Merge changes from topic "mb/misc-fixes" into integration

* changes:
docs: fix typos in cot binding
fix(drtm): return proper values for DRTM get and set error SMCs
fix(tools): update the fipto

Merge changes from topic "mb/misc-fixes" into integration

* changes:
docs: fix typos in cot binding
fix(drtm): return proper values for DRTM get and set error SMCs
fix(tools): update the fiptool and certtool to fix POSIX build

show more ...

fix(tools): update the fiptool and certtool to fix POSIX build

This patch fixes below issue raised:

https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/8
https://github.com/TrustedFirmwa

fix(tools): update the fiptool and certtool to fix POSIX build

This patch fixes below issue raised:

https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/8
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/9
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/10

Change-Id: I521bf7410535ffe49198789ba183cc401b3b88a0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes Ida537d4c,Ieda75bba into integration

* changes:
build(encrypt-fw): don't generate `build_msg.c`
build(cert-create): don't generate `build_msg.c`

build(cert-create): don't generate `build_msg.c`

This change avoids generating a build message source file on the shell,
instead using the `__DATE__` and `__TIME__` macros directly.

Change-Id: Ieda

build(cert-create): don't generate `build_msg.c`

This change avoids generating a build message source file on the shell,
instead using the `__DATE__` and `__TIME__` macros directly.

Change-Id: Ieda75bbac174847c716701bce8dd10b8e9975902
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "fix(cert-create): add guardrails around brainpool usage" into integration

fix(cert-create): add guardrails around brainpool usage

OpenSSL has brainpool support only since version 1.1.0, make sure we
put a proper guardrail around it.

Change-Id: Ia2ee686904ed80699f77b1da95

fix(cert-create): add guardrails around brainpool usage

OpenSSL has brainpool support only since version 1.1.0, make sure we
put a proper guardrail around it.

Change-Id: Ia2ee686904ed80699f77b1da953546ab7538ec37
Signed-off-by: Donald Chan <donachan@tesla.com>

show more ...

Merge "fix(cert-create): fix key loading logic" into integration

fix(cert-create): fix key loading logic

When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. Howev

fix(cert-create): fix key loading logic

When key_load() attempts to load the key from a file and it fails to
open this file, the 'err_code' output argument is set to
'KEY_ERR_OPEN' error code. However, it is incorrectly overwritten
later on with 'KEY_ERR_NONE' or 'KEY_ERR_LOAD'.

The latter case messes up with the key creation scenario. The
'KEY_ERR_LOAD' error leads the tool to exit, when it should attempt to
create the said key file if invoked with the --new-keys/-n option.

Note that, to complicate matters further, which of 'KEY_ERR_OPEN' or
'KEY_ERR_NONE' values is returned by key_load() depends on the version
of OpenSSL in use:

- If using v3+, KEY_ERROR_LOAD is returned.

- If using <v3, KEY_ERROR_NONE is returned as a result of the key
pair container being initialized by key_new().

This patch fixes this bug and also takes the opportunity to refactor
key_load() implementation to (hopefully) make it more straight-forward
and easier to reason about.

Fixes: 616b3ce27d9a "feat(cert-create): add pkcs11 engine support"
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reported-by: Wenchen Tan <xtaens@qq.com>
Change-Id: Ia78ff442e04c5ff98e6ced8d26becbd817a8ccb7

show more ...

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools

Merge changes from topic "stm32mp1-trusted-boot" into integration

* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13

show more ...

feat(cert-create): update for ECDSA brainpoolP256r/t1 support

Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.

Change-Id: I6e80014469706

feat(cert-create): update for ECDSA brainpoolP256r/t1 support

Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.

Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...

Merge "tools: cert_create: Create only requested certificates" into integration

Merge "cert-tool: avoid duplicates in extension stack" into integration

cert-tool: avoid duplicates in extension stack

This bug manifests itself as a segfault triggered by a double-free.

I noticed that right before the double-free, the sk list contained 2
elements with

cert-tool: avoid duplicates in extension stack

This bug manifests itself as a segfault triggered by a double-free.

