aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
9 daysCC3XX: Add ECDH entry point for raw key agreementAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I3302197995e467a6d3fa3e161fde72d68057f3df
9 daysCC3XX: Compute shared secret following SEC1 paragraph 3.3.1Antonio de Angelis
Add an API in the EC module to compute a shared secret following the description available in SEC1 paragraph 3.3.1, leveraging the scalar / point multiplication primitives Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ib45cf8a23ae37c792870fd6f71f18b20d0c2e9b4
9 daysCC3XX: Add ECDSA entry points for sign/verifyAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I7e08b616ddc76233b49588a4487bb9773bb22da8
9 daysRSE: Reduce required networkx versionRaef Coles
To ensure compatibility with Python 3.8 Change-Id: Id5832400e9df8abbf330859d94927499f06389ae Signed-off-by: Raef Coles <raef.coles@arm.com>
9 daysBuild: Add TF-M sanitization build optionRaef Coles
Change-Id: I6b9714930e54a2e39cac807e4cc01b1f024ba3e2 Signed-off-by: Raef Coles <raef.coles@arm.com>
10 daysDocs: Update the list of MaintainersAnton Komlev
and sort it alphabetically. Signed-off-by: Anton Komlev <anton.komlev@arm.com> Change-Id: I99aeebd57db78e8cbad141c01834b20ecd4f261d
10 daysRSE: Split ROM library relocation support configRaef Coles
Split into two separate config options, one to support copying the ROM library into SRAM and one to actually enable the option. Change-Id: I040f3b4c87e8de733a0d947f97f4f8e4ae9e187e Signed-off-by: Raef Coles <raef.coles@arm.com>
10 daysRSE: Fix warnings in CC3XX KMU loaderRaef Coles
Also, remove erroneous debug while loops Change-Id: I6b68039ee3532418de1292a3df88b5239613562e Signed-off-by: Raef Coles <raef.coles@arm.com>
10 daysRSE: Enable VM0/VM1 cacheRaef Coles
In order to prevent partial access errors parity errors Change-Id: I1ef56cbfadbc03b2678e8a7e4301b22137e65c0b Signed-off-by: Raef Coles <raef.coles@arm.com>
10 daysCC3XX: Enable cache-awareness in CC3XX DMARaef Coles
Flush cache data before inputting or outputting via the DMA Change-Id: Ia72f32b2bb55b1a6062de06346ea75d687b7c887 Signed-off-by: Raef Coles <raef.coles@arm.com>
10 daysRSE: Setup TRAM key in secure provisioning modeRaef Coles
Change-Id: Ic0062610da5ccdd082b7f7d42c2e168d87ef1939 Signed-off-by: Raef Coles <raef.coles@arm.com>
13 daysMailbox: Return status from agent psa close callsJamie Fox
Changes the agent_psa_close() and tfm_rpc_psa_close() functions to return the error status returned from the SPM. Even though the psa_close() API does not return an error value, the SPM functions can fail due to a programmer error (invalid handle or partition not idle). As the caller is NS, the programmer error is returned by SPM rather than blocking execution. This patch propagates the returned error to the mailbox implementation, which makes it possible to send an immediate reply to the mailbox caller, as no asynchronous reply will be received for these failed calls. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I73689123000a9e357effe0b4522223e9f4338c76
13 daysSPM: Remove duplicate check from PSA Close implementationJamie Fox
Removes the check that the connection status is not "active" from spm_psa_close_client_id_associated(), because spm_get_connection() already makes the more specific check that the connection status is equal to "idle". Rename spm_get_connection() and spm_init_connection() to spm_get_idle_connection() and spm_init_idle_connection() respectively to make it clear that these functions always return idle connections if successful. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: Iec7f457d306b8d94a7022da92611f3c2760f7eca
13 daysSPM: Add debug assert to tfm_pool_free() functionJamie Fox
Adds an assert that the pointer being freed is a valid chunk in the pool to tfm_pool_free(). This will trap invalid calls to the function in debug builds, making it more obvious if there is a bug. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: If0c77ae6f772c33178fc1b0513048308a6700ce4
13 daysSPM: Add allocation state bookkeeping to pool allocatorJamie Fox
Changes the pool allocator to keep track of the allocation state of each chunk. Adds a check of allocation state to the is_valid_chunk_data_in_pool() function so that callers are checking that a pointer is a chunk in the pool and that it is currently allocated. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I7c9585e7afcecca5edf90e132501b72f969b4d22
13 daysBL1: Mark functions as not staticJamie Fox
Remove static from functions called by the BL1 tests, to fix build error when the tests are enabled. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I4f13bf513941b75b7c49bbe7cfe0cc91cb3432d4
