auth - OpenGrok history log for /rk3399_ARM-atf/drivers/auth

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
ddd9f675	19-Jan-2023	Demi Marie Obenour <demiobenour@gmail.com>	refactor(auth): clean up certificate length checks The previous code was correct but unnecessarily verbose. Change-Id: Ia19c667811a7c3b6957a0274d36076b0b16e36b7 Signed-off-by: Demi Marie Obenour <d refactor(auth): clean up certificate length checks The previous code was correct but unnecessarily verbose. Change-Id: Ia19c667811a7c3b6957a0274d36076b0b16e36b7 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
6a7104a3	19-Jan-2023	Demi Marie Obenour <demiobenour@gmail.com>	refactor(auth): remove code duplication The unique IDs are handled identically, so just use a for loop to get both of them. Change-Id: I44baaa4747ca7f314d364a79dfcbce97315f5a92 Signed-off-by: Demi refactor(auth): remove code duplication The unique IDs are handled identically, so just use a for loop to get both of them. Change-Id: I44baaa4747ca7f314d364a79dfcbce97315f5a92 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/bl1/bl1.ld.S /rk3399_ARM-atf/bl2/bl2.ld.S /rk3399_ARM-atf/bl2/bl2_el3.ld.S /rk3399_ARM-atf/bl2u/bl2u.ld.S /rk3399_ARM-atf/bl31/aarch64/crash_reporting.S /rk3399_ARM-atf/bl31/aarch64/ea_delegate.S /rk3399_ARM-atf/bl31/aarch64/runtime_exceptions.S /rk3399_ARM-atf/bl31/bl31.ld.S /rk3399_ARM-atf/bl32/sp_min/sp_min.ld.S /rk3399_ARM-atf/bl32/tsp/tsp.ld.S /rk3399_ARM-atf/common/aarch32/debug.S /rk3399_ARM-atf/common/aarch64/debug.S /rk3399_ARM-atf/docs/components/ffa-manifest-binding.rst /rk3399_ARM-atf/docs/design/firmware-design.rst /rk3399_ARM-atf/docs/getting_started/porting-guide.rst /rk3399_ARM-atf/drivers/arm/css/mhu/css_mhu_doorbell.c /rk3399_ARM-atf/drivers/arm/gic/v3/gicv3_helpers.c mbedtls/mbedtls_x509_parser.c /rk3399_ARM-atf/drivers/ufs/ufs.c /rk3399_ARM-atf/include/arch/aarch64/el2_common_macros.S /rk3399_ARM-atf/include/arch/aarch64/el3_common_macros.S /rk3399_ARM-atf/include/common/bl_common.ld.h /rk3399_ARM-atf/include/common/debug.h /rk3399_ARM-atf/include/common/interrupt_props.h /rk3399_ARM-atf/include/common/runtime_svc.h /rk3399_ARM-atf/include/drivers/ufs.h /rk3399_ARM-atf/include/lib/bakery_lock.h /rk3399_ARM-atf/include/lib/cpus/aarch32/cpu_macros.S /rk3399_ARM-atf/include/lib/cpus/aarch64/cpu_macros.S /rk3399_ARM-atf/include/lib/el3_runtime/pubsub.h /rk3399_ARM-atf/include/lib/pmf/pmf_helpers.h /rk3399_ARM-atf/include/lib/xlat_tables/xlat_tables_v2.h /rk3399_ARM-atf/include/plat/arm/common/arm_def.h /rk3399_ARM-atf/include/plat/arm/common/arm_reclaim_init.ld.S /rk3399_ARM-atf/include/plat/arm/common/arm_tzc_dram.ld.S /rk3399_ARM-atf/include/services/el3_spmc_logical_sp.h /rk3399_ARM-atf/lib/pmf/pmf_main.c /rk3399_ARM-atf/lib/psci/psci_common.c /rk3399_ARM-atf/lib/xlat_tables/aarch32/nonlpae_tables.c /rk3399_ARM-atf/lib/xlat_tables/xlat_tables_common.c /rk3399_ARM-atf/plat/arm/board/arm_fpga/build_axf.ld.S /rk3399_ARM-atf/plat/arm/board/fvp/fvp_el3_spmc.c /rk3399_ARM-atf/plat/arm/board/fvp/include/platform_def.h /rk3399_ARM-atf/plat/arm/board/fvp_r/fvp_r_debug.S /rk3399_ARM-atf/plat/arm/common/aarch64/arm_helpers.S /rk3399_ARM-atf/plat/arm/common/arm_gicv3.c /rk3399_ARM-atf/plat/common/aarch32/platform_mp_stack.S /rk3399_ARM-atf/plat/common/aarch32/platform_up_stack.S /rk3399_ARM-atf/plat/common/aarch64/plat_common.c /rk3399_ARM-atf/plat/common/aarch64/platform_mp_stack.S /rk3399_ARM-atf/plat/common/aarch64/platform_up_stack.S /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_bl31_setup.c /rk3399_ARM-atf/plat/hisilicon/hikey960/include/plat.ld.S /rk3399_ARM-atf/plat/imx/common/sci/svc/pm/pm_rpc_clnt.c /rk3399_ARM-atf/plat/imx/common/sci/svc/rm/rm_rpc_clnt.c /rk3399_ARM-atf/plat/marvell/armada/a8k/common/ble/ble.ld.S /rk3399_ARM-atf/plat/marvell/armada/common/marvell_gicv3.c /rk3399_ARM-atf/plat/mediatek/common/mtk_smc_handlers.c /rk3399_ARM-atf/plat/mediatek/include/plat.ld.rodata.inc /rk3399_ARM-atf/plat/mediatek/mt8173/drivers/spm/spm.c /rk3399_ARM-atf/plat/mediatek/mt8186/drivers/mcdi/mt_mcdi.c /rk3399_ARM-atf/plat/mediatek/mt8192/drivers/mcdi/mt_mcdi.c /rk3399_ARM-atf/plat/mediatek/mt8195/drivers/mcdi/mt_mcdi.c /rk3399_ARM-atf/plat/nvidia/tegra/platform.mk /rk3399_ARM-atf/plat/nvidia/tegra/scat/bl31.scat /rk3399_ARM-atf/plat/nvidia/tegra/soc/t194/plat_ras.c /rk3399_ARM-atf/plat/qemu/qemu_sbsa/include/platform_def.h /rk3399_ARM-atf/plat/renesas/common/aarch64/plat_helpers.S /rk3399_ARM-atf/plat/renesas/common/aarch64/platform_common.c /rk3399_ARM-atf/plat/rockchip/common/aarch32/plat_helpers.S /rk3399_ARM-atf/plat/rockchip/common/aarch64/plat_helpers.S /rk3399_ARM-atf/plat/rockchip/px30/drivers/pmu/pmu.c /rk3399_ARM-atf/plat/rockchip/rk3399/drivers/pmu/pmu.c /rk3399_ARM-atf/plat/socionext/synquacer/include/plat.ld.S /rk3399_ARM-atf/plat/socionext/synquacer/include/platform_def.h /rk3399_ARM-atf/plat/st/stm32mp1/include/stm32mp1_mbedtls_config-2.h /rk3399_ARM-atf/plat/st/stm32mp1/include/stm32mp1_mbedtls_config-3.h /rk3399_ARM-atf/plat/st/stm32mp1/platform.mk /rk3399_ARM-atf/plat/ti/k3/common/drivers/ti_sci/ti_sci.c /rk3399_ARM-atf/plat/xilinx/versal/versal_gicv3.c /rk3399_ARM-atf/plat/xilinx/versal_net/versal_net_gicv3.c /rk3399_ARM-atf/plat/xilinx/zynqmp/bl31_zynqmp_setup.c /rk3399_ARM-atf/plat/xilinx/zynqmp/custom_sip_svc.c /rk3399_ARM-atf/plat/xilinx/zynqmp/include/custom_svc.h /rk3399_ARM-atf/plat/xilinx/zynqmp/include/platform_def.h /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_api_sys.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_api_sys.h /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_defs.h /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_svc_main.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_svc_main.h /rk3399_ARM-atf/plat/xilinx/zynqmp/sip_svc_setup.c /rk3399_ARM-atf/services/std_svc/spm/spm_mm/spm_mm_xlat.c
de131ed3	12-Feb-2023	Govindraj Raja <govindraj.raja@arm.com>	style(crypto): add braces for if statement As per TF-A coding style[1] braces around single if statement is preferred. Minor cleanup to adhere to it. [1]: https://trustedfirmware-a.readthedocs.io/e style(crypto): add braces for if statement As per TF-A coding style[1] braces around single if statement is preferred. Minor cleanup to adhere to it. [1]: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html#conditional-statement-bodies Change-Id: I771fdcbf105eac9377002ac67d0615ef29440904 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com> show more ... cryptocell/712/cryptocell_crypto.c cryptocell/713/cryptocell_crypto.c /rk3399_ARM-atf/plat/arm/board/fvp/include/platform_def.h
51e06159	12-Jan-2023	Govindraj Raja <govindraj.raja@arm.com>	feat(mbedtls): add support for mbedtls-3.3 TF-A support for mbedtls3.x has been overdue by number of releases. As per mbedtls support it was advised to use latest and greatest mbedtls-3.3. But mbedt feat(mbedtls): add support for mbedtls-3.3 TF-A support for mbedtls3.x has been overdue by number of releases. As per mbedtls support it was advised to use latest and greatest mbedtls-3.3. But mbedtls-3.x breaks API compatibility with mbedtls-2.x To maintain comptability for mbedtls-2.x and enable mbedtls-3.x support add a functionality into makefile to determine the major version of mbedtls and use that to selective include or compile files that are present. With mbedtls-3.x numerous other config changes have been done. Some of the config options deprecated or enabled by default. Thus we decided to introduce a new 3.x config file part of this change for building TF-A with mbedtls-3.3. For futher information on migrating to mbedtls 3.x refer to: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md Change-Id: Ia8106d6f526809df927d608db27fe149623258ed Signed-off-by: Govindraj Raja <govindraj.raja@arm.com> show more ... mbedtls/mbedtls_common.mk mbedtls/mbedtls_crypto.c /rk3399_ARM-atf/include/drivers/auth/mbedtls/mbedtls_config-2.h /rk3399_ARM-atf/include/drivers/auth/mbedtls/mbedtls_config-3.h
