Merge changes from topic "mb/refactor-cot" into integration

* changes:
refactor(juno): add explicit entry for HW_CONFIG in BL2 CoT file
refactor(auth): remove HW_CONFIG reference from BL1 CoT fi

Merge changes from topic "mb/refactor-cot" into integration

* changes:
refactor(juno): add explicit entry for HW_CONFIG in BL2 CoT file
refactor(auth): remove HW_CONFIG reference from BL1 CoT file

show more ...

refactor(auth): remove HW_CONFIG reference from BL1 CoT file

Remove the 'HW_CONFIG' reference from the BL1 CoT file, as BL1
does not play any role in loading the hw_config image. This
reference was

refactor(auth): remove HW_CONFIG reference from BL1 CoT file

Remove the 'HW_CONFIG' reference from the BL1 CoT file, as BL1
does not play any role in loading the hw_config image. This
reference was incorrectly added to the BL1 CoT file.

Change-Id: I9c1d9abce65844eaa1f41ab4f98d3c258ab7a8d2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "mbedtls3_support" into integration

* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add b

Merge changes from topic "mbedtls3_support" into integration

* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add braces for if statement
feat(fvp): increase BL1_RW and BL2 size
feat(mbedtls): add support for mbedtls-3.3
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE

show more ...

refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE

Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.

However from mbedtls-3.x onwards it di

refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE

Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.

However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3

Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge "refactor(mbedtls): allow platform to specify their config file" into integration

refactor(mbedtls): allow platform to specify their config file

Common mbedTLS implementation include the fixed configuration
file of mbedTLS and that does not gives flexilibility to the
platform to

refactor(mbedtls): allow platform to specify their config file

Common mbedTLS implementation include the fixed configuration
file of mbedTLS and that does not gives flexilibility to the
platform to include their own mbedTLS configuration.
Hence changes are done so that platform can include their own
mbedTLS configuration file.

Signed-off-by: Lucian Paul-Trifu <lucian.paul-trifu@arm.com>
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I04546589f67299e26b0a6a6e151cdf1fdb302607

show more ...

Merge "tbbr/dualroot: rename SP package certificate file" into integration

tbbr/dualroot: rename SP package certificate file

Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.

SP_CONTENT_

tbbr/dualroot: rename SP package certificate file

Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.

SP_CONTENT_CERT_ID is the certificate file which is currently generated
and signed with trusted world key which in-turn is derived from Silicon
provider RoT key.
To allow dual signing domain for SP packages, other certificate file
will be derived from Platform owned RoT key.

This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
does other related changes.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93

show more ...

Merge changes I1b9e3ebd,I451c0333 into integration

* changes:
tbbr: add chain of trust for Secure Partitions
cert_create: extend Secure partition support for tbbr CoT

tbbr: add chain of trust for Secure Partitions

with sha 44f1aa8, support for Silicon Provider(SiP) owned Secure
Partition(SP) was added for dualroot CoT. This patch extends this
support for tbbr CoT

tbbr: add chain of trust for Secure Partitions

with sha 44f1aa8, support for Silicon Provider(SiP) owned Secure
Partition(SP) was added for dualroot CoT. This patch extends this
support for tbbr CoT.

Earlier tbbr CoT for SPs was left to avoid adding new image types in
TBBR which could possibly be seen as deviation from specification.
But with further discussions it is understood that TBBR being a
*minimal* set of requirements that can be extended as long as we don't
violate any of the musts, which is the case with adding SP support.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb

show more ...

Merge "Cleanup the code for TBBR CoT descriptors" into integration

Cleanup the code for TBBR CoT descriptors

CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.

Si

Cleanup the code for TBBR CoT descriptors

CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5

show more ...