| #
781f9c52 |
| 19-Jan-2024 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge changes from topic "cca_dtb" into integration
* changes:
docs(fconf): update bindings for multi-RoT CoTs
feat(fconf): support signing-key in root cert node
|
| #
04ac0b3c |
| 10-Jan-2024 |
laurenw-arm <lauren.wehrmeister@arm.com> |
feat(fconf): support signing-key in root cert node
Until now we have only supported describing chain of trusts through the
CoT DTB with a single ROTPK so the signing key for root certificates was
im
feat(fconf): support signing-key in root cert node
Until now we have only supported describing chain of trusts through the
CoT DTB with a single ROTPK so the signing key for root certificates was
implicit. Therefore signing key was not a supported property in the
root certificates node.
Now we want to extend that to describe CoTs with mulitiple roots of
trust so we need a way to specify for each root certificate with which
ROTPK it should be verified. For that, we reuse the 'signing-key'
property already in use for the non-root certificates, but we make it
optional for root certificates in single-RoT CoTs and for root
certificates signed with the default ROTPK in multi-RoT CoTs.
Change-Id: I41eb6579e8f1d01eaf10480fe5e224d2eed9c736
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
show more ...
|
| #
766d78b1 |
| 27-Feb-2023 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topic "mbedtls3_support" into integration
* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add b
Merge changes from topic "mbedtls3_support" into integration
* changes:
feat(stm32mp1): add mbedtls-3.3 support config
refactor(fvp): minor cleanup with TRUSTED_BOARD_BOOT
style(crypto): add braces for if statement
feat(fvp): increase BL1_RW and BL2 size
feat(mbedtls): add support for mbedtls-3.3
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
show more ...
|
| #
a8eadc51 |
| 11-Jan-2023 |
Govindraj Raja <govindraj.raja@arm.com> |
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.
However from mbedtls-3.x onwards it di
refactor(mbedtls): avoid including MBEDTLS_CONFIG_FILE
Currently we include MBEDTLS_CONFIG_FILE directly and if a custom
config file is used it will included.
However from mbedtls-3.x onwards it discourages usage of
MBEDTLS_CONFIG_FILE include directly, so to resolve this and keep 2.28
compatibility include version.h which would include the custom config
file if present and also would expose us with mbedtls-major-version
number which could be used for selecting features and functions for
mbedtls 2.28 or 3.3
Change-Id: I029992311be2a38b588ebbb350875b03ea29acdb
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
show more ...
|
| #
af68314d |
| 07-Mar-2022 |
Bipin Ravi <bipin.ravi@arm.com> |
Merge "refactor(mbedtls): allow platform to specify their config file" into integration
|
| #
033f6137 |
| 27-Jan-2022 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
refactor(mbedtls): allow platform to specify their config file
Common mbedTLS implementation include the fixed configuration
file of mbedTLS and that does not gives flexilibility to the
platform to
refactor(mbedtls): allow platform to specify their config file
Common mbedTLS implementation include the fixed configuration
file of mbedTLS and that does not gives flexilibility to the
platform to include their own mbedTLS configuration.
Hence changes are done so that platform can include their own
mbedTLS configuration file.
Signed-off-by: Lucian Paul-Trifu <lucian.paul-trifu@arm.com>
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I04546589f67299e26b0a6a6e151cdf1fdb302607
show more ...
|
| #
b2a9e431 |
| 15-Sep-2020 |
Madhukar Pappireddy <madhukar.pappireddy@arm.com> |
Merge changes from topic "cot-parser" into integration
* changes:
plat/arm: fvp: Increase BL2 maximum size
lib: fconf: Implement a parser to populate CoT
|
| #
28e9a55f |
| 23-Jul-2020 |
Manish V Badarkhe <Manish.Badarkhe@arm.com> |
lib: fconf: Implement a parser to populate CoT
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled
lib: fconf: Implement a parser to populate CoT
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.
[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html
Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
show more ...
|