bcm63xx/atf/tools/cert_create, branch master Broadcom-s Trusted Firmware A https://git-03.infra.openwrt.org/project/bcm63xx/atf/atom?h=master 2019-09-12T14:27:41Z Remove RSA PKCS#1 v1.5 support from cert_tool 2019-09-12T14:27:41Z Justin Chadwell 2019-09-09T14:24:31Z urn:sha1:6a415a508ea6acec321e4609d3f8e5c03ba67664 Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> Add cert_create tool support for RSA key sizes 2019-09-12T14:27:41Z Justin Chadwell 2019-07-29T16:13:45Z urn:sha1:dfe0f4c2999cef10f9c8fb6115e53891f6b2c190 cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> Reduce the number of memory leaks in cert_create 2019-08-16T13:11:18Z Justin Chadwell 2019-08-12T11:19:21Z urn:sha1:65ec13bce1367795bb0926561caca27de210e534 The valgrind checks for cert_create have not been run in a long while - as such there are a few memory leaks present. This patch fixes a few of the major ones reported by valgrind. However, a few do remain. Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> tools: Remove unused cert_create defines 2019-03-12T13:42:08Z Paul Beesley 2019-03-06T15:27:15Z urn:sha1:d5dc774cf05f16e9cc9a010fe2533f1260c19a36 Change-Id: Iea72ef9ba16325cbce07eea1a975d2a96eede274 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Standardise header guards across codebase 2018-11-08T10:20:19Z Antonio Nino Diaz 2018-11-08T10:20:19Z urn:sha1:c3cf06f1a3a9b9ee8ac7a0ae505f95c45f7dca84 All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> tools: Make invocation of host compiler correct 2018-10-04T13:35:38Z Antonio Nino Diaz 2018-10-04T13:35:38Z urn:sha1:750e8d807dced6cd2a523aad7be74161dc705f6e HOSTCC should be used in any of the tools inside the tools/ directory instead of CC. That way it is possible to override both values from the command line when building the Trusted Firmware and the tools at the same time. Also, use HOSTCCFLAGS instead of CFLAGS. Also, instead of printing the strings CC and LD in the console during the compilation of the tools, HOSTCC and HOSTLD have to be used for clarity. This is how it is done in other projects like U-Boot or Linux. Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> tools/cert_create: fix makefile to build build_msg.o by HOSTCC 2018-07-06T15:20:08Z Ying-Chun Liu (PaulLiu) 2018-07-06T15:20:08Z urn:sha1:aba0c7ae8e72176ab8e12b8da1c29863afd2e62f Previously build_msg.o is built by CC. It causes FTBFS when CC is not equal to HOSTCC. Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org> make_cert: return error when invalid options are used 2018-06-27T07:25:20Z Roberto Vargas 2018-06-27T07:23:22Z urn:sha1:600835d028a1303346a981eb6080a766806a6ae5 Print_help was used in different contexts and returning no error in that function was hiding the error when incorrect options were used. Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com> Dynamic cfg: Enable support on CoT for other configs 2018-05-18T11:26:38Z Soby Mathew 2018-03-29T13:29:55Z urn:sha1:17bc617e80e2b31ddaa65215526c556c23ca1374 This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew <soby.mathew@arm.com> cert_create: fix makefile to remove executable on 'make realclean' 2018-04-30T16:25:42Z Jonathan Wright 2018-04-30T14:04:02Z urn:sha1:2f36e853b53a2b269ed00fc26cdc788308aa3e59 Spurious whitespace existed in the BINARY shell variable which meant the cert_tool executable was not being removed on 'make realclean'. Change-Id: Ibfd2fd17889514f6613e33c6df58d53b9232ec14 Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>