47c71713	03-Feb-2023	Govindraj Raja <govindraj.raja@arm.com>	refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options In preparation for supporting mbedtls 3.3, usage of mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3 However refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options In preparation for supporting mbedtls 3.3, usage of mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3 However looking closely into the usage in 'verify_signature' function is no hard reason behind usage of this struct and they could be easily replaced with independent variables. This Minor refactor to avoid using the struct mbedtls_pk_rsassa_pss_options and use independent variable will provide compatibility with both 2.x and 3.x [1]: https://github.com/Mbed-TLS/mbedtls/issues/7040 Change-Id: If0107d860d11d13cba7fd5d7941e7142e70c7b11 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com> show more ... cryptocell/712/cryptocell_crypto.c cryptocell/713/cryptocell_crypto.c
a8eadc51	11-Jan-2023	Govindraj Raja <govindraj.raja@arm.com>	refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE Currently we include MBEDTLS_CONFIG_FILE directly and if a custom config file is used it will included. However from mbedtls-3.x onwards it di refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE Currently we include MBEDTLS_CONFIG_FILE directly and if a custom config file is used it will included. However from mbedtls-3.x onwards it discourages usage of MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28 compatibility include version.h which would include the custom config file if present and also would expose us with mbedtls-major-version number which could be used for selecting features and functions for mbedtls 2.28 or 3.3 Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb Signed-off-by: Govindraj Raja <govindraj.raja@arm.com> show more ... /rk3399_ARM-atf/.gitignore /rk3399_ARM-atf/.husky/pre-commit /rk3399_ARM-atf/.husky/pre-commit.copyright /rk3399_ARM-atf/.readthedocs.yaml /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/bl1/bl1.ld.S /rk3399_ARM-atf/bl1/bl1.mk /rk3399_ARM-atf/bl2/bl2.ld.S /rk3399_ARM-atf/bl2/bl2.mk /rk3399_ARM-atf/bl2/bl2_el3.ld.S /rk3399_ARM-atf/bl2u/bl2u.ld.S /rk3399_ARM-atf/bl2u/bl2u.mk /rk3399_ARM-atf/bl31/bl31.ld.S /rk3399_ARM-atf/bl31/bl31.mk /rk3399_ARM-atf/bl32/sp_min/sp_min.ld.S /rk3399_ARM-atf/bl32/sp_min/sp_min.mk /rk3399_ARM-atf/bl32/tsp/tsp.ld.S /rk3399_ARM-atf/bl32/tsp/tsp.mk /rk3399_ARM-atf/bl32/tsp/tsp_ffa_main.c /rk3399_ARM-atf/docs/components/fconf/fconf_properties.rst /rk3399_ARM-atf/docs/components/realm-management-extension.rst /rk3399_ARM-atf/docs/components/rmm-el3-comms-spec.rst /rk3399_ARM-atf/docs/components/spd/optee-dispatcher.rst /rk3399_ARM-atf/docs/design/cpu-specific-build-macros.rst /rk3399_ARM-atf/docs/design_documents/index.rst /rk3399_ARM-atf/docs/design_documents/measured_boot_poc.rst /rk3399_ARM-atf/docs/design_documents/rss.rst /rk3399_ARM-atf/docs/getting_started/prerequisites.rst /rk3399_ARM-atf/docs/perf/psci-performance-juno.rst /rk3399_ARM-atf/docs/plat/arm/juno/index.rst /rk3399_ARM-atf/docs/plat/qemu.rst /rk3399_ARM-atf/docs/plat/xilinx-versal-net.rst /rk3399_ARM-atf/docs/plat/xilinx-zynqmp.rst /rk3399_ARM-atf/docs/process/security.rst /rk3399_ARM-atf/docs/requirements.in /rk3399_ARM-atf/docs/requirements.txt /rk3399_ARM-atf/docs/resources/diagrams/plantuml/rss_attestation_flow.puml /rk3399_ARM-atf/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml /rk3399_ARM-atf/docs/resources/diagrams/rss_attestation_flow.svg /rk3399_ARM-atf/docs/resources/diagrams/rss_measured_boot_flow.svg /rk3399_ARM-atf/docs/threat_model/threat_model.rst /rk3399_ARM-atf/drivers/allwinner/axp/common.c cca/cot.c dualroot/cot.c mbedtls/mbedtls_common.c mbedtls/mbedtls_crypto.c tbbr/tbbr_cot_bl1.c tbbr/tbbr_cot_bl1_r64.c tbbr/tbbr_cot_bl2.c tbbr/tbbr_cot_common.c /rk3399_ARM-atf/drivers/mmc/mmc.c /rk3399_ARM-atf/drivers/partition/gpt.c /rk3399_ARM-atf/fdts/morello-soc.dts /rk3399_ARM-atf/fdts/tc.dts /rk3399_ARM-atf/include/arch/aarch64/arch.h /rk3399_ARM-atf/include/arch/aarch64/smccc_helpers.h /rk3399_ARM-atf/include/common/fdt_wrappers.h /rk3399_ARM-atf/include/common/tbbr/cot_def.h /rk3399_ARM-atf/include/drivers/auth/auth_mod.h /rk3399_ARM-atf/include/drivers/auth/tbbr_cot_common.h /rk3399_ARM-atf/include/drivers/partition/efi.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_a78.h /rk3399_ARM-atf/include/lib/cpus/aarch64/neoverse_v1.h /rk3399_ARM-atf/include/lib/fconf/fconf_dyn_cfg_getter.h /rk3399_ARM-atf/include/lib/optee_utils.h /rk3399_ARM-atf/include/lib/psa/psa_manifest/sid.h /rk3399_ARM-atf/include/lib/psa/rss_platform_api.h /rk3399_ARM-atf/include/plat/arm/common/arm_def.h /rk3399_ARM-atf/include/plat/common/platform.h /rk3399_ARM-atf/include/services/ffa_svc.h /rk3399_ARM-atf/include/services/rmm_core_manifest.h /rk3399_ARM-atf/include/services/trp/platform_trp.h /rk3399_ARM-atf/lib/compiler-rt/builtins/arm/aeabi_memset.S /rk3399_ARM-atf/lib/compiler-rt/compiler-rt.mk /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a510.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a78.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a78c.S /rk3399_ARM-atf/lib/cpus/aarch64/neoverse_v1.S /rk3399_ARM-atf/lib/cpus/aarch64/runtime_errata.S /rk3399_ARM-atf/lib/cpus/cpu-ops.mk /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S /rk3399_ARM-atf/lib/el3_runtime/aarch64/context_mgmt.c /rk3399_ARM-atf/lib/fconf/fconf_cot_getter.c /rk3399_ARM-atf/lib/fconf/fconf_dyn_cfg_getter.c /rk3399_ARM-atf/lib/optee/optee_utils.c /rk3399_ARM-atf/lib/psa/rss_platform.c /rk3399_ARM-atf/lib/psci/aarch32/psci_helpers.S /rk3399_ARM-atf/lib/psci/aarch64/psci_helpers.S /rk3399_ARM-atf/lib/psci/psci_lib.mk /rk3399_ARM-atf/lib/psci/psci_private.h /rk3399_ARM-atf/lib/romlib/romlib.ld.S /rk3399_ARM-atf/make_helpers/build_macros.mk /rk3399_ARM-atf/plat/allwinner/sun50i_h6/sunxi_power.c /rk3399_ARM-atf/plat/arm/board/fvp/fconf/fconf_hw_config_getter.c /rk3399_ARM-atf/plat/arm/board/fvp/fdts/fvp_fw_config.dts /rk3399_ARM-atf/plat/arm/board/fvp/fvp_bl2_setup.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_bl31_setup.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_common.c /rk3399_ARM-atf/plat/arm/board/fvp/include/fconf_hw_config_getter.h /rk3399_ARM-atf/plat/arm/board/fvp/jmptbl.i /rk3399_ARM-atf/plat/arm/board/morello/fdts/morello_fw_config.dts /rk3399_ARM-atf/plat/arm/board/morello/platform.mk /rk3399_ARM-atf/plat/arm/board/tc/plat_def_fip_uuid.h /rk3399_ARM-atf/plat/arm/board/tc/plat_def_uuid_config.c /rk3399_ARM-atf/plat/arm/board/tc/plat_fiptool.mk /rk3399_ARM-atf/plat/arm/board/tc/platform.mk /rk3399_ARM-atf/plat/arm/common/arm_bl2_setup.c /rk3399_ARM-atf/plat/arm/common/arm_bl31_setup.c /rk3399_ARM-atf/plat/arm/common/arm_dyn_cfg.c /rk3399_ARM-atf/plat/arm/common/fconf/fconf_ethosn_getter.c /rk3399_ARM-atf/plat/arm/common/trp/arm_trp_setup.c /rk3399_ARM-atf/plat/common/plat_spmd_manifest.c /rk3399_ARM-atf/plat/imx/common/imx_uart_console.S /rk3399_ARM-atf/plat/marvell/armada/a8k/common/ble/ble.mk /rk3399_ARM-atf/plat/mediatek/build_helpers/mtk_build_helpers.mk /rk3399_ARM-atf/plat/mediatek/build_helpers/mtk_build_helpers_epilogue.mk /rk3399_ARM-atf/plat/xilinx/common/include/plat_startup.h /rk3399_ARM-atf/plat/xilinx/common/pm_service/pm_ipi.c /rk3399_ARM-atf/plat/xilinx/versal/aarch64/versal_common.c /rk3399_ARM-atf/plat/xilinx/versal/include/plat_ipi.h /rk3399_ARM-atf/plat/xilinx/versal/include/versal_def.h /rk3399_ARM-atf/plat/xilinx/versal/sip_svc_setup.c /rk3399_ARM-atf/plat/xilinx/versal/versal_ipi.c /rk3399_ARM-atf/plat/xilinx/versal_net/bl31_versal_net_setup.c /rk3399_ARM-atf/plat/xilinx/versal_net/include/plat_ipi.h /rk3399_ARM-atf/plat/xilinx/versal_net/include/versal_net_def.h /rk3399_ARM-atf/plat/xilinx/versal_net/platform.mk /rk3399_ARM-atf/plat/xilinx/versal_net/sip_svc_setup.c /rk3399_ARM-atf/plat/xilinx/versal_net/versal_net_gicv3.c /rk3399_ARM-atf/plat/xilinx/zynqmp/aarch64/zynqmp_common.c /rk3399_ARM-atf/plat/xilinx/zynqmp/bl31_zynqmp_setup.c /rk3399_ARM-atf/plat/xilinx/zynqmp/custom_sip_svc.c /rk3399_ARM-atf/plat/xilinx/zynqmp/include/custom_svc.h /rk3399_ARM-atf/plat/xilinx/zynqmp/include/plat_ipi.h /rk3399_ARM-atf/plat/xilinx/zynqmp/include/platform_def.h /rk3399_ARM-atf/plat/xilinx/zynqmp/platform.mk /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_api_sys.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_defs.h /rk3399_ARM-atf/plat/xilinx/zynqmp/sip_svc_setup.c /rk3399_ARM-atf/services/spd/opteed/opteed.mk /rk3399_ARM-atf/services/spd/opteed/opteed_main.c /rk3399_ARM-atf/services/spd/opteed/opteed_pm.c /rk3399_ARM-atf/services/spd/opteed/opteed_private.h /rk3399_ARM-atf/services/spd/opteed/teesmc_opteed.h /rk3399_ARM-atf/services/spd/opteed/teesmc_opteed_macros.h /rk3399_ARM-atf/services/std_svc/rmmd/rmmd_main.c /rk3399_ARM-atf/services/std_svc/rmmd/trp/linker.ld.S /rk3399_ARM-atf/services/std_svc/rmmd/trp/trp.mk /rk3399_ARM-atf/services/std_svc/rmmd/trp/trp_main.c /rk3399_ARM-atf/services/std_svc/spmd/spmd_main.c /rk3399_ARM-atf/tools/cert_create/src/key.c /rk3399_ARM-atf/tools/fiptool/fiptool.c /rk3399_ARM-atf/tools/marvell/doimage/doimage.c
