Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optiona

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optional encryption of BL31 and BL32 images
qemu: Update flash address map to keep FIP in secure FLASH0
Makefile: Add support to optionally encrypt BL31 and BL32
tools: Add firmware authenticated encryption tool
TBB: Add an IO abstraction layer to load encrypted firmwares
drivers: crypto: Add authenticated decryption framework

show more ...

Necessary fix in drivers to upgrade to mbedtls-2.18.0

Include x509.h header file explicitly. Update docs.

Change-Id: If2e52c2cd3056654406b7b6779b67eea5cc04a48
Signed-off-by: Madhukar Pappireddy <ma

Necessary fix in drivers to upgrade to mbedtls-2.18.0

Include x509.h header file explicitly. Update docs.

Change-Id: If2e52c2cd3056654406b7b6779b67eea5cc04a48
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRY

drivers: crypto: Add authenticated decryption framework

Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271

show more ...

Merge "Measured Boot: add function for hash calculation" into integration

Measured Boot: add function for hash calculation

This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.

Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb

Measured Boot: add function for hash calculation

This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.

Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge pull request #1726 from antonio-nino-diaz-arm/an/includes

Sanitise includes across codebase

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- inclu

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1165 from geesun/qx/support-sha512

Add support sha512 for hash algorithm

tbbr: Add build flag HASH_ALG to let the user to select the SHA

The flag support the following values:
- sha256 (default)
- sha384
- sha512

Change-Id: I7a49d858c361e993949cf6ada0a86575c

tbbr: Add build flag HASH_ALG to let the user to select the SHA

The flag support the following values:
- sha256 (default)
- sha384
- sha512

Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

show more ...

Merge pull request #1029 from islmit01/im/fix_includes

Fix order of includes

Fix order of #includes

This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported

Fix order of #includes

This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

show more ...

Merge pull request #964 from soby-mathew/sm/rsapss_sup

Add support for RSASSAPSS algorithm

Add support for RSASSAPSS algorithm in mbedtls crypto driver

This patch adds support for RSASSA-PSS Signature Algorithm for
X509 certificates in mbedtls crypto driver. Now the driver supports
RSA PK

Add support for RSASSAPSS algorithm in mbedtls crypto driver

This patch adds support for RSASSA-PSS Signature Algorithm for
X509 certificates in mbedtls crypto driver. Now the driver supports
RSA PKCS2_1 standard as mandated by TBBR.

NOTE: With this patch, the PKCS1_5 standard compliant RSA signature
is deprecated.

Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #925 from dp-arm/dp/spdx

Use SPDX license identifiers

Use SPDX license identifiers

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by

Use SPDX license identifiers

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/

Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Merge pull request #844 from antonio-nino-diaz-arm/an/no-timingsafe

Revert "tbbr: Use constant-time bcmp() to compare hashes"

Revert "tbbr: Use constant-time bcmp() to compare hashes"

This reverts commit b621fb503c76f3bdf06ed5ed1d3a995df8da9c50.

Because of the Trusted Firmware design, timing-safe functions are not
needed.

Revert "tbbr: Use constant-time bcmp() to compare hashes"

This reverts commit b621fb503c76f3bdf06ed5ed1d3a995df8da9c50.

Because of the Trusted Firmware design, timing-safe functions are not
needed. Using them may be misleading as it could be interpreted as being
a protection against private data leakage, which isn't the case here.

For each image, the SHA-256 hash is calculated. Some padding is appended
and the result is encrypted with a private key using RSA-2048. This is
the signature of the image. The public key is stored along with BL1 in
read-only memory and the encrypted hash is stored in the FIP.

When authenticating an image, the TF decrypts the hash stored in the FIP
and recalculates the hash of the image. If they don't match, the boot
sequence won't continue.

A constant-time comparison does not provide additional security as all
the data involved in this process is already known to any attacker.
There is no private data that can leaked through a timing attack when
authenticating an image.

`timingsafe_bcmp()` is kept in the codebase because it could be useful
in the future.

Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #817 from antonio-nino-diaz-arm/an/timingsafe

Import constant-time bcmp() and use it where necessary

tbbr: Use constant-time bcmp() to compare hashes

To avoid timing side-channel attacks, it is needed to use a constant
time memory comparison function when comparing hashes. The affected
code only ch

tbbr: Use constant-time bcmp() to compare hashes

To avoid timing side-channel attacks, it is needed to use a constant
time memory comparison function when comparing hashes. The affected
code only cheks for equality so it isn't needed to use any variant of
memcmp(), bcmp() is enough.

