Trusted Firmware AProject
ActivePublic

Recent Activity

Tue, Sep 17

hzhuang1 added a comment to T388: Hikey960 problem reading FIP.

Hi David,

Tue, Sep 17, 8:41 AM · TF-A Question, Trusted Firmware A
DavidMCerdeira added a comment to T388: Hikey960 problem reading FIP.

Hi there!

Tue, Sep 17, 8:37 AM · TF-A Question, Trusted Firmware A
hzhuang1 claimed T388: Hikey960 problem reading FIP.

Hi David,

Tue, Sep 17, 4:42 AM · TF-A Question, Trusted Firmware A

Wed, Sep 11

petretudor-arm added a comment to T463: Using ROM Lib.

I don't know what options you tried to build with, but I managed to build with the ROMLIB feature for the FVP platform. I will post everything I did here, hoping it will be of some use to you.
I used the following command to build:

MBEDTLS_DIR=<path_to_mbedtls> make ARM_ROTPK_LOCATION=devel_rsa CROSS_COMPILE=<path_to_cross_compiler(aarch64)> GENERATE_COT=1 PLAT=fvp ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem TRUSTED_BOARD_BOOT=1 USE_ROMLIB=1  DEBUG=1 fiptool all

The cross-compiler I used is GCC 8.3 for AArch64 ELF bare-metal target. You can get it from here:
https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads

Wed, Sep 11, 3:02 PM · Trusted Firmware A, TF-A Bug

Tue, Sep 10

sandrine-bailleux-arm added a comment to T464: TF-A artifacts.

So, just to be clear: Imagine a scenario with two devices - one I made (I know the keys and code on BL1) and another one that some malicious user cloned (he signed with his own keys). My device will have a Root of Trust in BL1 based on my hardware and the keys I own. The second device also has a BL1 but that image was signed by someone I don't trust. In the end, both devices will boot up successfully because they are based on each individual Chain of Trust but there's no way a third party (i.e. remote attestation server) can know the difference between the malicious device and my device solely relying on Verified Boot, right?

Tue, Sep 10, 7:31 AM · TF-A Question, Trusted Firmware A

Mon, Sep 9

vivinamartins16 added a comment to T464: TF-A artifacts.

Verified boot in itself already proves the boot integrity of all firmware images from BL1 up to BL33.

BL1 is the root of trust and cannot be tampered with, as it is hardware-protected. All other BL image are signed and their signature is verified before they get executed: BL1 verifies the signature of BL2, and BL2 does the same for all subsequent BL3x images. If one of the signatures is invalid then TF-A refuses to execute the corresponding image. This is treated as a fatal error that the firmware cannot recover from and the platform will typically panic in this case.

Mon, Sep 9, 4:42 PM · TF-A Question, Trusted Firmware A
sandrine-bailleux-arm added a comment to T464: TF-A artifacts.

Sorry, I completely missed your point at first!

Mon, Sep 9, 3:08 PM · TF-A Question, Trusted Firmware A

Fri, Sep 6

vivinamartins16 added a comment to T464: TF-A artifacts.

Hi vivina,

Hi @soby-mathew !

Fri, Sep 6, 5:46 PM · TF-A Question, Trusted Firmware A
akshaynkulkarni added a member for Trusted Firmware A: akshaynkulkarni.
Fri, Sep 6, 1:07 PM

Thu, Sep 5

soby-mathew added a comment to T464: TF-A artifacts.

Hi vivina,
Are you thinking something similar to measured boot ?
The TF-A implements what is called verified boot. Found a good description for difference between verified and measured boot here:
https://forums.juniper.net/t5/Security/What-s-the-Difference-between-Secure-Boot-and-Measured-Boot/ba-p/281251

Thu, Sep 5, 2:20 PM · TF-A Question, Trusted Firmware A

Tue, Sep 3

sandrine-bailleux-arm edited the content of Getting started: Contributing TF-A patches on www.trustedfirmware.org.
Tue, Sep 3, 6:31 AM · Trusted Firmware A

Aug 13 2019

joannafarley-arm moved T290: Example task/Issue 2 from In Progress to Closed on the Trusted Firmware A board.
Aug 13 2019, 8:32 AM · TF-A General, Trusted Firmware A
joannafarley-arm closed T290: Example task/Issue 2 as Resolved.
Aug 13 2019, 8:32 AM · TF-A General, Trusted Firmware A

Aug 7 2019

vivinamartins16 added a comment to T464: TF-A artifacts.