acf455b4	20-Jan-2023	Madhukar Pappireddy <madhukar.pappireddy@arm.com>	Merge changes from topic "fix_sparse_warnings" into integration * changes: fix(libc): remove __putchar alias fix(console): correct scopes for console symbols fix(auth): use NULL instead of 0 f Merge changes from topic "fix_sparse_warnings" into integration * changes: fix(libc): remove __putchar alias fix(console): correct scopes for console symbols fix(auth): use NULL instead of 0 for pointer check fix(io): compare function pointers with NULL fix(fdt-wrappers): use correct prototypes show more ... /rk3399_ARM-atf/bl31/aarch64/runtime_exceptions.S /rk3399_ARM-atf/bl31/bl31_main.c /rk3399_ARM-atf/changelog.yaml /rk3399_ARM-atf/common/fdt_wrappers.c /rk3399_ARM-atf/common/feat_detect.c /rk3399_ARM-atf/docs/about/release-information.rst /rk3399_ARM-atf/docs/design/cpu-specific-build-macros.rst /rk3399_ARM-atf/docs/security_advisories/index.rst /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-10.rst mbedtls/mbedtls_x509_parser.c /rk3399_ARM-atf/drivers/console/multi_console.c /rk3399_ARM-atf/drivers/io/io_block.c /rk3399_ARM-atf/fdts/stm32mp151.dtsi /rk3399_ARM-atf/fdts/stm32mp157c-ed1.dts /rk3399_ARM-atf/include/arch/aarch64/arch_features.h /rk3399_ARM-atf/include/arch/aarch64/arch_helpers.h /rk3399_ARM-atf/include/common/feat_detect.h /rk3399_ARM-atf/include/drivers/console.h /rk3399_ARM-atf/include/lib/cpus/aarch32/cortex_a72.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_a72.h /rk3399_ARM-atf/include/lib/el3_runtime/aarch64/context.h /rk3399_ARM-atf/include/lib/utils_def.h /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a710.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_x2.S /rk3399_ARM-atf/lib/cpus/cpu-ops.mk /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S /rk3399_ARM-atf/lib/el3_runtime/aarch64/context_mgmt.c /rk3399_ARM-atf/lib/libc/putchar.c /rk3399_ARM-atf/plat/arm/board/fvp/platform.mk /rk3399_ARM-atf/plat/arm/board/rdn2/include/platform_def.h /rk3399_ARM-atf/plat/arm/board/rdn2/platform.mk /rk3399_ARM-atf/plat/arm/board/rdn2/rdn2_topology.c /rk3399_ARM-atf/plat/arm/css/common/css_pm.c /rk3399_ARM-atf/plat/arm/css/sgi/include/sgi_variant.h /rk3399_ARM-atf/plat/arm/css/sgi/sgi_bl31_setup.c /rk3399_ARM-atf/plat/mediatek/build_helpers/options.mk /rk3399_ARM-atf/plat/mediatek/common/lpm/mt_lp_api.c /rk3399_ARM-atf/plat/mediatek/common/lpm/mt_lp_rm.c /rk3399_ARM-atf/plat/mediatek/common/lpm/mt_lp_rq.c /rk3399_ARM-atf/plat/mediatek/common/lpm/rules.mk /rk3399_ARM-atf/plat/mediatek/drivers/cpu_pm/cpcv3_2/mt_cpu_pm.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_api.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_api.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_bus26m.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_cpu_buck_ldo.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_dram.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_internal.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_syspll.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_cond.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_cond.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_conservation.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_conservation.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_constraint.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_idle.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_idle.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_internal.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_internal.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_pmic_wrap.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_pmic_wrap.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_reg.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_suspend.c /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/mt_spm_suspend.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/pcm_def.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/rules.mk /rk3399_ARM-atf/plat/mediatek/drivers/spm/mt8188/sleep_def.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/rules.mk /rk3399_ARM-atf/plat/mediatek/drivers/spm/version/notifier/inc/mt_spm_notifier.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/version/notifier/v1/mt_spm_sspm_intc.h /rk3399_ARM-atf/plat/mediatek/drivers/spm/version/notifier/v1/mt_spm_sspm_notifier.c /rk3399_ARM-atf/plat/mediatek/drivers/usb/mt8188/mt_usb.c /rk3399_ARM-atf/plat/mediatek/drivers/usb/rules.mk /rk3399_ARM-atf/plat/mediatek/include/drivers/spm/mt_spm_resource_req.h /rk3399_ARM-atf/plat/mediatek/include/lpm/mt_lp_api.h /rk3399_ARM-atf/plat/mediatek/include/lpm/mt_lp_rm.h /rk3399_ARM-atf/plat/mediatek/include/lpm/mt_lp_rq.h /rk3399_ARM-atf/plat/mediatek/include/lpm/mt_lp_rqm.h /rk3399_ARM-atf/plat/mediatek/include/lpm/mt_lpm_smc.h /rk3399_ARM-atf/plat/mediatek/mt8186/drivers/spm/mt_spm_cond.c /rk3399_ARM-atf/plat/mediatek/mt8186/drivers/spm/mt_spm_cond.h /rk3399_ARM-atf/plat/mediatek/mt8186/platform.mk /rk3399_ARM-atf/plat/mediatek/mt8188/include/platform_def.h /rk3399_ARM-atf/plat/mediatek/mt8188/plat_config.mk /rk3399_ARM-atf/plat/mediatek/mt8188/platform.mk /rk3399_ARM-atf/plat/mediatek/mt8192/drivers/spm/mt_spm_cond.c /rk3399_ARM-atf/plat/mediatek/mt8192/drivers/spm/mt_spm_cond.h /rk3399_ARM-atf/plat/mediatek/mt8192/platform.mk /rk3399_ARM-atf/plat/mediatek/mt8195/drivers/spm/mt_spm_cond.c /rk3399_ARM-atf/plat/mediatek/mt8195/drivers/spm/mt_spm_cond.h /rk3399_ARM-atf/plat/mediatek/mt8195/platform.mk /rk3399_ARM-atf/plat/qti/common/src/qti_pm.c /rk3399_ARM-atf/plat/st/common/bl2_io_storage.c /rk3399_ARM-atf/plat/st/common/include/stm32mp_common.h /rk3399_ARM-atf/plat/st/common/stm32mp_common.c /rk3399_ARM-atf/plat/st/common/stm32mp_gic.c /rk3399_ARM-atf/plat/st/stm32mp1/bl2_plat_setup.c /rk3399_ARM-atf/plat/st/stm32mp1/include/stm32mp1_private.h /rk3399_ARM-atf/plat/st/stm32mp1/platform.mk /rk3399_ARM-atf/plat/st/stm32mp1/sp_min/sp_min-stm32mp1.mk /rk3399_ARM-atf/plat/st/stm32mp1/sp_min/sp_min_setup.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_def.h /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_pm.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_private.c /rk3399_ARM-atf/plat/ti/k3/board/generic/board.mk /rk3399_ARM-atf/plat/ti/k3/board/generic/include/board_def.h /rk3399_ARM-atf/plat/ti/k3/board/j784s4/board.mk /rk3399_ARM-atf/plat/ti/k3/board/j784s4/include/board_def.h /rk3399_ARM-atf/plat/ti/k3/board/lite/board.mk /rk3399_ARM-atf/plat/ti/k3/board/lite/include/board_def.h /rk3399_ARM-atf/plat/ti/k3/common/drivers/ti_sci/ti_sci.c /rk3399_ARM-atf/plat/ti/k3/common/drivers/ti_sci/ti_sci_protocol.h /rk3399_ARM-atf/plat/ti/k3/common/k3_bl31_setup.c /rk3399_ARM-atf/plat/ti/k3/common/k3_console.c /rk3399_ARM-atf/plat/ti/k3/common/k3_helpers.S /rk3399_ARM-atf/plat/ti/k3/common/k3_psci.c /rk3399_ARM-atf/plat/ti/k3/common/plat_common.mk /rk3399_ARM-atf/plat/ti/k3/include/k3_console.h /rk3399_ARM-atf/plat/ti/k3/include/platform_def.h /rk3399_ARM-atf/plat/ti/k3/platform.mk /rk3399_ARM-atf/plat/xilinx/versal/bl31_versal_setup.c /rk3399_ARM-atf/plat/xilinx/versal_net/include/versal_net_def.h /rk3399_ARM-atf/plat/xilinx/versal_net/plat_psci_pm.c /rk3399_ARM-atf/plat/xilinx/versal_net/platform.mk /rk3399_ARM-atf/plat/xilinx/versal_net/pm_service/pm_client.c /rk3399_ARM-atf/plat/xilinx/zynqmp/aarch64/zynqmp_common.c
