| #
056b4154 |
| 13-Sep-2024 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topic "draft-ffm-rats-cca-token-00" into integration
* changes:
refactor(docs): update RSE docs to match the example CCA token
refactor(qemu): use the example CCA platform tok
Merge changes from topic "draft-ffm-rats-cca-token-00" into integration
* changes:
refactor(docs): update RSE docs to match the example CCA token
refactor(qemu): use the example CCA platform token from iat-verifier
refactor(fvp): use the example CCA platform token from iat-verifier
show more ...
|
| #
051c7ad8 |
| 13-Sep-2024 |
Soby Mathew <soby.mathew@arm.com> |
Merge "refactor(rmmd): plat token requests in pieces" into integration
|
| #
42cf6026 |
| 10-Jul-2024 |
Juan Pablo Conde <juanpablo.conde@arm.com> |
refactor(rmmd): plat token requests in pieces
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token
refactor(rmmd): plat token requests in pieces
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.
TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.
The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.
Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
show more ...
|
| #
4f3e0cdc |
| 04-Sep-2024 |
Tamas Ban <tamas.ban@arm.com> |
refactor(fvp): use the example CCA platform token from iat-verifier
In [1] and [2], the example CCA platform token has been updated to be
aligned with the new profile(s) defined in draft-ffm-rats-cc
refactor(fvp): use the example CCA platform token from iat-verifier
In [1] and [2], the example CCA platform token has been updated to be
aligned with the new profile(s) defined in draft-ffm-rats-cca-token-00.
This change replaces the static CCA platform token in the FVP platform.
[1] https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/30812
[2] https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/31036
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia23f0dffe618dca04f9f3c46c953a6f021101b09
show more ...
|
| #
5f960f0a |
| 03-Jul-2024 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "refactor(tc): use the example CCA platform token from iat-verifier" into integration
|
| #
157375d6 |
| 21-May-2024 |
Thomas Fossati <thomas.fossati@linaro.org> |
refactor(tc): use the example CCA platform token from iat-verifier
In [1], the example CCA platform token has been updated to fix a small
problem with the description of one of the software componen
refactor(tc): use the example CCA platform token from iat-verifier
In [1], the example CCA platform token has been updated to fix a small
problem with the description of one of the software components, and to
provide a more realistic breakdown of the expected components in the CCA
TCB.
This change replaces the static CCA platform token in the Total Compute
platform.
[1] https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/28493
Change-Id: I792e693cc994fc1e856f713fd97bac4930b28e1e
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
show more ...
|
| #
a1901c7d |
| 26-Apr-2024 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge changes from topic "rss_rse_rename" into integration
* changes:
refactor(changelog): change all occurrences of RSS to RSE
refactor(qemu): change all occurrences of RSS to RSE
refactor(fv
Merge changes from topic "rss_rse_rename" into integration
* changes:
refactor(changelog): change all occurrences of RSS to RSE
refactor(qemu): change all occurrences of RSS to RSE
refactor(fvp): change all occurrences of RSS to RSE
refactor(fiptool): change all occurrences of RSS to RSE
refactor(psa): change all occurrences of RSS to RSE
refactor(fvp): remove leftovers from rss measured boot support
refactor(tc): change all occurrences of RSS to RSE
docs: change all occurrences of RSS to RSE
refactor(measured-boot): change all occurrences of RSS to RSE
refactor(rse): change all occurrences of RSS to RSE
refactor(psa): rename all 'rss' files to 'rse'
refactor(tc): rename all 'rss' files to 'rse'
docs: rename all 'rss' files to 'rse'
refactor(measured-boot): rename all 'rss' files to 'rse'
refactor(rss): rename all 'rss' files to 'rse'
show more ...
|
| #
a822b8d8 |
| 22-Feb-2024 |
Tamas Ban <tamas.ban@arm.com> |
refactor(fvp): change all occurrences of RSS to RSE
Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id
refactor(fvp): change all occurrences of RSS to RSE
Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I36b8e498f3226fc72d21634aae2cc9328d00711d
show more ...
|
| #
6cc94958 |
| 31-Oct-2023 |
Manish V Badarkhe <manish.badarkhe@arm.com> |
Merge "refactor(fvp): do not use RSS platform token and attestation key APIs" into integration
|
| #
eb8700a9 |
| 11-Sep-2023 |
Manish V Badarkhe <Manish.Badarkhe@arm.com> |
refactor(fvp): do not use RSS platform token and attestation key APIs
Since FVP does not support RSS, RSS APIs used to provide the hardcoded
platform token and attestation key. However, that seems t
refactor(fvp): do not use RSS platform token and attestation key APIs
Since FVP does not support RSS, RSS APIs used to provide the hardcoded
platform token and attestation key. However, that seems to be causing
un-necessary mandating of some PSA crypto definitions, that doesn't
seem appropriate.
