- Oct 04, 2019
-
-
This patch removes the TF-M/Trusted Firmware prefix from the title heading across the documentation. Change-Id: I60e0c6e48615f67ee040a0d6dbc7d6f1873856e7 Signed-off-by:Galanakis, Minos <minos.galanakis@arm.com>
-
This patch updates the documentation landing page (readme.rst) to reflect the latest release (Version 1.0-RC1). * Updated Sphynx documentation version tags * Updated Doxygen documentation version tags * Updated features/capabilities described in readme.rst Change-Id: I273127e18b21e1c71feb140215f80a9826c0e0df Signed-off-by:
-
- Oct 03, 2019
-
-
Jamie Fox authored
Removes the tfm_mbedtls_config.h header as it is no longer used by any TF-M service. Change-Id: Ida2ee221a769954834d990bf298af93e46d81d22 Signed-off-by:Jamie Fox <jamie.fox@arm.com>
-
- Oct 02, 2019
-
-
Tamas Ban authored
Add a note to TF-M secure boot documentation which clarifies that the first stage bootloader and ROTPK must be stored in an immutable way to accomplish a root of trust anchor. Change-Id: Ibd3ef9f2e4d176dcfd92fc9a51570fb47b09fc64 Signed-off-by:Tamas Ban <tamas.ban@arm.com>
-
Tamas Ban authored
Validate the input parameters from users, which comes in the image header and image metadata (TLV) section, to avoid integer overflow. Change-Id: I1d1a48e8dbda2ced2620aa9fb19fda3bfbd801ab Signed-off-by:
-
- Sep 30, 2019
-
-
Tamas Ban authored
In order to shorten the execution time exit from the TLV look-up loop when matching TLV has been found. Change-Id: Iacaca39f95411c808a8b520291a7c3f51c98193e Signed-off-by: -
Tamas Ban authored
In order to avoid buffer overflow, checking the size of the user provided TLV entries before copying them to a statically allocated buffer. Change-Id: I5be55549f105cc47866c8feabaec6d6bfd409e00 Signed-off-by: -
Tamas Ban authored
Clearing RAM to not leak accidentally any sensitive information to software components running after boot. This change also addressing the conformance with the R30_TBFU_EXEC rule in PSA-TBFU spec (version 1.0.beta.1). Change-Id: I173ecee9f2c163d385d74c2f14887ed655df7cd5 Signed-off-by: -
Tamas Ban authored
Design proposal to decouple the firmware verification key and the bootloader code. Change-Id: I41b86c96f474c4231218dd185ae8ba8bb8c48f05 Signed-off-by:
-
- Sep 29, 2019
-
-
Mingyang Sun authored
Native version of CMake must be used on windows for Cygwin, Cygwin specific version will not work. Add more detailed explanation of build software requirement in the use guide documents. Change-Id: Ib3daacb7f24c8b011ac9f877aa5db5ab2be8c0a1 Signed-off-by:Mingyang Sun <mingyang.sun@arm.com>
-
David Hu authored
Remove __tfm_secure_gateway_attributes__ definition in multi-core topology. Also remove the include of arm_cmse.h in tfm_secure_api.h in multi-core topology. Change-Id: I98d3b539d8b6a8dda0a21e8cc53c4cdb43fc0586 Signed-off-by:David Hu <david.hu@arm.com>
-
David Hu authored
Define a dummy type for nsfptr_t in multi-core topology. Keep the original type definition in single Armv8-M topology. Change-Id: Ie22faa6db21cd685782068757cca01d10bf06449 Signed-off-by: -
David Hu authored
tfm_core_topology.h gathers the topology specific operations. Add tfm_core_topology_set_pendsv_priority() in tfm_core_topology.h to abstract the PendSV priority setting in single Armv8-M and multi-core topology. Change-Id: I14b55e4f87af91d041ccb451ca9b6b7ada38d290 Signed-off-by: -
David Hu authored