654b65b3	06-Jan-2023	Yann Gautier <yann.gautier@st.com>	fix(auth): use NULL instead of 0 for pointer check This was triggered by sparse tool: drivers/auth/mbedtls/mbedtls_x509_parser.c:481:42: warning: Using plain integer as NULL pointer Signed-off-by: fix(auth): use NULL instead of 0 for pointer check This was triggered by sparse tool: drivers/auth/mbedtls/mbedtls_x509_parser.c:481:42: warning: Using plain integer as NULL pointer Signed-off-by: Yann Gautier <yann.gautier@st.com> Change-Id: I392316c2a81ef8da7597e35f136e038f152d19d1 show more ... /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/bl31/aarch64/runtime_exceptions.S /rk3399_ARM-atf/bl31/bl31.mk /rk3399_ARM-atf/bl31/bl31_traps.c /rk3399_ARM-atf/changelog.yaml /rk3399_ARM-atf/common/fdt_wrappers.c /rk3399_ARM-atf/docs/about/maintainers.rst /rk3399_ARM-atf/docs/getting_started/build-options.rst /rk3399_ARM-atf/docs/getting_started/porting-guide.rst /rk3399_ARM-atf/docs/process/security-hardening.rst mbedtls/mbedtls_x509_parser.c /rk3399_ARM-atf/drivers/brcm/emmc/emmc_csl_sdcard.c /rk3399_ARM-atf/drivers/brcm/emmc/emmc_pboot_hal_memory_drv.c /rk3399_ARM-atf/drivers/imx/usdhc/imx_usdhc.c /rk3399_ARM-atf/drivers/io/io_block.c /rk3399_ARM-atf/drivers/nxp/ddr/nxp-ddr/ddr.c /rk3399_ARM-atf/drivers/nxp/ddr/phy-gen2/messages.h /rk3399_ARM-atf/drivers/renesas/common/emmc/emmc_cmd.c /rk3399_ARM-atf/drivers/renesas/common/rom/rom_api.c /rk3399_ARM-atf/drivers/renesas/common/rom/rom_api.h /rk3399_ARM-atf/drivers/st/usb/stm32mp1_usb.c /rk3399_ARM-atf/fdts/tc.dts /rk3399_ARM-atf/include/arch/aarch64/arch.h /rk3399_ARM-atf/include/arch/aarch64/arch_helpers.h /rk3399_ARM-atf/include/bl31/sync_handle.h /rk3399_ARM-atf/include/lib/fconf/fconf.h /rk3399_ARM-atf/include/lib/libc/aarch32/limits_.h /rk3399_ARM-atf/include/lib/libc/aarch64/limits_.h /rk3399_ARM-atf/lib/libc/snprintf.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_sync_traps.c /rk3399_ARM-atf/plat/arm/board/fvp/platform.mk /rk3399_ARM-atf/plat/arm/board/tc/include/platform_def.h /rk3399_ARM-atf/plat/imx/common/imx_sip_handler.c /rk3399_ARM-atf/plat/imx/imx8qm/imx8qm_bl31_setup.c /rk3399_ARM-atf/plat/imx/imx8qm/imx8qm_psci.c /rk3399_ARM-atf/plat/imx/imx8qx/imx8qx_psci.c /rk3399_ARM-atf/plat/mediatek/common/mtk_smc_handlers.c /rk3399_ARM-atf/plat/mediatek/drivers/iommu/mtk_iommu_smc.c /rk3399_ARM-atf/plat/nvidia/tegra/soc/t186/plat_memctrl.c /rk3399_ARM-atf/plat/nxp/common/psci/plat_psci.c /rk3399_ARM-atf/plat/xilinx/common/ipi.c /rk3399_ARM-atf/plat/xilinx/versal/versal_ipi.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_svc_main.c /rk3399_ARM-atf/plat/xilinx/zynqmp/zynqmp_ipi.c /rk3399_ARM-atf/services/std_svc/spmd/spmd_main.c /rk3399_ARM-atf/services/std_svc/trng/trng_entropy_pool.c
f5c51855	09-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): properly validate X.509 extensions get_ext() does not check the return value of the various mbedtls_* functions, as cert_parse() is assumed to have guaranteed that they will always succee fix(auth): properly validate X.509 extensions get_ext() does not check the return value of the various mbedtls_* functions, as cert_parse() is assumed to have guaranteed that they will always succeed. However, it passes the end of an extension as the end pointer to these functions, whereas cert_parse() passes the end of the TBSCertificate. Furthermore, cert_parse() does not check that the contents of the extension have the same length as the extension itself. Before fd37982a19a4a291 ("fix(auth): forbid junk after extensions"), cert_parse() also does not check that the extension block extends to the end of the TBSCertificate. This is a problem, as mbedtls_asn1_get_tag() leaves p and len undefined on failure. In practice, this results in get_ext() continuing to parse at different offsets than were used (and validated) by cert_parse(), which means that the in-bounds guarantee provided by cert_parse() no longer holds. This patch fixes the remaining flaw by enforcing that the contents of an extension are the same length as the extension itself. Change-Id: Id4570f911402e34d5d6c799ae01a01f184c68d7c Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> show more ... mbedtls/mbedtls_x509_parser.c
abb8f936	09-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): avoid out-of-bounds read in auth_nvctr() auth_nvctr() does not check that the buffer provided is long enough to hold an ASN.1 INTEGER, or even that the buffer is non-empty. Since auth_nv fix(auth): avoid out-of-bounds read in auth_nvctr() auth_nvctr() does not check that the buffer provided is long enough to hold an ASN.1 INTEGER, or even that the buffer is non-empty. Since auth_nvctr() will only ever read 6 bytes, it is possible to read up to 6 bytes past the end of the buffer. This out-of-bounds read turns out to be harmless. The only caller of auth_nvctr() always passes a pointer into an X.509 TBSCertificate, and all in-tree chains of trust require that the certificate’s signature has already been validated. This means that the signature algorithm identifier is at least 4 bytes and the signature itself more than that. Therefore, the data read will be from the certificate itself. Even if the certificate signature has not been validated, an out-of-bounds read is still not possible. Since there are at least two bytes (tag and length) in both the signature algorithm ID and the signature itself, an out-of-bounds read would require that the tag byte of the signature algorithm ID would need to be either the tag or length byte of the DER-encoded nonvolatile counter. However, this byte must be (MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE) (0x30), which is greater than 4 and not equal to MBEDTLS_ASN1_INTEGER (2). Therefore, auth_nvctr() will error out before reading the integer itself, preventing an out-of-bounds read. Change-Id: Ibdf1af702fbeb98a94c0c96456ebddd3d392ad44 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/bl31/aarch64/runtime_exceptions.S /rk3399_ARM-atf/bl31/bl31.mk /rk3399_ARM-atf/bl31/bl31_traps.c /rk3399_ARM-atf/changelog.yaml /rk3399_ARM-atf/docs/about/maintainers.rst /rk3399_ARM-atf/docs/getting_started/build-options.rst /rk3399_ARM-atf/docs/getting_started/porting-guide.rst /rk3399_ARM-atf/docs/process/security-hardening.rst auth_mod.c /rk3399_ARM-atf/drivers/brcm/emmc/emmc_csl_sdcard.c /rk3399_ARM-atf/drivers/brcm/emmc/emmc_pboot_hal_memory_drv.c /rk3399_ARM-atf/drivers/imx/usdhc/imx_usdhc.c /rk3399_ARM-atf/drivers/nxp/ddr/nxp-ddr/ddr.c /rk3399_ARM-atf/drivers/nxp/ddr/phy-gen2/messages.h /rk3399_ARM-atf/drivers/renesas/common/emmc/emmc_cmd.c /rk3399_ARM-atf/drivers/renesas/common/rom/rom_api.c /rk3399_ARM-atf/drivers/renesas/common/rom/rom_api.h /rk3399_ARM-atf/drivers/st/usb/stm32mp1_usb.c /rk3399_ARM-atf/fdts/tc.dts /rk3399_ARM-atf/include/arch/aarch64/arch.h /rk3399_ARM-atf/include/arch/aarch64/arch_helpers.h /rk3399_ARM-atf/include/bl31/sync_handle.h /rk3399_ARM-atf/include/lib/fconf/fconf.h /rk3399_ARM-atf/include/lib/libc/aarch32/limits_.h /rk3399_ARM-atf/include/lib/libc/aarch64/limits_.h /rk3399_ARM-atf/lib/libc/snprintf.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_sync_traps.c /rk3399_ARM-atf/plat/arm/board/fvp/platform.mk /rk3399_ARM-atf/plat/arm/board/tc/include/platform_def.h /rk3399_ARM-atf/plat/imx/common/imx_sip_handler.c /rk3399_ARM-atf/plat/imx/imx8qm/imx8qm_bl31_setup.c /rk3399_ARM-atf/plat/imx/imx8qm/imx8qm_psci.c /rk3399_ARM-atf/plat/imx/imx8qx/imx8qx_psci.c /rk3399_ARM-atf/plat/mediatek/common/mtk_smc_handlers.c /rk3399_ARM-atf/plat/mediatek/drivers/iommu/mtk_iommu_smc.c /rk3399_ARM-atf/plat/nvidia/tegra/soc/t186/plat_memctrl.c /rk3399_ARM-atf/plat/nxp/common/psci/plat_psci.c /rk3399_ARM-atf/plat/xilinx/common/ipi.c /rk3399_ARM-atf/plat/xilinx/versal/versal_ipi.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_svc_main.c /rk3399_ARM-atf/plat/xilinx/zynqmp/zynqmp_ipi.c /rk3399_ARM-atf/services/std_svc/spmd/spmd_main.c /rk3399_ARM-atf/services/std_svc/trng/trng_entropy_pool.c
ef27dd23	04-Jan-2023	Sandrine Bailleux <sandrine.bailleux@arm.com>	Merge "refactor(auth): avoid parsing signature algorithm twice" into integration mbedtls/mbedtls_x509_parser.c
ce882b53	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	refactor(auth): do not include SEQUENCE tag in saved extensions This makes the code a little bit smaller. No functional change intended. Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547 Signed refactor(auth): do not include SEQUENCE tag in saved extensions This makes the code a little bit smaller. No functional change intended. Change-Id: I794d2927fcd034a79e29c9bba1f8e4410203f547 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
ca34dbc0	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): reject junk after certificates Certificates must not allow trailing junk after them. Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1 Signed-off-by: Demi Marie Obenour <demiobenour@g fix(auth): reject junk after certificates Certificates must not allow trailing junk after them. Change-Id: Ie33205fb051fc63af5b72c326822da7f62eec1d1 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