13 daysBL2: reduce the amount of copied provisioning dataDavid Vincze
Reduce the amount of copied provisioning data, following the pattern started in: 6c917016fe826a24f1f900e2bf31a5cff40d8fa5 Change-Id: I5305f19f108c850d8bc057f601eb5508b476ee5f Signed-off-by: David Vincze <david.vincze@arm.com>
13 daysCC3XX: Add ECDSA entry points for public key export and key generationAntonio de Angelis
Add ECDSA to the export_public_key entry point which accelerates the translation from private to public (i.e. multiplies the private key with the Generator point of the curve). Also add the entry point for ECDSA private key generation acceleration. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I0d5419ee8b4c50d6b75260f54168cc8b33edd6f9
2024-03-14RSE: add generic sic boot functionalityAnubhav Raina
The `sic_boot_post_load` and `sic_boot_pre_quit` functions are coupled closely to `host_flash_atu` which breaks compilation when `RSE_XIP=1` but `RSE_USE_HOST_FLASH=0`. This change introduces generic secure i-cache setup and enable functions and hides the existing functions behind `RSE_USE_HOST_FLASH`. Signed-off-by: Anubhav Raina <anubhav.raina@arm.com> Change-Id: I0dfe6df21d8ef4a642a9e5dc83fa52bf57d15ccb
2024-03-14BL2: fix unused variable warning in mainAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I2a2b75076d4c1c7c282ed1fc2460a777fde8caa3
2024-03-14CC3XX: Align doxygen style delimiterAntonio de Angelis
Add a few missing doxygen comments on typedefs Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I9373a342da7e828f01fb383162dfcf56edfd5a6a
2024-03-14CC3XX: Minor refactor of EC moduleAntonio de Angelis
* Add a getter function for the modulus_size given the curve * Correctly call the lowlevel_ec_uninit function instead of pka Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I27881dc198fd0ae9b67b38c8bfc4ca0952cd4202
2024-03-13BL1: Fix crypto_mbedcrypto cmake errorBence Balogh
After the cmake_minimum_required bump this warning was escalated to a configuration error. Change-Id: I1bebdcd2667fc28a02f489d9cc85045e38e34b64 Signed-off-by: Bence Balogh <bence.balogh@arm.com>
2024-03-13Build: Fix CMSIS path for local repoJamie Fox
Fixes the path used for installing CMSIS files so that it works correctly when a local CMSIS_PATH is supplied rather than using the automatic clone. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I05ff769f29ef3cc0eb7613acfd31bda1fc0e4ceb
2024-03-12SPM: Move RPC message check definition into spm.hXinyu Zhang
It belongs to SPM's scope to check if the connection message is for RPC request. Also, the check function is renamed to "tfm_spm_is_rpc_msg()". Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: I305d12ce0ee56d6c84b9618e7fa1ff093bd83f5b
2024-03-12build: support multiple shared symbol listsAnubhav Raina
Allows `target_share_symbols` macro to accept a list of symbol files Signed-off-by: Anubhav Raina <anubhav.raina@arm.com> Change-Id: I2402aaa4be15def1d837ab58cfddb5682f651a9a
2024-03-12SPM: Assign valid PID to agent partitionsSherry Zhang
According to FF-M, partition ID should be a positive value. The agent partitions should also follow that. Also there can be usage cases that the psa_notify() is used to trigger the agent partitions. That also requires the PID to be a positive value. Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com> Change-Id: Ic9b1ef7caabb67eb9fca464b6e766be1c6a68381
2024-03-12CC3XX: Use size_t to return size in ECDSA sign APIAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I16d722581c3f1106114716c4c42f2eea75c14053
2024-03-12build: Fix CS300, CS310 and CS315 build issuesDávid Házi
* CMSIS6 update and cmake version bump introduced some build issues in the Corstone platforms Adding the right includes and build flags are solved the issues. Signed-off-by: Dávid Házi <david.hazi@arm.com> Change-Id: Iad972a3a636281cb01e892b15dda2fe5d247f35a
2024-03-12build: Fix signing issueDávid Házi
After the cmake_minimum_required bump custom targets output files get interpreted wrong. If we use absolute paths to the generated binaries the issue does not occur. Signed-off-by: Dávid Házi <david.hazi@arm.com> Change-Id: Ic31062a5343df2354e33d6bad53d0c10c72b7e68
2024-03-11RSE: Change TFM_PARTITION_MEASURED_BOOT to CACHEDavid Vincze
Change TFM_PARTITION_MEASURED_BOOT back to a CMake CACHE variable (it was changed in f57c6a7 [1]) to be aligned with rest of the TFM_PARTITION_* variables to allow user configurability. [1]: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=f57c6a73e0aa50b36c75de3c96bda65d44f44c6b Change-Id: I7f93361cd78d69bde84293bacb9f8a36cab45aed Signed-off-by: David Vincze <david.vincze@arm.com>
