bcm63xx/atf/drivers/auth/mbedtls, branch master

Remove RSA PKCS#1 v1.5 support from cert_tool

2019-09-12T14:27:41Z

Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell

Support larger RSA key sizes when using MBEDTLS

2019-09-12T14:27:39Z

Previously, TF-A could not support large RSA key sizes as the configuration options passed to MBEDTLS prevented storing and performing calculations with the larger, higher-precision numbers required. With these changes to the arguments passed to MBEDTLS, TF-A now supports using 3072 (3K) and 4096 (4K) keys in certificates. Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f Signed-off-by: Justin Chadwell

Mbed TLS: Remove weak heap implementation

2019-04-12T08:52:52Z

The implementation of the heap function plat_get_mbedtls_heap() becomes mandatory for platforms supporting TRUSTED_BOARD_BOOT. The shared Mbed TLS heap default weak function implementation is converted to a helper function get_mbedtls_heap_helper() which can be used by the platforms for their own function implementation. Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e Signed-off-by: Ambroise Vincent

Remove Mbed TLS dependency from plat_bl_common.c

2019-02-28T14:01:42Z

Due to the shared Mbed TLS heap optimisation introduced in 6d01a463, common code files were depending on Mbed TLS specific headers. This dependency is now removed by moving the default, unoptimised heap implementation inside the Mbed TLS specific files. Change-Id: I11ea3eb4474f0d9b6cb79a2afd73a51a4a9b8994 Signed-off-by: John Tsichritzis

Sanitise includes across codebase

2019-01-04T10:43:17Z

Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3a282 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca33988b9 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz

Remove all other deprecated interfaces and files

2018-09-28T14:31:53Z

Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz

Prepare Mbed TLS drivers for shared heap

2018-09-04T09:32:06Z

The Mbed TLS drivers, in order to work, need a heap for internal usage. This heap, instead of being directly referenced by the drivers, now it is being accessed indirectly through a pointer. Also, the heap, instead of being part of the drivers, now it is being received through the plat_get_mbedtls_heap() function. This function requests a heap from the current BL image which utilises the Mbed TLS drivers. Those changes create the opportunity for the Mbed TLS heap to be shared among different images, thus saving memory. A default heap implementation is provided but it can be overridden by a platform specific, optimised implemenetation. Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa Signed-off-by: John Tsichritzis

libc: Use printf and snprintf across codebase

2018-08-22T09:26:05Z

tf_printf and tf_snprintf are now called printf and snprintf, so the code needs to be updated. Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71 Signed-off-by: Antonio Nino Diaz

Add atexit function to libc

2018-08-03T10:31:39Z

We had exit but we didn't have atexit, and we were calling panic and tf_printf from exit, which generated a dependency from exit to them. Having atexit allows to set a different function pointer in every image. Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661 Signed-off-by: Roberto Vargas

Don't include mbebtls include paths in INCLUDES

2018-08-03T10:31:37Z

Mbebtls include paths are controlled by the user using the variable MBEDTLS_DIR and they are out of the TF source tree. Since these includes have a different origin it is better to move them to a different variable. This change makes easier for the romlib Makefile to parse the include paths. Change-Id: I3e4c99300f1012bc7f88c6b9f5bc0ec1f7b5aa8d Signed-off-by: Roberto Vargas