Declare configure_ns_core() in tfm_nspm.h. Move single Armv8-M specific configure_ns_code() implementation to tfm_nspm_ipc.c/tfm_nspm_func.c. Define an empty configure_ns_code() for multi-core topology. Change-Id: If35570b4d23f9795c3efd16ab8a2b18a30c4e821 Signed-off-by:
-
- Sep 27, 2019
-
-
Change from uint8_t to uint32_t to prevent an implicit cast. Update variables and functions which use the return value of the function. Change-Id: I55bcb1cf2b4b642d1cdf8a1d41c04e601289dea0 Signed-off-by:Raef Coles <raef.coles@arm.com>
-
Add boot_secure_memequal function which runs in constant time, mitigating the risk of timing side channel attacks. Replace calls to memcmp where applicable (where they test only equality). Change-Id: I062a433a67a1a865d6e890ba06a75bfb6b13deb3 Signed-off-by: -
Tamas Ban authored
In shared data area the data items are mixed and addressee can be various secure partitions or even SPM. Introduce an access policy check to limit which partition has access to which data items in the shared data area. This check mitigates the risk to disclose sensitive data to unauthorized secure partitions. Change-Id: Ibab2ff46e091c3786565be69c94cd9f02c664f3a Signed-off-by: -
Tamas Ban authored
Initialise local variable to avoid GNUARM compile error in case of MINSIZEREL build. Change-Id: I0d06b79c6ee86f36e2668ac7a8b7ffff34ee2e2e Signed-off-by: -
Mingyang Sun authored
- Use core memory functions instead of standard C runtime library for core and spm. Change-Id: Iad8037c77676a5418d9fec3626bb51dd3cead425 Signed-off-by: -
Mingyang Sun authored
Implement memory copy/set function for TF-M core. The tfm_core_util_memcpy() is used for same-sized object only. Change-Id: I1b509ea90edaf8deebe308248f8d7d6fddad04cd Signed-off-by: -
Jamie Fox authored
Adds a design proposal for the TF-M Internal Trusted Storage service. Change-Id: Ic10a850239f05ddde60b65cf274beb6b1e818db9 Signed-off-by: -
David Hu authored
Move BOOT_TFM_SHARED_DATA_BASE and BOOT_TFM_SHARED_DATA_SIZE macros definitions from flash_layout.h to region_defs.h in each platform, for the following reasons: 1. BL2 shared area sits in the RAM area. It is more natural to put the definitions in region_defs.h 2. In some topologies and platforms, the base address of BL2 shared area is calculated based on other regions in RAM layout during compiling. It can be more flexible to put those definitions into region_defs.h Change-Id: Ia846194bdaff1f6e659761042594102a4ad523cb Signed-off-by: -
Robert Rostohar authored
Changes '#if TFM_PSA_API' to '#ifdef TFM_PSA_API'. Change-Id: I2211977a84f1a079dd35990c13f941f82620d543 Signed-off-by:Robert Rostohar <Robert.Rostohar@arm.com>
-
- Sep 26, 2019
-
-
David Hu authored
Add Cortex-M0plus and Cortex-M4 entries in GNUARM cmake files. Change-Id: I3180642d77092189be0e885ff8521b95c440c923 Signed-off-by: -
Ashutosh Singh authored
This patch adds support Cortex-M0plus and Cortex-M4 cpus. Add Cortex-M0plus and Cortex-M4 entries in ARMCLANG cmake file. Change-Id: I9c14d66d7cb7a0df185f8922f000179a184c2166 Signed-off-by:Ashutosh Singh <ashutosh.singh@arm.com>
-
David Hu authored
According to [1], add compiler flag -DMULADDC_CANNOT_USE_R7 in mbed-crypto/mbedtls building on Armv6-M, to work around builidng issues. [1]: https://github.com/ARMmbed/mbedtls/issues/1077 Change-Id: I091f7c93a7d275045a7ec17d39e692b27e0544e3 Signed-off-by:
-
David Hu authored
Implement Armv6-M and Armv7-M support in arch folder for TF-M multi-core topology. Change-Id: Ib8f8803857aa79339ec8740ad9f69c8b13ec513b Signed-off-by: -