2024-03-11RSE: TC: Enable DPE partitionDavid Vincze
- Add DPE to TFM_ATTESTATION_SCHEME as a new option - Select the DPE attestation scheme (enable the DICE Protection Environment partition) on TC platform by default - When DPE partition is enabled: 1. Use 256-bit IAK; this can be reverted when 384-bit EC key support is available in DPE 2. Enable the usage of the SDS driver (required for DPE) Change-Id: I0c896ad8006954ca6ec21711be766c3cd365df59 Signed-off-by: David Vincze <david.vincze@arm.com>
2024-03-11RSE: Introduce TFM_ATTESTATION_SCHEME in the build configDavid Vincze
Introduce new TFM_ATTESTATION_SCHEME common option in the build config on RSE. The goal of this new option is to group the different settings and make it easier to choose between the different attestation schemes. Change-Id: Ie3cc2737e128186d90258b27f41e699f5d650a33 Signed-off-by: David Vincze <david.vincze@arm.com>
2024-03-11Docs: Add link to ADAC doc from RSEJamie Fox
Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I5d8b7f949bfb8d1590cf996bc8f65893db8da551
2024-03-09Build: Set install messages policy to lazyAntonio de Angelis
This allows to avoid printing Up-to-date messages when installing files at the end of the SPE build, hence reduces flooding of the build output keeping only the Installing relevant messages, especially on incremental rebuilds. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Iec793795dfc9d5dffab73e451c1ba49683989790
2024-03-08RSE: Use GOT from ROM initiallyRaef Coles
Simplifying the GOT setup. Remove the r9 set from the stub as it isn't needed. Change-Id: I230263c8e13a9262d2fdf88c16a2b58adcee62ff Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Correct slot IDs in crypto key loadingRaef Coles
Change-Id: If25f6c79aa797bd72ac7446bbb53d44bacc8bde4 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Change TRAM key slot to 7Raef Coles
Change-Id: I34609e508d43426467142e29576ab53279daca26 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Update DMA ICSRaef Coles
Use preferred memory types in transfers to/from VM0. Disable DMA program auto executing on boot after first boot. Correct default DCU value. Change-Id: I0ec3a2c6e8e87c2cfbf554301a206e6b68ac9766 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Fix TRAM enable register address in DMA ICSRaef Coles
Change-Id: I2bd0bd4469d108a1ddf17eab5b9f879682e920df Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Enable mask refreshing on KMU keyslotsRaef Coles
Change-Id: Ic2fe2b01ce0f9d31dd999e1ddd85ee797180ce77 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Move TRAM enablement initial stackRaef Coles
To avoid a collision with the CM bundle area. Set up the MSPLIM register to prevent overflow in the initial stack. Change-Id: Ic7c03296691314cd2e1a22fd167ed6081e8ba553 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08RSE: Replace SCP data with manufacturing dataRaef Coles
Added RSE_HAS_MANUFACTURING_DATA option. Removed option to provision data. Added integrity value and check on startup. Altered layout so that manufacturing data can be resized on provisioning. Change-Id: I3d1188648209bcf2533f9b75a628b45c16b52d51 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08Platform: Add boot recovery mode HAL functionRaef Coles
Allows platforms to perform a recovery action in the case that an image fails to validate. Change-Id: I8c484b46234753185b299fec2691d9f09fa748fc Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-08cleanup: Remove executable permission from *.c, *.h and *.txt filesDávid Házi
Signed-off-by: Dávid Házi <david.hazi@arm.com> Change-Id: I1d4844ec1f2d3b13951431c033374992fc5fe30a
2024-03-08docs: Add MPS4 as maintained platformDávid Házi
Signed-off-by: Dávid Házi <david.hazi@arm.com> Change-Id: I99b441f3273a66cee75bb92f77953f1d6e55f861
2024-03-07CC3XX: Suppress warnings in EC related modulesAntonio de Angelis
* Unused static functions * Unused label Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I8ff00aa242d150603de562cf14c3aedb3985a52b
2024-03-07CC3XX: Fix erroneously renamed functionRaef Coles
Change-Id: Iecfb438e4293c72bdd851a68b873ff9af1d796f7 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-06RSE: Improve provisioning toolingRaef Coles
Change-Id: I0df3ca7b2ff2e5353d746e0baf12139b75eca950 Signed-off-by: Raef Coles <raef.coles@arm.com>
2024-03-06RSE: Generalize handshakeRaef Coles
So it can be used for any number of RSSes Change-Id: Ie217ade1e20b053026e6dafb887734ddb564a28b Signed-off-by: Raef Coles <raef.coles@arm.com>