| #
e2c3611c |
| 02-Sep-2024 |
Olivier Deprez <olivier.deprez@arm.com> |
Merge changes from topic "mb/misc-fixes" into integration
* changes:
docs: fix typos in cot binding
fix(drtm): return proper values for DRTM get and set error SMCs
fix(tools): update the fipto
Merge changes from topic "mb/misc-fixes" into integration
* changes:
docs: fix typos in cot binding
fix(drtm): return proper values for DRTM get and set error SMCs
fix(tools): update the fiptool and certtool to fix POSIX build
show more ...
|
| #
ccbfd01d |
| 19-Jul-2024 |
Manish V Badarkhe <Manish.Badarkhe@arm.com> |
fix(tools): update the fiptool and certtool to fix POSIX build
This patch fixes below issue raised:
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/8
https://github.com/TrustedFirmwa
fix(tools): update the fiptool and certtool to fix POSIX build
This patch fixes below issue raised:
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/8
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/9
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/10
Change-Id: I521bf7410535ffe49198789ba183cc401b3b88a0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
show more ...
|
| #
9c447788 |
| 25-Sep-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge changes If9672598,I219c49d3 into integration
* changes:
feat(cert-create): add pkcs11 engine support
fix(cert-create): key: Avoid having a temporary value for pkey in key_load
|
| #
616b3ce2 |
| 12-Sep-2023 |
Robin van der Gracht <robin@protonic.nl> |
feat(cert-create): add pkcs11 engine support
Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compli
feat(cert-create): add pkcs11 engine support
Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compliant PKCS11 URI to a key instead of a file as an
argument to one of the key options. This change is fully backwards
compatible.
This change makes use of the openssl engine API which is deprecated
since openssl 3.0 and will most likely be removed in version 4. So
pkcs11 support will have to be updated to the openssl provider API
in the near future.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: If96725988ca62c5613ec59123943bf15922f5d1f
show more ...
|
| #
007be5ec |
| 14-Aug-2020 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge changes from topic "sp_dual_signing" into integration
* changes:
dualroot: add chain of trust for Platform owned SPs
cert_create: add Platform owned secure partitions support
|
| #
23d5f03a |
| 24-Jul-2020 |
Manish Pandey <manish.pandey2@arm.com> |
cert_create: add Platform owned secure partitions support
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "s
cert_create: add Platform owned secure partitions support
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
show more ...
|
| #
99bcae5e |
| 26-Jun-2020 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge changes from topic "fw_config_handoff" into integration
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/a
Merge changes from topic "fw_config_handoff" into integration
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
show more ...
|
| #
9b3ca9b1 |
| 11-Jun-2020 |
Manish V Badarkhe <Manish.Badarkhe@arm.com> |
cert_tool: Update cert_tool for fw_config image support
Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.
Signed-off-by: Manish V Badarkh
cert_tool: Update cert_tool for fw_config image support
Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
show more ...
|
| #
02383c28 |
| 09-Jun-2020 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "sp_secure_boot" into integration
* changes:
dualroot: add chain of trust for secure partitions
sptool: append cert_tool arguments.
cert_create: add SiP owned secure p
Merge changes from topic "sp_secure_boot" into integration
* changes:
dualroot: add chain of trust for secure partitions
sptool: append cert_tool arguments.
cert_create: add SiP owned secure partitions support
show more ...
|
| #
0792dd7d |
| 22-May-2020 |
Manish Pandey <manish.pandey2@arm.com> |
cert_create: add SiP owned secure partitions support
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specific
cert_create: add SiP owned secure partitions support
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.
A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.
Following new options added to cert_tool:
--sip-sp-cert --> SiP owned Secure Partition Content Certificate
--sp-pkg1 --> Secure Partition Package1 file
--sp-pkg2
.....
--sp-pkg8
Trusted world key pair is used for signing.
Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
show more ...
|
| #
e3102677 |
| 10-Mar-2020 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
Merge changes from topic "sb/dualroot" into integration
* changes:
Build system: Changes to drive cert_create for dualroot CoT
cert_create: Define the dualroot CoT
Introduce a new "dualroot" c
Merge changes from topic "sb/dualroot" into integration
* changes:
Build system: Changes to drive cert_create for dualroot CoT
cert_create: Define the dualroot CoT
Introduce a new "dualroot" chain of trust
show more ...
|
| #
a9d5c273 |
| 10-Jan-2020 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
cert_create: Define the dualroot CoT
Selection of the chain of trust is done through the COT build option:
> make COT=dualroot
Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e
Signed-off-by: S
cert_create: Define the dualroot CoT
Selection of the chain of trust is done through the COT build option:
> make COT=dualroot
Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
show more ...
|