8816dbb3	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): require bit strings to have no unused bits This is already checked by the crypto module or by mbedTLS, but checking it in the X.509 parser is harmless. Change-Id: Ifdbe3b4c6d04481bb8e931 fix(auth): require bit strings to have no unused bits This is already checked by the crypto module or by mbedTLS, but checking it in the X.509 parser is harmless. Change-Id: Ifdbe3b4c6d04481bb8e93106ee04b49a70f50d5d Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c /rk3399_ARM-atf/drivers/st/crypto/stm32_pka.c /rk3399_ARM-atf/drivers/st/crypto/stm32_saes.c /rk3399_ARM-atf/plat/st/common/stm32mp_crypto_lib.c /rk3399_ARM-atf/plat/st/common/stm32mp_fconf_io.c /rk3399_ARM-atf/plat/st/stm32mp1/plat_image_load.c
63cc49d0	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	refactor(auth): avoid parsing signature algorithm twice Since the two instances of the signature algorithm in a certificate must be bitwise identical, it is not necessary to parse both of them. Inst refactor(auth): avoid parsing signature algorithm twice Since the two instances of the signature algorithm in a certificate must be bitwise identical, it is not necessary to parse both of them. Instead, it suffices to parse one of them, and then check that the other fits in the remaining buffer space and is equal to the first. Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
94c0cfbb	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	refactor(auth): partially validate SubjectPublicKeyInfo early This reduces the likelihood of future problems later. Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135 Signed-off-by: Demi Marie Ob refactor(auth): partially validate SubjectPublicKeyInfo early This reduces the likelihood of future problems later. Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
a8c8c5ef	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): reject padding after BIT STRING in signatures It is forbidden by ASN.1 DER. Change-Id: Id8a48e14bb8a1a17a6481ea3fde0803723c05e31 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> mbedtls/mbedtls_crypto.c
f47547b3	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): reject invalid padding in digests Digests must not have padding after the SEQUENCE or OCTET STRING. Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0 Signed-off-by: Demi Marie Obenour fix(auth): reject invalid padding in digests Digests must not have padding after the SEQUENCE or OCTET STRING. Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_crypto.c
72460f50	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): require at least one extension to be present X.509 and RFC5280 allow omitting the extensions entirely, but require that if the extensions field is present at all, it must contain at least fix(auth): require at least one extension to be present X.509 and RFC5280 allow omitting the extensions entirely, but require that if the extensions field is present at all, it must contain at least one certificate. TF-A already requires the extensions to be present, but allows them to be empty. However, a certificate with an empty extensions field will always fail later on, as the extensions contain the information needed to validate the next stage in the boot chain. Therefore, it is simpler to require the extension field to be present and contain at least one extension. Also add a comment explaining why the extensions field is required, even though it is OPTIONAL in the ASN.1 syntax. Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
fd37982a	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): forbid junk after extensions The extensions must use all remaining bytes in the TBSCertificate. Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92 Signed-off-by: Demi Marie Obenour <de fix(auth): forbid junk after extensions The extensions must use all remaining bytes in the TBSCertificate. Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... mbedtls/mbedtls_x509_parser.c
e9e4a2a6	08-Dec-2022	Demi Marie Obenour <demiobenour@gmail.com>	fix(auth): only accept v3 X.509 certificates v1 and v2 are forbidden as at least one extension is required. Instead of actually parsing the version number, just compare it with a hard-coded string. fix(auth): only accept v3 X.509 certificates v1 and v2 are forbidden as at least one extension is required. Instead of actually parsing the version number, just compare it with a hard-coded string. Change-Id: Ib8fd34304a0049787db77ec8c2359d0930cd4ba1 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> show more ... /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/bl31/aarch64/runtime_exceptions.S /rk3399_ARM-atf/bl32/tsp/ffa_helpers.c /rk3399_ARM-atf/bl32/tsp/tsp_ffa_main.c /rk3399_ARM-atf/docs/about/release-information.rst /rk3399_ARM-atf/docs/components/realm-management-extension.rst /rk3399_ARM-atf/docs/components/rmm-el3-comms-spec.rst /rk3399_ARM-atf/docs/components/secure-partition-manager.rst /rk3399_ARM-atf/docs/design/cpu-specific-build-macros.rst /rk3399_ARM-atf/docs/design/trusted-board-boot-build.rst /rk3399_ARM-atf/docs/getting_started/build-internals.rst /rk3399_ARM-atf/docs/getting_started/build-options.rst /rk3399_ARM-atf/docs/getting_started/index.rst /rk3399_ARM-atf/docs/plat/arm/arm-build-options.rst /rk3399_ARM-atf/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml /rk3399_ARM-atf/docs/threat_model/index.rst /rk3399_ARM-atf/docs/threat_model/threat_model.rst /rk3399_ARM-atf/docs/threat_model/threat_model_rss_interface.rst /rk3399_ARM-atf/drivers/arm/gic/v3/gicv3_main.c /rk3399_ARM-atf/drivers/arm/rss/rss_comms.c mbedtls/mbedtls_x509_parser.c /rk3399_ARM-atf/drivers/measured_boot/event_log/event_log.c /rk3399_ARM-atf/drivers/nxp/auth/csf_hdr_parser/csf_hdr_parser.c /rk3399_ARM-atf/drivers/nxp/crypto/caam/src/jobdesc.c /rk3399_ARM-atf/drivers/nxp/ddr/nxp-ddr/regs.c /rk3399_ARM-atf/drivers/nxp/ddr/phy-gen2/phy.c /rk3399_ARM-atf/drivers/nxp/ddr/phy-gen2/phy.h /rk3399_ARM-atf/drivers/nxp/flexspi/nor/fspi.c /rk3399_ARM-atf/drivers/nxp/tzc/plat_tzc380.c /rk3399_ARM-atf/drivers/st/clk/clk-stm32-core.c /rk3399_ARM-atf/drivers/st/clk/clk-stm32mp13.c /rk3399_ARM-atf/drivers/st/gpio/stm32_gpio.c /rk3399_ARM-atf/drivers/st/mmc/stm32_sdmmc2.c /rk3399_ARM-atf/drivers/st/pmic/stm32mp_pmic.c /rk3399_ARM-atf/drivers/st/regulator/regulator_core.c /rk3399_ARM-atf/fdts/fvp-base-psci-common.dtsi /rk3399_ARM-atf/fdts/tc.dts /rk3399_ARM-atf/include/drivers/arm/css/scmi.h /rk3399_ARM-atf/include/drivers/measured_boot/event_log/event_log.h /rk3399_ARM-atf/include/drivers/nxp/smmu/nxp_smmu.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_x3.h /rk3399_ARM-atf/include/lib/psa/measured_boot.h /rk3399_ARM-atf/include/plat/arm/common/arm_def.h /rk3399_ARM-atf/include/plat/arm/common/arm_pas_def.h /rk3399_ARM-atf/include/plat/arm/common/plat_arm.h /rk3399_ARM-atf/include/plat/common/platform.h /rk3399_ARM-atf/include/services/rmm_core_manifest.h /rk3399_ARM-atf/include/services/trp/trp_helpers.h /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a710.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a78.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_x2.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_x3.S /rk3399_ARM-atf/lib/cpus/aarch64/neoverse_n2.S /rk3399_ARM-atf/lib/cpus/aarch64/neoverse_v1.S /rk3399_ARM-atf/lib/cpus/cpu-ops.mk /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S /rk3399_ARM-atf/lib/gpt_rme/gpt_rme.c /rk3399_ARM-atf/lib/psa/measured_boot.c /rk3399_ARM-atf/make_helpers/defaults.mk /rk3399_ARM-atf/plat/arm/board/common/board_arm_trusted_boot.c /rk3399_ARM-atf/plat/arm/board/common/board_common.mk /rk3399_ARM-atf/plat/arm/board/common/rotpk/arm_dev_rotpk.S /rk3399_ARM-atf/plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S /rk3399_ARM-atf/plat/arm/board/fvp/fvp_bl2_measured_boot.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_common.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_common_measured_boot.c /rk3399_ARM-atf/plat/arm/board/juno/juno_topology.c /rk3399_ARM-atf/plat/arm/board/morello/morello_bl31_setup.c /rk3399_ARM-atf/plat/arm/board/n1sdp/n1sdp_bl31_setup.c /rk3399_ARM-atf/plat/arm/board/rdn1edge/rdn1edge_plat.c /rk3399_ARM-atf/plat/arm/board/tc/include/platform_def.h /rk3399_ARM-atf/plat/arm/board/tc/include/tc_plat.h /rk3399_ARM-atf/plat/arm/board/tc/plat_tc_mbedtls_config.h /rk3399_ARM-atf/plat/arm/board/tc/platform.mk /rk3399_ARM-atf/plat/arm/board/tc/platform_test.mk /rk3399_ARM-atf/plat/arm/board/tc/region_defs.h /rk3399_ARM-atf/plat/arm/board/tc/rss_ap_test_stubs.c /rk3399_ARM-atf/plat/arm/board/tc/rss_ap_tests.c /rk3399_ARM-atf/plat/arm/board/tc/rss_ap_testsuites.c /rk3399_ARM-atf/plat/arm/board/tc/rss_ap_testsuites.h /rk3399_ARM-atf/plat/arm/board/tc/tc_bl31_setup.c /rk3399_ARM-atf/plat/arm/common/arm_bl2_setup.c /rk3399_ARM-atf/plat/arm/common/trp/arm_trp_setup.c /rk3399_ARM-atf/plat/arm/css/sgi/sgi_bl31_setup.c /rk3399_ARM-atf/plat/common/aarch64/crash_console_helpers.S /rk3399_ARM-atf/plat/imx/imx8m/imx8m_measured_boot.