Broadcom-s Trusted Firmware A https://git.openwrt.org/project/bcm63xx/atf/atom?h=master 2019-09-12T14:27:41Z 2019-09-12T14:27:41Z Justin Chadwell 2019-07-29T16:13:45Z urn:sha1:dfe0f4c2999cef10f9c8fb6115e53891f6b2c190 cert_tool is now able to accept a command line option for specifying the key size. It now supports the following options: 1024, 2048 (default), 3072 and 4096. This is also modifiable by TFA using the build flag KEY_SIZE. Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> 2018-02-01T11:20:03Z Masahiro Yamada 2018-01-26T02:42:01Z urn:sha1:91704d9d482da12ffd7ac80688414661a246f45a The third argument was given "true" by images, but it was moved to TOOL_ADD_PAYLOAD. No more caller of CERT_ADD_CMD_OPT uses this. So, the third argument is always empty. Remove it. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2018-02-01T11:20:03Z Masahiro Yamada 2018-01-26T02:42:01Z urn:sha1:10cea934560663209765e88af671969a2cf9eb5f Now FIP_ADD_PAYLOAD takes care of both fiptool and cert_create symmetrically. Rename it so that it matches the behavior. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2018-02-01T11:20:03Z Masahiro Yamada 2018-01-26T02:42:01Z urn:sha1:f30ee0b9c07badc226fc36c4ac791ae65b837f45 The fiptool and cert_create use the same command options for images. It is pretty easy to handle both in the same, symmetrical way. Move CRT_ARGS and CRT_DEPS to FIP_ADD_PAYLOAD. This refactoring makes sense because FIP_ADD_PAYLOAD is called from MAKE_BL (when building images from source), and from FIP_ADD_IMG (when including external images). (FIP_ADD_PAYLOAD will be renamed later on since it now caters to both fiptool and cert_create). We can delete CERT_ADD_CMD_OPT for images in tbbr.mk. It still needs to call CERT_ADD_CMD_OPT directly for certificates. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2018-02-01T11:20:03Z Masahiro Yamada 2018-01-26T02:42:01Z urn:sha1:1dc0714f10e195fe5fe5aed1f12a0a79f4fc0135 The build system supports generating two FIP images, fip and fwu_fip. Accordingly, we have similar build macros. FIP_ADD_PAYLOAD <--> FWU_FIP_ADD_PAYLOAD CERT_ADD_CMD_OPT <--> FWU_CERT_ADD_CMD_OPT FIP_ADD_IMG <--> FWU_FIP_ADD_IMG The duplicated code increases the maintenance burden. Also, the build rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from source files, but we want to put it in fwu_fip. We can not do it in a single macro call since the current MAKE_BL does not support fwu_fip. To refactor those in a clean way is to support one more argument to specify the FIP prefix. If it is empty, the images are targeted to fip, whereas if the argument is "FWU_", targeted to fwu_fip. The build macros prefixed with FWU_ go away. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2018-01-18T16:25:18Z Roberto Vargas 2018-01-02T11:23:41Z urn:sha1:c9b31ae85fbcce6dad9596f3390ab443e2779f30 It is better to not include BL2 in FIP when using `BL2 at EL3` as platforms using this config would not have the capability to parse the FIP format in Boot ROM and BL2 needs to be loaded independently. This patch does the required changes for the same. Change-Id: Iad285c247b3440e2d827fef97c3dd81f5c09cabc Signed-off-by: Roberto Vargas <roberto.vargas@arm.com> 2017-11-29T14:37:29Z Soby Mathew 2017-11-14T14:10:10Z urn:sha1:5744e8746d3b56479581dfe6a009e67ba4fda96c This patch fixes a couple of issues for AArch32 builds on ARM reference platforms : 1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and AArch32 build. Since BL31 is not present in AArch32 mode, this meant that the BL31 memory is empty when built for AArch32. Hence this patch allocates BL32 to the memory region occupied by BL31 for AArch32 builds. As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot be used to control the load address of BL32 in AArch32 mode which was never the intention of the macro anyway. 2. A static assert is added to sp_min linker script to check that the progbits are within the bounds expected when overlaid with other images. 3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks involved when building Juno for AArch32 mode, the build option SPD needed to specifed. This patch corrects this and also updates the documentation in the user-guide. 4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As a result the previous assumption that BL31 must be always present is removed and the certificates for BL31 is only generated if `NEED_BL31` is defined. Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8 Signed-off-by: Soby Mathew <soby.mathew@arm.com> 2017-11-21T06:16:18Z Qixiang Xu 2017-11-09T05:56:29Z urn:sha1:9a3088a5f509084e60d9c55bf53985c5ec4ca821 The flag support the following values: - sha256 (default) - sha384 - sha512 Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066 Signed-off-by: Qixiang Xu <qixiang.xu@arm.com> 2017-08-09T10:06:05Z Summer Qin 2017-04-20T15:28:39Z urn:sha1:71fb396440f51b21401f24c925b9a97a224a4d24 Since Trusted OS firmware may have extra images, need to assign new uuid and image id for them. The TBBR chain of trust has been extended to add support for the new images within the existing Trusted OS firmware content certificate. Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06 Signed-off-by: Summer Qin <summer.qin@arm.com> 2017-05-15T15:34:27Z dp-arm 2017-02-15T11:07:55Z urn:sha1:a44090080308beefe64d302bcc76de70f0d1d280 This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode. To build this patch the "mbedtls/include/mbedtls/bignum.h" needs to be modified to remove `#define MBEDTLS_HAVE_UDBL` when `MBEDTLS_HAVE_INT32` is defined. This is a workaround for "https://github.com/ARMmbed/mbedtls/issues/708" NOTE: TBBR support on Juno AArch32 is not currently supported. Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf Signed-off-by: dp-arm <dimitris.papastamos@arm.com> Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>