Thanks Sandrine!

Aug 7 2019, 6:05 PM · TF-A Question, Trusted Firmware A
sandrine-bailleux-arm added a comment to T464: TF-A artifacts.

Hi Viviane,

Aug 7 2019, 2:57 PM · TF-A Question, Trusted Firmware A
vivinamartins16 created T464: TF-A artifacts.
Aug 7 2019, 12:33 PM · TF-A Question, Trusted Firmware A
neil-jones-work removed a project from T463: Using ROM Lib: TF-A General.
Aug 7 2019, 11:44 AM · Trusted Firmware A, TF-A Bug
neil-jones-work added a project to T463: Using ROM Lib: Trusted Firmware A.
Aug 7 2019, 11:43 AM · Trusted Firmware A, TF-A Bug

Jul 25 2019

hansenboyi closed T395: support platform for rockchip px30 as Resolved.
Jul 25 2019, 9:32 AM · Trusted Firmware A

Jul 10 2019

soby-mathew added a comment to T418: Cryptocell Key Sizes.

Please email me at soby.mathew@arm.com

Jul 10 2019, 10:44 AM · Trusted Firmware A
neil-jones-work added a comment to T418: Cryptocell Key Sizes.

ARM Support have asked me not to post any Cryptocell code publicly.

Jul 10 2019, 10:00 AM · Trusted Firmware A
soby-mathew added a comment to T418: Cryptocell Key Sizes.

Hi Neil
The Cryptocell variant supported by TF-A is CC-712 which only has support for RSA 2048.

Jul 10 2019, 9:30 AM · Trusted Firmware A
neil-jones-work updated the task description for T418: Cryptocell Key Sizes.
Jul 10 2019, 9:17 AM · Trusted Firmware A
neil-jones-work updated the task description for T418: Cryptocell Key Sizes.
Jul 10 2019, 9:17 AM · Trusted Firmware A

Jul 9 2019

neil-jones-work added a project to T418: Cryptocell Key Sizes: Trusted Firmware A.
Jul 9 2019, 8:48 AM · Trusted Firmware A

Jun 24 2019

joannafarley-arm placed T267: platform support up for grabs.
Jun 24 2019, 5:41 PM · Trusted Firmware A, TF-A Question
joannafarley-arm reopened T267: platform support as "Open".

Reopening so it can be answered

Jun 24 2019, 5:39 PM · Trusted Firmware A, TF-A Question
joannafarley-arm closed T267: platform support as Resolved.

It’s better to create a task from scratch than edit the example task. Added back in TF-A project so it is shown on the project workbook with your question.

Jun 24 2019, 5:37 PM · Trusted Firmware A, TF-A Question

Jun 19 2019

sandrine-bailleux-arm edited the content of Getting started: Contributing TF-A patches on www.trustedfirmware.org.
Jun 19 2019, 6:26 AM · Trusted Firmware A

Jun 16 2019

joannafarley-arm added a project to T388: Hikey960 problem reading FIP: TF-A Question.
Jun 16 2019, 1:01 PM · TF-A Question, Trusted Firmware A
joannafarley-arm added a comment to T388: Hikey960 problem reading FIP.

Hi David, Sorry for the delay in replying.

Jun 16 2019, 1:00 PM · TF-A Question, Trusted Firmware A

Jun 13 2019

derrick-huang updated subscribers of T395: support platform for rockchip px30.
Jun 13 2019, 7:17 AM · Trusted Firmware A
derrick-huang added a comment to T395: support platform for rockchip px30.