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mq/imx8mq_psci.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mq/include/platform_def.h /rk3399_ARM-atf/plat/imx/imx8m/imx8mq/platform.mk /rk3399_ARM-atf/plat/intel/soc/agilex/bl31_plat_setup.c /rk3399_ARM-atf/plat/intel/soc/agilex/include/agilex_pinmux.h /rk3399_ARM-atf/plat/intel/soc/agilex/soc/agilex_pinmux.c /rk3399_ARM-atf/plat/intel/soc/common/drivers/ccu/ncore_ccu.c /rk3399_ARM-atf/plat/intel/soc/common/include/socfpga_fcs.h /rk3399_ARM-atf/plat/intel/soc/common/include/socfpga_mailbox.h /rk3399_ARM-atf/plat/intel/soc/common/include/socfpga_sip_svc.h /rk3399_ARM-atf/plat/intel/soc/common/include/socfpga_system_manager.h /rk3399_ARM-atf/plat/intel/soc/common/sip/socfpga_sip_fcs.c /rk3399_ARM-atf/plat/intel/soc/common/soc/socfpga_firewall.c /rk3399_ARM-atf/plat/intel/soc/common/soc/socfpga_mailbox.c /rk3399_ARM-atf/plat/intel/soc/common/socfpga_sip_svc.c /rk3399_ARM-atf/plat/nxp/common/nv_storage/plat_nv_storage.c /rk3399_ARM-atf/plat/nxp/soc-ls1028a/soc.def /rk3399_ARM-atf/plat/nxp/soc-ls1043a/soc.c /rk3399_ARM-atf/plat/nxp/soc-ls1043a/soc.mk /rk3399_ARM-atf/plat/nxp/soc-ls1046a/soc.c /rk3399_ARM-atf/plat/nxp/soc-ls1046a/soc.def /rk3399_ARM-atf/plat/nxp/soc-ls1046a/soc.mk /rk3399_ARM-atf/plat/nxp/soc-ls1088a/ls1088aqds/ddr_init.c /rk3399_ARM-atf/plat/nxp/soc-ls1088a/ls1088ardb/ddr_init.c /rk3399_ARM-atf/plat/nxp/soc-ls1088a/soc.c /rk3399_ARM-atf/plat/nxp/soc-ls1088a/soc.def /rk3399_ARM-atf/plat/nxp/soc-ls1088a/soc.mk /rk3399_ARM-atf/plat/nxp/soc-lx2160a/include/soc.h /rk3399_ARM-atf/plat/nxp/soc-lx2160a/soc.c /rk3399_ARM-atf/plat/nxp/soc-lx2160a/soc.def /rk3399_ARM-atf/plat/nxp/soc-lx2160a/soc.mk /rk3399_ARM-atf/plat/qemu/common/qemu_bl2_mem_params_desc.c /rk3399_ARM-atf/plat/qemu/common/qemu_bl2_setup.c /rk3399_ARM-atf/plat/qemu/common/qemu_common.c /rk3399_ARM-atf/plat/qemu/common/qemu_io_storage.c /rk3399_ARM-atf/plat/qemu/common/qemu_private.h /rk3399_ARM-atf/plat/qemu/qemu/include/platform_def.h /rk3399_ARM-atf/plat/qemu/qemu/platform.mk /rk3399_ARM-atf/plat/qemu/qemu/qemu_measured_boot.c /rk3399_ARM-atf/plat/qemu/qemu_sbsa/platform.mk /rk3399_ARM-atf/plat/st/common/bl2_io_storage.c /rk3399_ARM-atf/plat/st/common/include/stm32mp_efi.h /rk3399_ARM-atf/plat/st/common/stm32mp_crypto_lib.c /rk3399_ARM-atf/plat/st/common/stm32mp_dt.c /rk3399_ARM-atf/plat/st/stm32mp1/bl2_plat_setup.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_fconf_firewall.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_private.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_syscfg.c /rk3399_ARM-atf/plat/xilinx/common/ipi_mailbox_service/ipi_mailbox_svc.c /rk3399_ARM-atf/plat/xilinx/versal/pm_service/pm_client.c /rk3399_ARM-atf/plat/xilinx/versal/pm_service/pm_svc_main.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_svc_main.c /rk3399_ARM-atf/services/std_svc/rmmd/trp/trp_entry.S /rk3399_ARM-atf/services/std_svc/rmmd/trp/trp_main.c /rk3399_ARM-atf/services/std_svc/rmmd/trp/trp_private.h /rk3399_ARM-atf/services/std_svc/spm/el3_spmc/spmc.h /rk3399_ARM-atf/services/std_svc/spm/el3_spmc/spmc.mk /rk3399_ARM-atf/services/std_svc/spm/el3_spmc/spmc_main.c /rk3399_ARM-atf/services/std_svc/spm/el3_spmc/spmc_shared_mem.c /rk3399_ARM-atf/tools/nxp/create_pbl/create_pbl.c /rk3399_ARM-atf/tools/sptool/sp_mk_generator.py
3be9c276	05-Nov-2022	Mate Toth-Pal <mate.toth-pal@arm.com>	build: enable adding MbedTLS files for platform The platform.mk can add extra MbedTLS source files to LIBMBEDTLS_SRC. Change-Id: Ida9abfd59d8b02eae23ec0a7f326db060b42bf49 Signed-off-by: Mate Toth-P build: enable adding MbedTLS files for platform The platform.mk can add extra MbedTLS source files to LIBMBEDTLS_SRC. Change-Id: Ida9abfd59d8b02eae23ec0a7f326db060b42bf49 Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com> show more ... /rk3399_ARM-atf/.gitignore /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/docs/about/index.rst /rk3399_ARM-atf/docs/about/release-information.rst /rk3399_ARM-atf/docs/change-log.md /rk3399_ARM-atf/docs/components/ffa-manifest-binding.rst /rk3399_ARM-atf/docs/components/index.rst /rk3399_ARM-atf/docs/components/secure-partition-manager.rst /rk3399_ARM-atf/docs/conf.py /rk3399_ARM-atf/docs/design/index.rst /rk3399_ARM-atf/docs/design_documents/index.rst /rk3399_ARM-atf/docs/getting_started/docs-build.rst /rk3399_ARM-atf/docs/getting_started/image-terminology.rst /rk3399_ARM-atf/docs/getting_started/index.rst /rk3399_ARM-atf/docs/getting_started/initial-build.rst /rk3399_ARM-atf/docs/getting_started/porting-guide.rst /rk3399_ARM-atf/docs/getting_started/prerequisites.rst /rk3399_ARM-atf/docs/getting_started/tools-build.rst /rk3399_ARM-atf/docs/index.rst /rk3399_ARM-atf/docs/perf/index.rst /rk3399_ARM-atf/docs/plat/index.rst /rk3399_ARM-atf/docs/plat/marvell/armada/build.rst /rk3399_ARM-atf/docs/plat/marvell/armada/uart-booting.rst /rk3399_ARM-atf/docs/plat/qemu.rst /rk3399_ARM-atf/docs/plat/stm32mp1.rst /rk3399_ARM-atf/docs/process/index.rst /rk3399_ARM-atf/docs/security_advisories/index.rst /rk3399_ARM-atf/docs/threat_model/index.rst /rk3399_ARM-atf/docs/threat_model/threat_model_spm.rst mbedtls/mbedtls_common.mk /rk3399_ARM-atf/fdts/stm32mp1-cot-descriptors.dtsi /rk3399_ARM-atf/fdts/stm32mp13-bl2.dtsi /rk3399_ARM-atf/fdts/stm32mp131.dtsi /rk3399_ARM-atf/fdts/stm32mp135f-dk.dts /rk3399_ARM-atf/fdts/stm32mp15-bl2.dtsi /rk3399_ARM-atf/fdts/stm32mp151.dtsi /rk3399_ARM-atf/include/common/tbbr/cot_def.h /rk3399_ARM-atf/include/drivers/io/io_storage.h /rk3399_ARM-atf/include/lib/psa/measured_boot.h /rk3399_ARM-atf/lib/aarch32/cache_helpers.S /rk3399_ARM-atf/lib/aarch64/cache_helpers.S /rk3399_ARM-atf/lib/fconf/fconf_tbbr_getter.c /rk3399_ARM-atf/lib/psa/measured_boot.c /rk3399_ARM-atf/lib/psa/measured_boot_private.h /rk3399_ARM-atf/package-lock.json /rk3399_ARM-atf/package.json /rk3399_ARM-atf/plat/intel/soc/agilex/platform.mk /rk3399_ARM-atf/plat/intel/soc/common/include/platform_def.h /rk3399_ARM-atf/plat/intel/soc/n5x/platform.mk /rk3399_ARM-atf/plat/intel/soc/stratix10/platform.mk /rk3399_ARM-atf/plat/mediatek/build_helpers/options.mk /rk3399_ARM-atf/plat/mediatek/drivers/audio/audio.c /rk3399_ARM-atf/plat/mediatek/drivers/audio/audio.h /rk3399_ARM-atf/plat/mediatek/drivers/audio/mt8188/audio_domain.c /rk3399_ARM-atf/plat/mediatek/drivers/audio/mt8188/mt_audio_private.h /rk3399_ARM-atf/plat/mediatek/drivers/audio/mt8188/rules.mk /rk3399_ARM-atf/plat/mediatek/drivers/audio/rules.mk /rk3399_ARM-atf/plat/mediatek/drivers/ptp3/mt8188/ptp3_plat.h /rk3399_ARM-atf/plat/mediatek/drivers/ptp3/ptp3_common.c /rk3399_ARM-atf/plat/mediatek/drivers/ptp3/ptp3_common.h /rk3399_ARM-atf/plat/mediatek/drivers/ptp3/rules.mk /rk3399_ARM-atf/plat/mediatek/include/mtk_sip_def.h /rk3399_ARM-atf/plat/mediatek/lib/pm/armv8_2/pwr_ctrl.c /rk3399_ARM-atf/plat/mediatek/lib/pm/mtk_pm.h /rk3399_ARM-atf/plat/mediatek/mt8186/drivers/spm/mt_spm_pmic_wrap.c /rk3399_ARM-atf/plat/mediatek/mt8188/include/platform_def.h /rk3399_ARM-atf/plat/mediatek/mt8188/include/spm_reg.h /rk3399_ARM-atf/plat/mediatek/mt8188/plat_config.mk /rk3399_ARM-atf/plat/mediatek/mt8188/plat_mmap.c /rk3399_ARM-atf/plat/mediatek/mt8188/platform.mk /rk3399_ARM-atf/plat/mediatek/mt8195/drivers/ptp3/ptp3_plat.h /rk3399_ARM-atf/plat/mediatek/mt8195/plat_pm.c /rk3399_ARM-atf/plat/mediatek/mt8195/platform.mk /rk3399_ARM-atf/plat/rockchip/common/params_setup.c /rk3399_ARM-atf/plat/st/common/bl2_io_storage.c /rk3399_ARM-atf/plat/st/common/include/stm32mp_common.h /rk3399_ARM-atf/plat/st/common/include/stm32mp_io_storage.h /rk3399_ARM-atf/plat/st/common/stm32mp_common.c /rk3399_ARM-atf/plat/st/common/stm32mp_fconf_io.c /rk3399_ARM-atf/plat/st/common/stm32mp_trusted_boot.c /rk3399_ARM-atf/plat/st/stm32mp1/bl2_plat_setup.c /rk3399_ARM-atf/plat/st/stm32mp1/cert_create_tbbr.mk /rk3399_ARM-atf/plat/st/stm32mp1/include/boot_api.h /rk3399_ARM-atf/plat/st/stm32mp1/include/plat_def_fip_uuid.h /rk3399_ARM-atf/plat/st/stm32mp1/include/plat_tbbr_img_def.h /rk3399_ARM-atf/plat/st/stm32mp1/include/platform_def.h /rk3399_ARM-atf/plat/st/stm32mp1/include/stm32mp1_mbedtls_config.h /rk3399_ARM-atf/plat/st/stm32mp1/include/stm32mp1_private.h /rk3399_ARM-atf/plat/st/stm32mp1/include/tbbr/stm32mp1_tbb_cert.h /rk3399_ARM-atf/plat/st/stm32mp1/plat_def_uuid_config.c /rk3399_ARM-atf/plat/st/stm32mp1/plat_fiptool.mk /rk3399_ARM-atf/plat/st/stm32mp1/plat_image_load.c /rk3399_ARM-atf/plat/st/stm32mp1/platform.mk /rk3399_ARM-atf/plat/st/stm32mp1/sp_min/sp_min-stm32mp1.mk /rk3399_ARM-atf/plat/st/stm32mp1/sp_min/sp_min_setup.