failure

2017-10-09T05:30:31Z

Commit a8eb286adaa73e86305317b9cae15d41c57de8e7 introduced the following error when creating ECDSA certificates. ERROR: Error creating key 'Trusted World key' Makefile:634: recipe for target 'certificates' failed make: *** [certificates] Error 1 this patch adds the function to create PKCS#1 v1.5. Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537 Signed-off-by: Qixiang Xu