- Oct 08, 2019
-
-
Add option to reserve slot space when requesting a new slot. This is used to prevent scratch slot starvation when asking to write an object to the last available slot. Change-Id: I44394d41f164dc940ebcba225767af285c9089ab Signed-off-by:Raef Coles <raef.coles@arm.com>
-
Mark the mandatory claims as required in the attestation test suite to ensure PSA compliance - based on the new version (1.0 Alpha Release 2) of the PSA SM document. Change-Id: I3798d8bfec544e08be8bf80d233998937a84b3ce Signed-off-by:David Vincze <david.vincze@arm.com>
-
The signer ID claim was not copied to the shared data area when HW keys were used for image verification (that was because the key-hash TLV was not present in the image manifest). This patch provides a fix to write the signer ID to the shared data area when MCUBOOT_HW_KEY is set to True by retrieving the full public key from the image manifest and calculating its hash on-the-fly. Change-Id: I9e4b968a40ecaa21fd18b536525a569ad6539fd3 Signed-off-by: -
Add macros to define the range of RAM that should be used for executing images. Validate that images will be loaded inside this region before copying them. Change-Id: I75bb9ee5f8369856b2dc4870752ed3c6a0e5c716 Signed-off-by: -
Define IMAGE_EXECUTABLE_RAM_START and SIZE for the MUSCA-A. Document them in the readme. Change-Id: I60d7a4dfcdc766792720b0677a80149b9cad69d4 Signed-off-by: -
First load the image into RAM, and then perform hash and signature checks on the RAM image. Replaces verify then copy that was susceptible to the image being replaced between the operations. Use RAM image to generate boot record. Change-Id: I519cf0d5e2757791e9706008caf4098bfe5884c9 Signed-off-by: -
Shawn Shan authored
- Correct non-standard ASCII characters. - A leading character 'a' to 'A'. Change-Id: If018b0b31264eb914e54d51cb0f082805e06a87b Signed-off-by:Shawn Shan <shawn.shan@arm.com>
-
- Oct 07, 2019
-
-
Change-Id: Idc3bbc72096693b1f60abb027b7c60b7ee46ec74 Signed-off-by:Tamas Kaman <tamas.kaman@arm.com>
-
Jamie Fox authored
Updates the CMake files to make it possible to link against the PSA API tests for ITS and makes corresponding updates to the build instructions. Change-Id: Ic61788e7253be623cb5da1c2631ebc720be0892f Signed-off-by:Jamie Fox <jamie.fox@arm.com>
-
This patch adds the ITS secure and non-secure tests. It also modifies and adds the necessary CMake files to integrate the tests into the regression tests. Change-Id: Id5393f6da9867f1f1278d01ed080406e974122e4 Signed-off-by:Tudor Cretu <tudor.cretu@arm.com>
-
Implements the secure and non-secure top layer of the ITS service, including a new manifest file, and generates the required veneers. Updates the partition manifest with added SIDs. It also adds the necessary CMake files to build the ITS service. Change-Id: I6d66b01de56145d24a0bcbf0597ca158b6da3386 Signed-off-by: -
Copies the filesystem files from SST and modifies them to rename the symbols from ``sst`` to ``its`` and to update the implementation to be aligned with the latest version of the PSA Storage specs. Change-Id: If4e43b60be9e7fd3fbc161005c8947f252f4a457 Signed-off-by: -
Change the NS/S memory allocation to fit the ITS service. Change-Id: I55b4a321a2e0aebad9f53d91cb1bf41159e3e851 Signed-off-by: -
Adds the integration guide for the TF-M Internal Trusted Storage service. Changes the mention of ITS in the Secure Storage service. Change-Id: Ic95addcca2131d520e6a1ac57800721daec73587 Signed-off-by: -
Update the ITS doxygen documentation according to the PSA Storage API 1.0 pdf issued on 17/06/2019. Change-Id: If351627bb127c75cf27b8e08aaa5c64b7ec0954c Signed-off-by: -
Jamie Fox authored
Adds version 1.0.0 of the psa/internal_trusted_storage.h header to the include directory, as well as the psa/storage_common.h header it depends on. Change-Id: I6fd76eb8edb13151505351804ca73ddc14e2a0a9 Signed-off-by: -
Add extra checks to tfm_spm_get_msg_from_handle to validate message handler: - Check the handler is allocated from the pool - Use magic to signal that a handler is active Change-Id: Ic7b13cc1d61ae48e6112864bb2a1ce2059247e65 Signed-off-by:Mate Toth-Pal <mate.toth-pal@arm.com>
-
Update the list of mandatory software component claims - based on the description (version 02) of the PSA attestation token format, more information: https://tools.ietf.org/html/draft-tschofenig-rats-psa-token-02 Change-Id: I86ccfc7c9dc0708e304ff910bb58b74cb4063594 Signed-off-by:
-
Tamas Ban authored
Fixme is deleted, because: - The mismatch of shared data area address between bootloader and runtime firmware is validated by checking magic value at the beginning of the shared data area. - Version mismatch is not applicable, because there is no version information in the shared data. Instead it is organized in TLV format where unknown data items can be skipped by consumer. Change-Id: I61269a3437c3775a187ee99434b3072c4a856ad3 Signed-off-by:Tamas Ban <tamas.ban@arm.com>
-
Tamas Ban authored
There is a shared buffer between bootloader and SPE to exchange boot data. This check was introduced to verify that a misconfiguration in the platform layer does not cause that shared buffer is accidentally exposed to NSPE, therefore risking to tamper sensitive data. Change-Id: I1eea2d644545b600c87b9e6199f742f7af9bc421 Signed-off-by:
-
- Oct 04, 2019
-
-
This patch adjusts the index and configuration used for user-guide generation. It is aimed at helping render the documents in a similar fashion to TF-A documentation * A trustedfirmware logo has been set * TF-M abbreviations have been expanded * Menu navigation is now manually sorted * Added license to the table of contents * Disabled collapse_navigation in html_theme_options Change-Id: I1cabff549a7c34bdb5c7a1da81addf3be094b6a5 Signed-off-by:Galanakis, Minos <minos.galanakis@arm.com>
-
This patch removes the TF-M/Trusted Firmware prefix from the title heading across the documentation. Change-Id: I60e0c6e48615f67ee040a0d6dbc7d6f1873856e7 Signed-off-by: -
This patch updates the documentation landing page (readme.rst) to reflect the latest release (Version 1.0-RC1). * Updated Sphynx documentation version tags * Updated Doxygen documentation version tags * Updated features/capabilities described in readme.rst Change-Id: I273127e18b21e1c71feb140215f80a9826c0e0df Signed-off-by:
-
- Oct 03, 2019
-
-
Jamie Fox authored
Removes the tfm_mbedtls_config.h header as it is no longer used by any TF-M service. Change-Id: Ida2ee221a769954834d990bf298af93e46d81d22 Signed-off-by:
-
- Oct 02, 2019
-
-
Tamas Ban authored
Add a note to TF-M secure boot documentation which clarifies that the first stage bootloader and ROTPK must be stored in an immutable way to accomplish a root of trust anchor. Change-Id: Ibd3ef9f2e4d176dcfd92fc9a51570fb47b09fc64 Signed-off-by: -
Tamas Ban authored
Validate the input parameters from users, which comes in the image header and image metadata (TLV) section, to avoid integer overflow. Change-Id: I1d1a48e8dbda2ced2620aa9fb19fda3bfbd801ab Signed-off-by:
-
- Sep 30, 2019
-
-
Tamas Ban authored
In order to shorten the execution time exit from the TLV look-up loop when matching TLV has been found. Change-Id: Iacaca39f95411c808a8b520291a7c3f51c98193e Signed-off-by: -
Tamas Ban authored
In order to avoid buffer overflow, checking the size of the user provided TLV entries before copying them to a statically allocated buffer. Change-Id: I5be55549f105cc47866c8feabaec6d6bfd409e00 Signed-off-by: -
Tamas Ban authored
Clearing RAM to not leak accidentally any sensitive information to software components running after boot. This change also addressing the conformance with the R30_TBFU_EXEC rule in PSA-TBFU spec (version 1.0.beta.1). Change-Id: I173ecee9f2c163d385d74c2f14887ed655df7cd5 Signed-off-by: -
Tamas Ban authored
Design proposal to decouple the firmware verification key and the bootloader code. Change-Id: I41b86c96f474c4231218dd185ae8ba8bb8c48f05 Signed-off-by:
-
- Sep 29, 2019
-
-
Mingyang Sun authored
Native version of CMake must be used on windows for Cygwin, Cygwin specific version will not work. Add more detailed explanation of build software requirement in the use guide documents. Change-Id: Ib3daacb7f24c8b011ac9f877aa5db5ab2be8c0a1 Signed-off-by:Mingyang Sun <mingyang.sun@arm.com>
-
David Hu authored
Remove __tfm_secure_gateway_attributes__ definition in multi-core topology. Also remove the include of arm_cmse.h in tfm_secure_api.h in multi-core topology. Change-Id: I98d3b539d8b6a8dda0a21e8cc53c4cdb43fc0586 Signed-off-by:David Hu <david.hu@arm.com>
-
David Hu authored
Define a dummy type for nsfptr_t in multi-core topology. Keep the original type definition in single Armv8-M topology. Change-Id: Ie22faa6db21cd685782068757cca01d10bf06449 Signed-off-by: -
David Hu authored
tfm_core_topology.h gathers the topology specific operations. Add tfm_core_topology_set_pendsv_priority() in tfm_core_topology.h to abstract the PendSV priority setting in single Armv8-M and multi-core topology. Change-Id: I14b55e4f87af91d041ccb451ca9b6b7ada38d290 Signed-off-by: -
David Hu authored
Declare configure_ns_core() in tfm_nspm.h. Move single Armv8-M specific configure_ns_code() implementation to tfm_nspm_ipc.c/tfm_nspm_func.c. Define an empty configure_ns_code() for multi-core topology. Change-Id: If35570b4d23f9795c3efd16ab8a2b18a30c4e821 Signed-off-by:
-
- Sep 27, 2019
-
-
Change from uint8_t to uint32_t to prevent an implicit cast. Update variables and functions which use the return value of the function. Change-Id: I55bcb1cf2b4b642d1cdf8a1d41c04e601289dea0 Signed-off-by: -
Add boot_secure_memequal function which runs in constant time, mitigating the risk of timing side channel attacks. Replace calls to memcmp where applicable (where they test only equality). Change-Id: I062a433a67a1a865d6e890ba06a75bfb6b13deb3 Signed-off-by: -
Tamas Ban authored
In shared data area the data items are mixed and addressee can be various secure partitions or even SPM. Introduce an access policy check to limit which partition has access to which data items in the shared data area. This check mitigates the risk to disclose sensitive data to unauthorized secure partitions. Change-Id: Ibab2ff46e091c3786565be69c94cd9f02c664f3a Signed-off-by: -
Tamas Ban authored
Initialise local variable to avoid GNUARM compile error in case of MINSIZEREL build. Change-Id: I0d06b79c6ee86f36e2668ac7a8b7ffff34ee2e2e Signed-off-by: -
Mingyang Sun authored
- Use core memory functions instead of standard C runtime library for core and spm. Change-Id: Iad8037c77676a5418d9fec3626bb51dd3cead425 Signed-off-by:
-