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1.S /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1.ld.S /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_def.h /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_fip_def.h /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_private.c /rk3399_ARM-atf/plat/st/stm32mp1/stm32mp1_tbb_cert.c /rk3399_ARM-atf/plat/xilinx/common/include/pm_ipi.h /rk3399_ARM-atf/plat/xilinx/common/pm_service/pm_ipi.c /rk3399_ARM-atf/plat/xilinx/versal/pm_service/pm_svc_main.c /rk3399_ARM-atf/plat/xilinx/zynqmp/include/plat_ipi.h /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_client.c /rk3399_ARM-atf/plat/xilinx/zynqmp/pm_service/pm_svc_main.c /rk3399_ARM-atf/tools/conventional-changelog-tf-a/package.json
ed38366f	23-Dec-2020	Nicolas Toromanoff <nicolas.toromanoff@st.com>	fix(auth): correct sign-compare warning Correct the warning due to comparison between signed and unsigned variable. drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext': drivers/auth/m fix(auth): correct sign-compare warning Correct the warning due to comparison between signed and unsigned variable. drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext': drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30: error: comparison of integer expressions of different signedness: 'int' and 'size_t' {aka 'unsigned int'} [-Werror=sign-compare] 120 \| if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) { \| ^~ Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> show more ... mbedtls/mbedtls_x509_parser.c
40f9f644	09-Nov-2020	Nicolas Toromanoff <nicolas.toromanoff@st.com>	feat(auth): allow to verify PublicKey with platform format PK In some platform the digest of the public key saved in the OTP is not the digest of the exact same public key buffer needed to check the feat(auth): allow to verify PublicKey with platform format PK In some platform the digest of the public key saved in the OTP is not the digest of the exact same public key buffer needed to check the signature. Typically, platform checks signature using the DER ROTPK whereas some others add some related information. Add a new platform weak function to transform the public key buffer used by verify_signature to a platform specific public key. Mark this new weak function as deprecated as it will be replaced by another framework implementation. Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com> show more ... /rk3399_ARM-atf/.nvmrc /rk3399_ARM-atf/Makefile /rk3399_ARM-atf/bl1/bl1.ld.S /rk3399_ARM-atf/bl2/bl2.ld.S /rk3399_ARM-atf/bl31/aarch64/ea_delegate.S /rk3399_ARM-atf/bl31/aarch64/runtime_exceptions.S /rk3399_ARM-atf/bl31/bl31.mk /rk3399_ARM-atf/changelog.yaml /rk3399_ARM-atf/common/aarch64/debug.S /rk3399_ARM-atf/common/backtrace/backtrace.c /rk3399_ARM-atf/docs/about/maintainers.rst /rk3399_ARM-atf/docs/about/release-information.rst /rk3399_ARM-atf/docs/components/el3-spmc.rst /rk3399_ARM-atf/docs/components/index.rst /rk3399_ARM-atf/docs/components/ras.rst /rk3399_ARM-atf/docs/components/realm-management-extension.rst /rk3399_ARM-atf/docs/design/cpu-specific-build-macros.rst /rk3399_ARM-atf/docs/design/firmware-design.rst /rk3399_ARM-atf/docs/design_documents/drtm_poc.rst /rk3399_ARM-atf/docs/design_documents/index.rst /rk3399_ARM-atf/docs/getting_started/build-options.rst /rk3399_ARM-atf/docs/getting_started/porting-guide.rst /rk3399_ARM-atf/docs/getting_started/prerequisites.rst /rk3399_ARM-atf/docs/getting_started/psci-lib-integration-guide.rst /rk3399_ARM-atf/docs/glossary.rst /rk3399_ARM-atf/docs/plat/arm/arm-build-options.rst /rk3399_ARM-atf/docs/plat/arm/fvp/index.rst /rk3399_ARM-atf/docs/plat/arm/tc/index.rst /rk3399_ARM-atf/docs/plat/imx8m.rst /rk3399_ARM-atf/docs/plat/index.rst /rk3399_ARM-atf/docs/plat/marvell/armada/build.rst /rk3399_ARM-atf/docs/process/coding-guidelines.rst /rk3399_ARM-atf/docs/process/commit-style.rst /rk3399_ARM-atf/docs/process/index.rst /rk3399_ARM-atf/docs/process/platform-ports-policy.rst /rk3399_ARM-atf/docs/resources/diagrams/ff-a-lsp-at-el3.png /rk3399_ARM-atf/docs/resources/diagrams/ff-a-spm-at-el3.png /rk3399_ARM-atf/docs/resources/diagrams/plantuml/el3_spm_dfd.puml /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-9.rst /rk3399_ARM-atf/docs/threat_model/index.rst /rk3399_ARM-atf/docs/threat_model/threat_model_el3_spm.rst /rk3399_ARM-atf/drivers/arm/ethosn/ethosn_smc.c /rk3399_ARM-atf/drivers/arm/gic/v3/gic600_multichip_private.h /rk3399_ARM-atf/drivers/arm/rss/rss_comms.c /rk3399_ARM-atf/drivers/arm/rss/rss_comms.mk /rk3399_ARM-atf/drivers/arm/rss/rss_comms_protocol.c /rk3399_ARM-atf/drivers/arm/rss/rss_comms_protocol_embed.c /rk3399_ARM-atf/drivers/arm/rss/rss_comms_protocol_embed.h /rk3399_ARM-atf/drivers/arm/rss/rss_comms_protocol_pointer_access.c auth_mod.c /rk3399_ARM-atf/drivers/measured_boot/event_log/event_log.c /rk3399_ARM-atf/drivers/measured_boot/rss/rss_measured_boot.c /rk3399_ARM-atf/drivers/st/crypto/stm32_hash.c /rk3399_ARM-atf/drivers/st/crypto/stm32_pka.c /rk3399_ARM-atf/drivers/st/crypto/stm32_rng.c /rk3399_ARM-atf/drivers/st/crypto/stm32_saes.c /rk3399_ARM-atf/drivers/ufs/ufs.c /rk3399_ARM-atf/fdts/fvp-base-gicv2-psci.dts /rk3399_ARM-atf/fdts/fvp-base-gicv2.dtsi /rk3399_ARM-atf/fdts/fvp-base-gicv3-psci-1t.dts /rk3399_ARM-atf/fdts/fvp-base-gicv3-psci-dynamiq-2t.dts /rk3399_ARM-atf/fdts/fvp-base-gicv3-psci-dynamiq.dts /rk3399_ARM-atf/fdts/fvp-base-gicv3-psci.dts /rk3399_ARM-atf/fdts/fvp-base-gicv3.dtsi /rk3399_ARM-atf/fdts/fvp-base-psci-common.dtsi /rk3399_ARM-atf/fdts/fvp-defs.dtsi /rk3399_ARM-atf/fdts/fvp-ve-Cortex-A5x1.dts /rk3399_ARM-atf/fdts/fvp-ve-Cortex-A7x1.dts /rk3399_ARM-atf/fdts/juno-ethosn.dtsi /rk3399_ARM-atf/fdts/rtsm_ve-motherboard.dtsi /rk3399_ARM-atf/fdts/stm32mp135f-dk.dts /rk3399_ARM-atf/include/arch/aarch64/arch_features.h /rk3399_ARM-atf/include/arch/aarch64/arch_helpers.h /rk3399_ARM-atf/include/arch/aarch64/asm_macros.S /rk3399_ARM-atf/include/common/debug.h /rk3399_ARM-atf/include/drivers/arm/ethosn.h /rk3399_ARM-atf/include/drivers/measured_boot/event_log/event_log.h /rk3399_ARM-atf/include/drivers/measured_boot/event_log/tcg.h /rk3399_ARM-atf/include/drivers/st/stm32_hash.h /rk3399_ARM-atf/include/drivers/st/stm32_pka.h /rk3399_ARM-atf/include/drivers/st/stm32_rng.h /rk3399_ARM-atf/include/drivers/st/stm32_saes.h /rk3399_ARM-atf/include/drivers/ufs.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_a510.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_a710.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_a77.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_hunter_elp_arm.h /rk3399_ARM-atf/include/lib/cpus/aarch64/cortex_x3.h /rk3399_ARM-atf/include/lib/cpus/aarch64/neoverse_n2.h /rk3399_ARM-atf/include/lib/libc/aarch32/float.h /rk3399_ARM-atf/include/lib/libc/aarch64/float.h /rk3399_ARM-atf/include/lib/libc/sys/cdefs.h /rk3399_ARM-atf/include/lib/libfdt/libfdt.h /rk3399_ARM-atf/include/lib/psa/delegated_attestation.h /rk3399_ARM-atf/include/lib/psa/psa_manifest/sid.h /rk3399_ARM-atf/include/lib/smccc.h /rk3399_ARM-atf/include/lib/xlat_tables/xlat_tables_compat.h /rk3399_ARM-atf/include/plat/arm/common/arm_sip_svc.h /rk3399_ARM-atf/include/plat/arm/common/fconf_ethosn_getter.h /rk3399_ARM-atf/include/plat/arm/common/plat_arm.h /rk3399_ARM-atf/include/plat/common/plat_drtm.h /rk3399_ARM-atf/include/plat/common/platform.h /rk3399_ARM-atf/include/services/drtm_svc.h /rk3399_ARM-atf/include/services/sdei.h /rk3399_ARM-atf/include/services/trng_svc.h /rk3399_ARM-atf/lib/aarch32/cache_helpers.S /rk3399_ARM-atf/lib/aarch64/cache_helpers.S /rk3399_ARM-atf/lib/compiler-rt/builtins/arm/aeabi_ldivmod.S /rk3399_ARM-atf/lib/compiler-rt/builtins/arm/aeabi_memcpy.S /rk3399_ARM-atf/lib/compiler-rt/builtins/arm/aeabi_uldivmod.S /rk3399_ARM-atf/lib/compiler-rt/builtins/assembly.h /rk3399_ARM-atf/lib/compiler-rt/builtins/ctzdi2.c /rk3399_ARM-atf/lib/compiler-rt/builtins/divdi3.c /rk3399_ARM-atf/lib/compiler-rt/builtins/divmoddi4.c /rk3399_ARM-atf/lib/compiler-rt/builtins/int_div_impl.inc /rk3399_ARM-atf/lib/compiler-rt/builtins/int_endianness.h /rk3399_ARM-atf/lib/compiler-rt/builtins/int_lib.h /rk3399_ARM-atf/lib/compiler-rt/builtins/int_math.h /rk3399_ARM-atf/lib/compiler-rt/builtins/int_types.h /rk3399_ARM-atf/lib/compiler-rt/builtins/int_util.h /rk3399_ARM-atf/lib/compiler-rt/builtins/lshrdi3.c /rk3399_ARM-atf/lib/compiler-rt/builtins/popcountdi2.c /rk3399_ARM-atf/lib/compiler-rt/builtins/popcountsi2.c /rk3399_ARM-atf/lib/compiler-rt/builtins/udivmoddi4.c /rk3399_ARM-atf/lib/compiler-rt/compiler-rt.mk /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a510.