I noticed that right before the double-free, the sk list contained 2
elements with the same address.

(gdb) p sk_X509_EXTENSION_value(sk, 1)
$34 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_value(sk, 0)
$35 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_num(sk)
$36 = 2

This caused confusion; this should never happen.

I figured that this was caused by a ext_new_xxxx function freeing
something before it is added to the list, so I put a breakpoint on
each of them to step through. I was suprised to find that none of my
breakpoints triggered for the second element of the iteration through
the outer loop just before the double-free.

Looking through the code, I noticed that it's possible to avoid doing
a ext_new_xxxx, when either:
* ext->type == NVCOUNTER and ext->arg == NULL
* ext->type == HASH and ext->arg == NULL and ext->optional == false
So I put a breakpoint on both.

It turns out that it was the HASH version, but I added a fix for both.
The fix for the Hash case is simple, as it was a mistake. The fix for
the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
be optional, and when it's optional we can skip it. The other case,
when the NVCOUNTER is required (not optinal), the `check_cmd_params`
function has already verified that the `ext->arg` must be non-NULL.
We assert that before processing it to covert any possible segfaults
into more descriptive errors.

This should no longer cause double-frees by adding the same ext twice.

Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

show more ...

tools: cert_create: Create only requested certificates

The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the

tools: cert_create: Create only requested certificates

The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the command line parameters.

Code is optimized to avoid unnecessary attempts to create
non-requested certificates.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2

show more ...

Merge changes from topic "certtool-memleak" into integration

* changes:
Use preallocated parts of the HASH struct
Free arguments copied with strdup
Free keys after use
Free X509_EXTENSIONs

Free arguments copied with strdup

Change-Id: I0ad9620145c2a9c4450b9bf20cd1f70c9db6593c
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

Free keys after use

Change-Id: I16ba4420ffeb9aa439e0a09a1b34d2aba2e1eb6e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

Free X509_EXTENSIONs

Previously, we would leak these extensions as they are not freed by the
stack. An except from the `sk_TYPE_free` documentation:

sk_TYPE_free() frees up the sk structure. It

Free X509_EXTENSIONs

Previously, we would leak these extensions as they are not freed by the
stack. An except from the `sk_TYPE_free` documentation:

sk_TYPE_free() frees up the sk structure. It does not free up any
elements of sk. After this call sk is no longer valid.

The fix is to drain the stack and free its elements before freeing the
stack. sk_TYPE_pop_free does this, so we use that instead.

Change-Id: Ie70c302f9dda5af1a7243f163d36e99916ee639c
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

show more ...

Merge changes from topic "sb/select-cot" into integration

* changes:
Introduce COT build option
cert_create: Remove references to TBBR in common code
cert_create: Introduce COT build option

Merge changes from topic "sb/select-cot" into integration

* changes:
Introduce COT build option
cert_create: Remove references to TBBR in common code
cert_create: Introduce COT build option
cert_create: Introduce TBBR CoT makefile

show more ...

cert_create: Remove references to TBBR in common code

In preparation of supporting alternate chains of trust, reword comments
and error messages that explicitly mentioned TBBR.

Change-Id: I85a0b08e

cert_create: Remove references to TBBR in common code

In preparation of supporting alternate chains of trust, reword comments
and error messages that explicitly mentioned TBBR.

Change-Id: I85a0b08e16d0cd82f3b767fcc092d1f20f45939f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge "cert_create: Remove some unused header files inclusions" into integration

cert_create: Remove some unused header files inclusions

The chain of trust definitions are only needed in the part of the code
dealing with the TBBR CoT (tbbr/* files).

Change-Id: I6f9a86bba4a2d163

cert_create: Remove some unused header files inclusions

The chain of trust definitions are only needed in the part of the code
dealing with the TBBR CoT (tbbr/* files).

Change-Id: I6f9a86bba4a2d16313b6842a3ec85b7c951074bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge changes from topic "jc/rsa-pkcs" into integration

* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA

Merge changes from topic "jc/rsa-pkcs" into integration

* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS

show more ...