David Hu authored
Abstract the operation checking whether Floating Point status information is allocated in stack frame from EXC_RETURN value. Change-Id: Id7dab53f58f303a402aa9ed9f4f840fcb0a97a11 Signed-off-by: -
David Hu authored
Add tfm_arch_set_msplim() to abstract MSPLIM setting. Implement tfm_arch_set_msplim() on Armv8-M. Change-Id: I727e6bb0b2c37f9faad940d972553290b8896f19 Signed-off-by:
-
- Sep 25, 2019
-
-
Jamie Fox authored
Explicitly sets the secure fault priority to the highest on AN524, bringing it in line with other platforms. Change-Id: Ibe53d2cbc9532ed0ffa7ca69b28e9e1382843605 Signed-off-by: -
Summer Qin authored
TF-M core does not need rich format support while output log message. Create constrained log APIs instead of 'printf' provided by the toolchain. Change-Id: I9c7312ce6dfbc4f40e4d36d560619d63c84feb6e Signed-off-by:Summer Qin <summer.qin@arm.com>
-
Summer Qin authored
Introduction of the partition and service management. Change-Id: I45c89aeeb8424ecfee4141e8e08cfc63115d35be Signed-off-by:
-
- Sep 23, 2019
-
-
Mate Toth-Pal authored
Only allow reset requests that are coming from a PSA Root of Trust secure service. Also make test service, that is making an SPM requests to be PRoT Change-Id: Id89a619db4e59f7460600351081a231dab3a366e Signed-off-by:Mate Toth-Pal <mate.toth-pal@arm.com>
-
Mate Toth-Pal authored
Change the core and SPM behaviour from returning error code to panic, in the following cases: - tfm_core_partition_request called from Thread mode - secure lock is held in case of a non-secure secure service caller - Partition state check fails when starting IRQ handler - Secure SVC handler receives a NS EXC_RET value Change-Id: Ied6ab7c2ffb2be25a7ffa3b4ef1dc20783fccc4c Signed-off-by: -
David Hu authored
A #endif is missed in #if/#endif pair in common scatter file. It may generate incorrect scatter file when the data areas layout changes. Fix it. Change-Id: I70d88243e785fb8247bf22f4b6fb2879fe38d089 Signed-off-by: -
Tamas Ban authored
Remove unnecessary (duplicated) function call. Change-Id: I1a2220371e508f1ad91517a71c87b652c9798bd2 Signed-off-by: -
Tamas Ban authored
This change improve the granularity of code placement among different sections. Link only those files to attestation service which are used for encoding the attestation token. Other files are used during attestation test suite for decoding the token. Change-Id: I0100c8bab909cef9f520ddbfde4069ddbefe222b Signed-off-by: -
Tamas Ban authored
The unprotected part of the COSE token header, which contains the key-id in not a mandatory requirement by the PSA initial attestation specification. This change remove key-id and related code as part of the code optimization activity. Change-Id: Ic22fc949d2c8070ad77c5556013d28fe4f955559 Signed-off-by: -
According to RFC8152 the unprotected header can be empty, in this case an empty map item must be added to the token. This change improves the verifier code to be able to handle this scenario. Change-Id: I0f784db19e53edcedfb36a238ab0cff2aafae7c5 Signed-off-by:Laurence Lundblade <lgl@securitytheory.com>
-
Tamas Ban authored
Due to code size optimization reasons the test code is removed from the TF-M release build. Some attestation test cases (short-circuit signature, get minimal token, passing option fields to attestation service) only available in debug builds. Change-Id: I17f44604bbd30b1d9098a7f6d13a1ca21d5c80ae Signed-off-by:
-