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a710.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a76.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_a77.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_hunter_elp_arm.S /rk3399_ARM-atf/lib/cpus/aarch64/cortex_x3.S /rk3399_ARM-atf/lib/cpus/aarch64/neoverse_n1.S /rk3399_ARM-atf/lib/cpus/aarch64/neoverse_n2.S /rk3399_ARM-atf/lib/cpus/aarch64/neoverse_v1.S /rk3399_ARM-atf/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S /rk3399_ARM-atf/lib/cpus/cpu-ops.mk /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S /rk3399_ARM-atf/lib/el3_runtime/aarch64/context_mgmt.c /rk3399_ARM-atf/lib/extensions/sme/sme.c /rk3399_ARM-atf/lib/libfdt/fdt.c /rk3399_ARM-atf/lib/libfdt/fdt_addresses.c /rk3399_ARM-atf/lib/libfdt/fdt_overlay.c /rk3399_ARM-atf/lib/libfdt/fdt_ro.c /rk3399_ARM-atf/lib/libfdt/fdt_rw.c /rk3399_ARM-atf/lib/libfdt/fdt_strerror.c /rk3399_ARM-atf/lib/libfdt/fdt_sw.c /rk3399_ARM-atf/lib/libfdt/libfdt_internal.h /rk3399_ARM-atf/lib/psa/delegated_attestation.c /rk3399_ARM-atf/lib/psa/measured_boot.c /rk3399_ARM-atf/lib/semihosting/semihosting.c /rk3399_ARM-atf/lib/zlib/crc32.c /rk3399_ARM-atf/lib/zlib/crc32.h /rk3399_ARM-atf/lib/zlib/inffast.c /rk3399_ARM-atf/lib/zlib/inflate.c /rk3399_ARM-atf/lib/zlib/inflate.h /rk3399_ARM-atf/lib/zlib/inftrees.c /rk3399_ARM-atf/lib/zlib/inftrees.h /rk3399_ARM-atf/lib/zlib/zconf.h /rk3399_ARM-atf/lib/zlib/zlib.h /rk3399_ARM-atf/lib/zlib/zutil.c /rk3399_ARM-atf/lib/zlib/zutil.h /rk3399_ARM-atf/make_helpers/build_macros.mk /rk3399_ARM-atf/make_helpers/defaults.mk /rk3399_ARM-atf/package-lock.json /rk3399_ARM-atf/plat/arm/board/fvp/fvp_drtm_addr.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_drtm_dma_prot.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_drtm_err.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_drtm_measurement.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_drtm_stub.c /rk3399_ARM-atf/plat/arm/board/fvp/fvp_err.c /rk3399_ARM-atf/plat/arm/board/fvp/include/platform_def.h /rk3399_ARM-atf/plat/arm/board/fvp/platform.mk /rk3399_ARM-atf/plat/arm/board/rdn1edge/platform.mk /rk3399_ARM-atf/plat/arm/board/rdn2/platform.mk /rk3399_ARM-atf/plat/arm/board/rdn2/rdn2_plat.c /rk3399_ARM-atf/plat/arm/board/sgi575/platform.mk /rk3399_ARM-atf/plat/arm/board/tc/include/platform_def.h /rk3399_ARM-atf/plat/arm/board/tc/platform.mk /rk3399_ARM-atf/plat/arm/board/tc/tc_bl1_measured_boot.c /rk3399_ARM-atf/plat/arm/board/tc/tc_bl2_measured_boot.c /rk3399_ARM-atf/plat/arm/board/tc/tc_common_measured_boot.c /rk3399_ARM-atf/plat/arm/board/tc/tc_plat.c /rk3399_ARM-atf/plat/arm/common/arm_common.c /rk3399_ARM-atf/plat/arm/common/arm_common.mk /rk3399_ARM-atf/plat/arm/common/arm_err.c /rk3399_ARM-atf/plat/arm/common/fconf/fconf_ethosn_getter.c /rk3399_ARM-atf/plat/arm/css/sgi/sgi-common.mk /rk3399_ARM-atf/plat/common/aarch64/plat_common.c /rk3399_ARM-atf/plat/hisilicon/hikey960/aarch64/hikey960_common.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_bl2_mem_params_desc.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_bl2_setup.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_bl31_setup.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_def.h /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_el3_spmc_logical_sp.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_image_load.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_io_storage.c /rk3399_ARM-atf/plat/hisilicon/hikey960/hikey960_private.h /rk3399_ARM-atf/plat/hisilicon/hikey960/include/plat.ld.S /rk3399_ARM-atf/plat/hisilicon/hikey960/include/platform_def.h /rk3399_ARM-atf/plat/hisilicon/hikey960/platform.mk /rk3399_ARM-atf/plat/imx/common/imx_sip_svc.c /rk3399_ARM-atf/plat/imx/common/include/imx_sip_svc.h /rk3399_ARM-atf/plat/imx/imx8m/ddr/dram.c /rk3399_ARM-atf/plat/imx/imx8m/imx8m_psci_common.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mm/include/platform_def.h /rk3399_ARM-atf/plat/imx/imx8m/imx8mm/platform.mk /rk3399_ARM-atf/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mn/include/platform_def.h /rk3399_ARM-atf/plat/imx/imx8m/imx8mn/platform.mk /rk3399_ARM-atf/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c /rk3399_ARM-atf/plat/imx/imx8m/imx8mp/include/platform_def.h /rk3399_ARM-atf/plat/imx/imx8m/imx8mp/platform.mk /rk3399_ARM-atf/plat/imx/imx8m/imx_hab.c /rk3399_ARM-atf/plat/marvell/armada/a3k/common/a3700_common.mk /rk3399_ARM-atf/plat/marvell/armada/a3k/common/a3700_ea.c /rk3399_ARM-atf/plat/mediatek/common/mtk_bl31_setup.c /rk3399_ARM-atf/plat/mediatek/mt8186/drivers/emi_mpu/emi_mpu.c /rk3399_ARM-atf/plat/nvidia/tegra/soc/t194/platform_t194.mk /rk3399_ARM-atf/plat/qti/common/inc/qti_plat.h /rk3399_ARM-atf/plat/qti/common/src/qti_common.c /rk3399_ARM-atf/plat/qti/common/src/qti_interrupt_svc.c /rk3399_ARM-atf/plat/qti/sc7180/inc/platform_def.h /rk3399_ARM-atf/plat/qti/sc7180/inc/qti_map_chipinfo.h /rk3399_ARM-atf/plat/qti/sc7280/inc/platform_def.h /rk3399_ARM-atf/plat/qti/sc7280/inc/qti_map_chipinfo.h /rk3399_ARM-atf/plat/renesas/common/common.mk /rk3399_ARM-atf/plat/rockchip/common/pmusram/cpus_on_fixed_addr.h /rk3399_ARM-atf/plat/rpi/common/rpi3_pm.c /rk3399_ARM-atf/plat/st/common/stm32mp_crypto_lib.c /rk3399_ARM-atf/plat/st/stm32mp1/bl2_plat_setup.c /rk3399_ARM-atf/plat/st/stm32mp1/platform.mk /rk3399_ARM-atf/plat/ti/k3/common/plat_common.mk /rk3399_ARM-atf/plat/xilinx/versal/platform.mk /rk3399_ARM-atf/plat/xilinx/versal_net/bl31_versal_net_setup.c /rk3399_ARM-atf/plat/xilinx/versal_net/platform.mk /rk3399_ARM-atf/services/std_svc/drtm/drtm_dma_prot.c /rk3399_ARM-atf/services/std_svc/drtm/drtm_dma_prot.h /rk3399_ARM-atf/services/std_svc/drtm/drtm_main.c /rk3399_ARM-atf/services/std_svc/drtm/drtm_main.h /rk3399_ARM-atf/services/std_svc/drtm/drtm_measurements.c /rk3399_ARM-atf/services/std_svc/drtm/drtm_measurements.h /rk3399_ARM-atf/services/std_svc/drtm/drtm_remediation.c /rk3399_ARM-atf/services/std_svc/drtm/drtm_remediation.h /rk3399_ARM-atf/services/std_svc/drtm/drtm_res_address_map.c /rk3399_ARM-atf/services/std_svc/sdei/sdei_event.c /rk3399_ARM-atf/services/std_svc/spm/el3_spmc/spmc_shared_mem.c /rk3399_ARM-atf/services/std_svc/std_svc_setup.c /rk3399_ARM-atf/services/std_svc/trng/trng_entropy_pool.c /rk3399_ARM-atf/services/std_svc/trng/trng_main.c /rk3399_ARM-atf/tools/cert_create/Makefile /rk3399_ARM-atf/tools/cert_create/include/cert.h /rk3399_ARM-atf/tools/cert_create/include/ext.h /rk3399_ARM-atf/tools/cert_create/include/key.h /rk3399_ARM-atf/tools/cert_create/src/cert.c /rk3399_ARM-atf/tools/cert_create/src/ext.c /rk3399_ARM-atf/tools/cert_create/src/key.c /rk3399_ARM-atf/tools/cert_create/src/main.c /rk3399_ARM-atf/tools/cert_create/src/sha.c /rk3399_ARM-atf/tools/encrypt_fw/Makefile /rk3399_ARM-atf/tools/fiptool/Makefile /rk3399_ARM-atf/tools/sptool/sp_mk_generator.py
2bf4f27f	20-Jun-2022	Manish V Badarkhe <Manish.Badarkhe@arm.com>	refactor(crypto): change CRYPTO_SUPPORT flag to numeric Updated CRYPTO_SUPPORT flag to numeric to provide below supports - 1. CRYPTO_SUPPORT = 1 -> Authentication verification only 2. CRYPTO_SUPPORT refactor(crypto): change CRYPTO_SUPPORT flag to numeric Updated CRYPTO_SUPPORT flag to numeric to provide below supports - 1. CRYPTO_SUPPORT = 1 -> Authentication verification only 2. CRYPTO_SUPPORT = 2 -> Hash calculation only 3. CRYPTO_SUPPORT = 3 -> Authentication verification and hash calculation Change-Id: Ib34f31457a6c87d2356d736ad2d048dc787da56f Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> show more ... /rk3399_ARM-atf/Makefile crypto_mod.c mbedtls/mbedtls_crypto.c /rk3399_ARM-atf/include/drivers/auth/crypto_mod.h
1 234 5 6 7 8