Page MenuHomePhabricator

TF-A QuestionTag
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Mar 27 2020

userid0x0 updated the task description for T698: Page alignment / Debug symbols.
Mar 27 2020, 4:39 PM · TF-A Question, Trusted Firmware A
userid0x0 created T698: Page alignment / Debug symbols.
Mar 27 2020, 4:34 PM · TF-A Question, Trusted Firmware A

Mar 24 2020

sandrine-bailleux-arm added a comment to T688: Get access to the private keys created by the cert_create.

Sorry if it wasn't clear in my original answer, the SAVE_KEYS=1 option (and friends) must be passed on the command line when you build the firmware, not the cert_create tool itself. The tool has no built-in knowledge of which keys it should use, instead it is told so when it is invoked.

Mar 24 2020, 1:25 PM · TF-A Question

Mar 19 2020

tannoa2 added a comment to T688: Get access to the private keys created by the cert_create.

Hi @sandrine-bailleux-arm, where do the PEM files go? Because I still can't find them.

Mar 19 2020, 7:01 PM · TF-A Question
tannoa2 added a comment to T688: Get access to the private keys created by the cert_create.

Thanks a lot @sandrine-bailleux-arm for the input. I will try it now.

Mar 19 2020, 6:00 PM · TF-A Question

Mar 18 2020

sandrine-bailleux-arm added a comment to T688: Get access to the private keys created by the cert_create.

By default, the cert_create tool creates temporary keys that it keeps in RAM just to sign the certificates. These keys are not stored in files on the disk and are thus discarded after the tool exits.
If you want to save them, please have a look at the SAVE_KEYS build option. In your case, adding SAVE_KEYS=1 NON_TRUSTED_WORLD_KEY=ntw.key BL31_KEY=bl31.key to your command line should do what you want. You'll get the private keys in PEM format I believe, from which you can generate the associated public keys using the openssl tool (or equivalent) if needed.

Mar 18 2020, 1:32 PM · TF-A Question

Mar 17 2020

tannoa2 updated the task description for T688: Get access to the private keys created by the cert_create.
Mar 17 2020, 7:58 PM · TF-A Question
tannoa2 created T688: Get access to the private keys created by the cert_create.
Mar 17 2020, 7:33 PM · TF-A Question

Mar 3 2020

liuyunli assigned T680: uefi-build.sh was deleted, need update the script to leiflindholm.
Mar 3 2020, 3:37 AM · TF-A Question, Trusted Firmware A

Mar 2 2020

liuyunli triaged T680: uefi-build.sh was deleted, need update the script as High priority.
Mar 2 2020, 9:38 AM · TF-A Question, Trusted Firmware A

Feb 27 2020

Raincode closed T675: [Question] Configuring GICv3 from TF-A driver in BL31 as Wontfix.
Feb 27 2020, 2:56 PM · TF-A Question

Feb 26 2020

Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 26 2020, 3:16 PM · TF-A Question
Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 26 2020, 12:38 PM · TF-A Question

Feb 25 2020

Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 25 2020, 12:18 PM · TF-A Question
Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 25 2020, 11:59 AM · TF-A Question
Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 25 2020, 10:00 AM · TF-A Question
Raincode renamed T675: [Question] Configuring GICv3 from TF-A driver in BL31 from [Question] Configuring GICv3 from TF-A driver to [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 25 2020, 7:44 AM · TF-A Question

Feb 24 2020

Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 24 2020, 12:38 PM · TF-A Question
Raincode raised the priority of T675: [Question] Configuring GICv3 from TF-A driver in BL31 from Normal to Needs Triage.
Feb 24 2020, 12:31 PM · TF-A Question

Feb 19 2020

Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 19 2020, 9:06 AM · TF-A Question
Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 19 2020, 9:00 AM · TF-A Question
Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 19 2020, 9:00 AM · TF-A Question

Feb 17 2020

Raincode updated the task description for T675: [Question] Configuring GICv3 from TF-A driver in BL31.
Feb 17 2020, 3:20 PM · TF-A Question
Raincode triaged T675: [Question] Configuring GICv3 from TF-A driver in BL31 as Normal priority.
Feb 17 2020, 3:18 PM · TF-A Question

Feb 15 2020

rickdic closed T632: End-of-interrupt (EOI) handling is missing for RAS interrupts as Resolved.
Feb 15 2020, 10:01 PM · TF-A Question, Trusted Firmware A

Jan 15 2020

caihuali95 created T648: How to trap/route unallocated instruction exception to EL3.
Jan 15 2020, 4:07 PM · TF-A Question

Jan 7 2020

soby-mathew added a comment to T632: End-of-interrupt (EOI) handling is missing for RAS interrupts.

HI Rickdic,
Could you please send this query to the TF-A mailing list ?

Jan 7 2020, 11:10 AM · TF-A Question, Trusted Firmware A

Dec 24 2019

odeprez added a comment to T632: End-of-interrupt (EOI) handling is missing for RAS interrupts.

I'm not too much versed into RAS error handling, so please take my explanation below with care.
I suggest you send the question to the TF-A ML to get more sensible insights.

Dec 24 2019, 10:50 AM · TF-A Question, Trusted Firmware A

Dec 23 2019

rickdic created T632: End-of-interrupt (EOI) handling is missing for RAS interrupts.
Dec 23 2019, 6:32 PM · TF-A Question, Trusted Firmware A

Dec 20 2019

shitalt added a comment to T624: Why are the log related macros defined in multiple of 10's.