Also, timingsafe_bcmp() is as fast as memcmp() when the two compared
regions are equal, so this change incurrs no performance hit in said
case. In case they are unequal, the boot sequence wouldn't continue as
normal, so performance is not an issue.

Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #478 from sandrine-bailleux/sb/mbed-tls-pedantic

Always build with '-pedantic'

Always build with '-pedantic'

By default ARM TF is built with the '-pedantic' compiler flag, which
helps detecting violations of the C standard. However, the mbed TLS
library and its associated auth

Always build with '-pedantic'

By default ARM TF is built with the '-pedantic' compiler flag, which
helps detecting violations of the C standard. However, the mbed TLS
library and its associated authentication module in TF used to fail
building with this compiler flag. As a workaround, the mbed TLS
authentication module makefile used to set the 'DISABLE_PEDANTIC'
TF build flag.

The compiler errors flagged by '-pedantic' in the mbed TLS library
have been fixed between versions 1.3.9 and 2.2.0 and the library now
properly builds with this compiler flag.

This patch fixes the remaining compiler errors in the mbed TLS
authentication module in TF and unsets the 'DISABLE_PEDANTIC' TF
build flag. This means that TF is now always built with '-pedantic'.

In particular, this patch:

* Removes the final semi-colon in REGISTER_COT() macro.

This semi-colon was causing the following error message:

drivers/auth/tbbr/tbbr_cot.c:544:23: error: ISO C does not allow
extra ';' outside of a function [-Werror=pedantic]

This has been fixed both in the mbed TLS authentication module
as well as in the certificate generation tool. Note that the latter
code didn't need fixing since it is not built with '-pedantic' but
the change has been propagated for consistency.

Also fixed the REGISTER_KEYS() and REGISTER_EXTENSIONS() macros,
which were suffering from the same issue.

* Fixes a pointer type.

It was causing the following error message:

drivers/auth/mbedtls/mbedtls_crypto.c: In function 'verify_hash':
drivers/auth/mbedtls/mbedtls_crypto.c:177:42: error: pointer of
type 'void *' used in arithmetic [-Werror=pointer-arith]

Change-Id: I7b7a04ef711efd65e17b5be26990d1a0d940257d

show more ...

Merge pull request #465 from jcastillo-arm/jc/tbb_mbedtls_2_x

Move up to mbed TLS 2.x

Move up to mbed TLS 2.x

The mbed TLS library has introduced some changes in the API from
the 1.3.x to the 2.x releases. Using the 2.x releases requires
some changes to the crypto and transport modul

Move up to mbed TLS 2.x

The mbed TLS library has introduced some changes in the API from
the 1.3.x to the 2.x releases. Using the 2.x releases requires
some changes to the crypto and transport modules.

This patch updates both modules to the mbed TLS 2.x API.

All references to the mbed TLS library in the code or documentation
have been updated to 'mbed TLS'. Old references to PolarSSL have
been updated to 'mbed TLS'.

User guide updated to use mbed TLS 2.2.0.

NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
Applying this patch will require an mbed TLS 2.x release to be used.
Also note that the mbed TLS license changed to Apache version 2.0.

Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4

show more ...

Merge pull request #315 from jcastillo-arm/jc/tbb_tmp9

Authentication Framework

TBB: add mbedTLS authentication related libraries

This patch adds the following mbedTLS based libraries:

* Cryptographic library

It is used by the crypto module to verify a digital signature
and a

TBB: add mbedTLS authentication related libraries

This patch adds the following mbedTLS based libraries:

* Cryptographic library

It is used by the crypto module to verify a digital signature
and a hash. This library relies on mbedTLS to perform the
cryptographic operations. mbedTLS sources must be obtained
separately.

Two key algorithms are currently supported:

* RSA-2048
* ECDSA-SECP256R1

The platform is responsible for picking up the required
algorithm by defining the 'MBEDTLS_KEY_ALG' variable in the
platform makefile. Available options are:

* 'rsa' (for RSA-2048) (default option)
* 'ecdsa' (for ECDSA-SECP256R1)

Hash algorithm currently supported is SHA-256.

* Image parser library

Used by the image parser module to extract the authentication
parameters stored in X509v3 certificates.

Change-Id: I597c4be3d29287f2f18b82846973afc142ee0bf0

show more ...