Hence to retrieve platform token and realm attestation key, these
RSS APIs calls have been replaced with hardcoded information.
Change-Id: I5fd091025e3444a698b9d387763ce20db6b13ae1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
show more ...
|
| #
bafd657a |
| 23-Mar-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge "refactor(fvp): use RSS API to retrieve attestation token and key" into integration
|
| #
d679cdec |
| 12-Mar-2023 |
Manish V Badarkhe <Manish.Badarkhe@arm.com> |
refactor(fvp): use RSS API to retrieve attestation token and key
Retrieved the platform attestation token and delegated realm attestation
key through the PSA delegated attestation layer.
Even thoug
refactor(fvp): use RSS API to retrieve attestation token and key
Retrieved the platform attestation token and delegated realm attestation
key through the PSA delegated attestation layer.
Even though FVP doesn't support RSS hardware today, it can still
leverage the RSS implementation of these PSA interfaces in their mocking
form (see PLAT_RSS_NOT_SUPPORTED).
Therefore, platform APIs now call these PSA interfaces instead of
directly providing these hardcoded values.
Change-Id: I31d0ca58f6f1a444f513d954da4e3e67757321ad
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
show more ...
|
| #
55d5c6a1 |
| 28-Feb-2023 |
Soby Mathew <soby.mathew@arm.com> |
Merge "fix(rme): update sample platform attestation token" into integration
|
| #
19c1dcef |
| 12-Jan-2023 |
Mate Toth-Pal <mate.toth-pal@arm.com> |
fix(rme): update sample platform attestation token
Update FVP platform attestation token to comply with RMM Beta0
specification. The changes are:
- change platform implementation id claim value from
fix(rme): update sample platform attestation token
Update FVP platform attestation token to comply with RMM Beta0
specification. The changes are:
- change platform implementation id claim value from 64 to 32 bits
- change Realm Challenge
- update Hash Algorithm Identifier claim value
- add protected header
- change signing algotithm to ECDSA ES384
Change-Id: I1c5907d1a4961ce08a1408d25128de125b3f2e7f
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
show more ...
|
| #
76453e7e |
| 29-Sep-2022 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "fix(rme): update FVP platform token" into integration
|
| #
364b4cdd |
| 19-Sep-2022 |
Mate Toth-Pal <mate.toth-pal@arm.com> |
fix(rme): update FVP platform token
Update test CCA Platform token in fvp_plat_attest_token.c to be
up-to-date with RMM spec Beta0.
Change-Id: I0f5e2ac1149eb6f7a93a997682f41d90e109a049
Signed-off-b
fix(rme): update FVP platform token
Update test CCA Platform token in fvp_plat_attest_token.c to be
up-to-date with RMM spec Beta0.
Change-Id: I0f5e2ac1149eb6f7a93a997682f41d90e109a049
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
show more ...
|
| #
717daadc |
| 05-Jul-2022 |
Soby Mathew <soby.mathew@arm.com> |
Merge changes from topic "jas/rmm-el3-ifc" into integration
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer
Merge changes from topic "jas/rmm-el3-ifc" into integration
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface
show more ...
|
| #
8c980a4a |
| 24-Nov-2021 |
Javier Almansa Sobrino <javier.almansasobrino@arm.com> |
feat(rmmd): add support for RMM Boot interface
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am
feat(rmmd): add support for RMM Boot interface
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
show more ...
|
| #
ad88c370 |
| 28-Mar-2022 |
Soby Mathew <soby.mathew@arm.com> |
Merge changes from topic "rme-attest" into integration
* changes:
feat(rme): add dummy realm attestation key to RMMD
feat(rme): add dummy platform token to RMMD
|
| #
0f9159b7 |
| 22-Mar-2022 |
Soby Mathew <soby.mathew@arm.com> |
feat(rme): add dummy platform token to RMMD
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC4000
feat(rme): add dummy platform token to RMMD
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
show more ...
|