I'll post this question to mailing list as suggested.

Dec 20 2019, 2:26 PM · TF-A Question
sandrine-bailleux-arm added a comment to T624: Why are the log related macros defined in multiple of 10's.

I am not aware of any specific reason for LOG_LEVEL values being multiple of 10's. I guess at the time we thought we should leave room in between values, just in case we'd like to add more intermediate values in the future. In the end, I think it proved unnecessary but it stayed like that. I don't foresee the need for more log levels today so IMHO it would be OK to change their values to 1,2,3 and so on, as you suggested.

Dec 20 2019, 8:34 AM · TF-A Question

Dec 19 2019

sandrine-bailleux-arm closed T464: TF-A artifacts as Resolved.
Dec 19 2019, 12:19 PM · TF-A Question, Trusted Firmware A
shitalt updated subscribers of T624: Why are the log related macros defined in multiple of 10's.
Dec 19 2019, 10:51 AM · TF-A Question
shitalt added a comment to T624: Why are the log related macros defined in multiple of 10's.

If we set the LOG macros to 1,2,3 so on, we can avoid the mod and division operation when printing the msg to console.

Dec 19 2019, 10:50 AM · TF-A Question
shitalt created T624: Why are the log related macros defined in multiple of 10's.
Dec 19 2019, 10:24 AM · TF-A Question

Oct 2 2019

hzhuang1 added a comment to T498: Fail to configure email address in gerrit.

Hi Haojian,

I have the same problem.
Can you please share the solution you got from maintainer?

Oct 2 2019, 12:33 AM · TF-A Question

Oct 1 2019

semihalf-biernacki-radoslaw added a comment to T498: Fail to configure email address in gerrit.

Hi Haojian,

Oct 1 2019, 2:25 PM · TF-A Question

Sep 18 2019

hzhuang1 closed T498: Fail to configure email address in gerrit as Resolved.

Hi Sandrine,

Sep 18 2019, 12:16 PM · TF-A Question
sandrine-bailleux-arm added a watcher for TF-A Question: sandrine-bailleux-arm.
Sep 18 2019, 11:39 AM
sandrine-bailleux-arm added a comment to T498: Fail to configure email address in gerrit.

Could you please elaborate on your issue? How are you trying to configure your email address in Gerrit? Are you doing it from the user settings page? Do you have no email address registered on Gerrit at all or are you trying to add a secondary one? When is the error 422 showing?

Sep 18 2019, 11:16 AM · TF-A Question

Sep 17 2019

hzhuang1 added a comment to T388: Hikey960 problem reading FIP.

Hi David,

Sep 17 2019, 8:41 AM · TF-A Question, Trusted Firmware A
DavidMCerdeira added a comment to T388: Hikey960 problem reading FIP.

Hi there!

Sep 17 2019, 8:37 AM · TF-A Question, Trusted Firmware A
hzhuang1 created T498: Fail to configure email address in gerrit.
Sep 17 2019, 4:46 AM · TF-A Question
hzhuang1 claimed T388: Hikey960 problem reading FIP.

Hi David,

Sep 17 2019, 4:42 AM · TF-A Question, Trusted Firmware A

Sep 10 2019

sandrine-bailleux-arm added a comment to T464: TF-A artifacts.

So, just to be clear: Imagine a scenario with two devices - one I made (I know the keys and code on BL1) and another one that some malicious user cloned (he signed with his own keys). My device will have a Root of Trust in BL1 based on my hardware and the keys I own. The second device also has a BL1 but that image was signed by someone I don't trust. In the end, both devices will boot up successfully because they are based on each individual Chain of Trust but there's no way a third party (i.e. remote attestation server) can know the difference between the malicious device and my device solely relying on Verified Boot, right?

Sep 10 2019, 7:31 AM · TF-A Question, Trusted Firmware A

Sep 9 2019

vivinamartins16 added a comment to T464: TF-A artifacts.

Verified boot in itself already proves the boot integrity of all firmware images from BL1 up to BL33.

BL1 is the root of trust and cannot be tampered with, as it is hardware-protected. All other BL image are signed and their signature is verified before they get executed: BL1 verifies the signature of BL2, and BL2 does the same for all subsequent BL3x images. If one of the signatures is invalid then TF-A refuses to execute the corresponding image. This is treated as a fatal error that the firmware cannot recover from and the platform will typically panic in this case.

Sep 9 2019, 4:42 PM · TF-A Question, Trusted Firmware A
sandrine-bailleux-arm added a comment to T464: TF-A artifacts.

Sorry, I completely missed your point at first!

Sep 9 2019, 3:08 PM · TF-A Question, Trusted Firmware A

Sep 6 2019

vivinamartins16 added a comment to T464: TF-A artifacts.

Hi vivina,

Hi @soby-mathew !

Sep 6 2019, 5:46 PM · TF-A Question, Trusted Firmware A

Sep 5 2019

soby-mathew added a comment to T464: TF-A artifacts.

Hi vivina,
Are you thinking something similar to measured boot ?
The TF-A implements what is called verified boot. Found a good description for difference between verified and measured boot here:
https://forums.juniper.net/t5/Security/What-s-the-Difference-between-Secure-Boot-and-Measured-Boot/ba-p/281251

Sep 5 2019, 2:20 PM · TF-A Question, Trusted Firmware A

Aug 7 2019

vivinamartins16 added a comment to T464: TF-A artifacts.

Thanks Sandrine!

Aug 7 2019, 6:05 PM · TF-A Question, Trusted Firmware A