Support platform for rockchip px30
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1253

Jun 13 2019, 7:13 AM · Trusted Firmware A
hansenboyi created T395: support platform for rockchip px30.
Jun 13 2019, 2:45 AM · Trusted Firmware A

Jun 12 2019

sivadur added a member for Trusted Firmware A: sivadur.
Jun 12 2019, 2:14 AM

May 31 2019

DavidMCerdeira created T388: Hikey960 problem reading FIP.
May 31 2019, 4:47 PM · TF-A Question, Trusted Firmware A
joannafarley-arm removed a watcher for Trusted Firmware A: antonio-nino-diaz-arm.
May 31 2019, 7:10 AM
joannafarley-arm removed a member for Trusted Firmware A: antonio-nino-diaz-arm.
May 31 2019, 7:10 AM
joannafarley-arm moved T334: Barrier in sprt_queue.c from Backlog to Closed on the Trusted Firmware A board.
May 31 2019, 7:07 AM · TF-A Question, Trusted Firmware A
joannafarley-arm moved T335: Bug in rdmem_attr_to_mmap_attr in spm_xlat.c from Backlog to Closed on the Trusted Firmware A board.
May 31 2019, 7:07 AM · TF-A Bug, Trusted Firmware A
joannafarley-arm moved T349: Test Task from Backlog to Closed on the Trusted Firmware A board.
May 31 2019, 7:07 AM · Trusted Firmware A
joannafarley-arm added a project to T267: platform support: Restricted Project.
May 31 2019, 7:02 AM · Trusted Firmware A, TF-A Question

May 28 2019

soby-mathew closed T334: Barrier in sprt_queue.c as Resolved.
May 28 2019, 1:17 PM · TF-A Question, Trusted Firmware A

May 21 2019

raghuncstate added a comment to T334: Barrier in sprt_queue.c.

Thanks guys! The dmbish() is not a huge deal. Just get a little nervous when i see barriers and don't completely understand why it is there. :)

May 21 2019, 10:14 PM · TF-A Question, Trusted Firmware A
soby-mathew added a comment to T334: Barrier in sprt_queue.c.

Ah, You are right. Having taken a look at it again, yes, the SP-> SPM communication is register based and this spm_response_add() is invoked by SPM to push to a buffer within EL3 (its not a shared buffer between different ELs). I suspect the shared buffer primitives were written with shared buffer scenario in mind and the current prototype implementation does not optimize it for the case when the buffer is within EL3.

May 21 2019, 9:03 PM · TF-A Question, Trusted Firmware A
raghuncstate added a comment to T334: Barrier in sprt_queue.c.

Thanks Paul, Soby.
spm_response_*() currently cannot invoked by any secure partition since the responses[] array is in EL3 space. Is this not the case ? or is it the expectation that the responses array will be mapped to secure EL0 some time in the future? I don't see how a secure partition can invoke spm_response_* other than through an SMC, in which case we are already in EL3 context and dont require the dmbish(), as Paul pointed. I understand your argument for sprt_queue_*, since they are invoked by EL3 and the secure partition.

May 21 2019, 4:33 PM · TF-A Question, Trusted Firmware A
soby-mathew added a comment to T334: Barrier in sprt_queue.c.

Who is the lockless reader for spm_response_add() and spm_response_get()?

May 21 2019, 3:23 PM · TF-A Question, Trusted Firmware A
pbeesley-arm added a comment to T334: Barrier in sprt_queue.c.

Apologies for the delay. I've had a look into the spm_buffers.c file and I understand your query is around the dmbish() that's performed shortly before releasing the lock in both spm_response_add() and spm_response_get().

May 21 2019, 1:57 PM · TF-A Question, Trusted Firmware A
pbeesley-arm updated subscribers of T334: Barrier in sprt_queue.c.
May 21 2019, 12:40 PM · TF-A Question, Trusted Firmware A

May 20 2019

sandeepbrcm added a member for Trusted Firmware A: sandeepbrcm.
May 20 2019, 3:08 AM