- TF-A - lists.trustedfirmware.org

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 3 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 373791: Control flow issues (DEADCODE) /drivers/usb/usb_device.c: 646 in usb_core_receive() ________________________________________________________________________________________________________ *** CID 373791: Control flow issues (DEADCODE) /drivers/usb/usb_device.c: 646 in usb_core_receive() 640 ep->is_in = false; 641 ep->num = num; 642 643 if (num == 0U) { 644 pdev->driver->ep0_start_xfer(hpcd->instance, ep); 645 } else { >>> CID 373791: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "(*pdev->driver->ep_start_xf...". 646 pdev->driver->ep_start_xfer(hpcd->instance, ep); 647 } 648 649 return USBD_OK; 650 } 651 ** CID 373790: Null pointer dereferences (FORWARD_NULL) /drivers/usb/usb_device.c: 182 in usb_core_set_config() ________________________________________________________________________________________________________ *** CID 373790: Null pointer dereferences (FORWARD_NULL) /drivers/usb/usb_device.c: 182 in usb_core_set_config() 176 } else if (cfgidx != pdev->dev_config) { 177 if (pdev->class != NULL) { 178 usb_core_ctl_error(pdev); 179 return; 180 } 181 /* Clear old configuration */ >>> CID 373790: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "pdev->class". 182 pdev->class->de_init(pdev, pdev->dev_config); 183 /* Set new configuration */ 184 pdev->dev_config = cfgidx; 185 /* Set configuration and start the USB class */ 186 if (pdev->class->init(pdev, cfgidx) != 0U) { 187 usb_core_ctl_error(pdev); ** CID 373789: Control flow issues (DEADCODE) /drivers/usb/usb_device.c: 684 in usb_core_transmit() ________________________________________________________________________________________________________ *** CID 373789: Control flow issues (DEADCODE) /drivers/usb/usb_device.c: 684 in usb_core_transmit() 678 ep->is_in = true; 679 ep->num = num; 680 681 if (num == 0U) { 682 pdev->driver->ep0_start_xfer(hpcd->instance, ep); 683 } else { >>> CID 373789: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "(*pdev->driver->ep_start_xf...". 684 pdev->driver->ep_start_xfer(hpcd->instance, ep); 685 } 686 687 return USBD_OK; 688 } 689 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

3 years, 7 months

1
0
0 0

ARM Trusted memory Resolution

by IS20 Boaz Baron

Hi all, What is the resolution for secure memory space with the Trust zone? Is it dependent on the MMU resolution? Means, for example, If my MMU can set a range of 16 KB so can I set that range as a trusted zone as well? P.S. I have ARM A35 (I am not sure but I think my MMU supports a resolution of 32KB) You are welcome to comment if I have any mistakes Thanks a lot, Boaz. ________________________________ The privileged confidential information contained in this email is intended for use only by the addressees as indicated by the original sender of this email. If you are not the addressee indicated in this email or are not responsible for delivery of the email to such a person, please kindly reply to the sender indicating this fact and delete all copies of it from your computer and network server immediately. Your cooperation is highly appreciated. It is advised that any unauthorized use of confidential information of Nuvoton is strictly prohibited; and any information in this email irrelevant to the official business of Nuvoton shall be deemed as neither given nor endorsed by Nuvoton.

3 years, 7 months

1
0
0 0

CFI in tf-a

by chen feng

I want to know if we have a chance to support the compiler-based CFI(eg clang cfi, kernel support it.) function in tf-a. I want to know that is anyone doing this, or if everyone is interested in this? Cheers, Feng

3 years, 7 months

2
1
0 0

TF-A Tech Forum Agenda: Thu 21st October 2021 16:00 – 17:00 (BST)

by Joanna Farley

Hi All, The next TF-A Tech Forum is scheduled for 21st October 2021 16:00 – 17:00 (BST). Agenda: * Title: Realm Management Extension (RME) Granule Protection Table (GPT) Overview * Presented by: John Powell * Summary: Following on from the RME Overview session on 23rd September this session will provide more details of the Granule Protection Table (GPT) support recently upstreamed and the session will cover: 1. Overview of what GPT is 2. How it works 3. How it's configured and organized 4. Table initialization in TFA and why we do it this way 5. Runtime initialization and granule transition service ========================== If TF-A contributors have anything they wish to present at any future TF-A tech forum please contact me to have that scheduled. Previous sessions, both recording and presentation material can be found on the trustedfirmware.org TF-A Technical meeting webpage: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ A scheduling tracking page is also available to help track sessions suggested: https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ Final decisions on what will be presented will be shared a few days before the next meeting on the TF-A mailing list. You have been invited to the following event. TF-A Tech Forum When Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time Calendar tf-a(a)lists.trustedfirmware.org Who • Bill Fletcher- creator • tf-a(a)lists.trustedfirmware.org more details »<https://www.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1cTJrM…> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://zoom.us/j/9159704974<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fj%2F9159704974&sa=D&us…> Meeting ID: 915 970 4974 One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…> Going (tf-a(a)lists.trustedfirmware.org)? All events in this series: Yes<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> - Maybe<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> - No<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> more options »<https://www.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1cTJrM…> Invitation from Google Calendar<https://www.google.com/calendar/> You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>. Thanks Joanna

3 years, 7 months

1
0
0 0

Re: [TF-A] TFA affinity power level

by Madhukar Pappireddy

Hi HPChen 1. Can try setting PLATFORM_MAX_AFFLVL to MPIDR_AFFLVL2? I am assuming your platform has 1 cluster with 2 cores. 2. The project currently supports a limited number of platforms. The default test suite[1] contains several smaller test suites. The tests are designed to auto-detect critical features supported by the platform. Rather than fail, tftf will skip tests if a feature is not supported. Please refer to the documentation for the tf-a-tests project here: https://trustedfirmware-a-tests.readthedocs.io/en/latest/index.html [1] https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/tests-s… Thanks, Madhukar -----Original Message----- From: TF-A <mailman-bounces(a)lists.trustedfirmware.org> On Behalf Of MS10 HPChen0 Sent: Tuesday, October 12, 2021 10:43 PM To: tf-a-owner(a)lists.trustedfirmware.org Subject: TFA affinity power level Hi, I'm Nuvoton software engineer. We have an A35 dual core platform. I ported the TFA for this platform. Now I want test the TFA on test suite. I have some questions. Please help to answer. Thanks! 1. If define 'PLATFORM_MAX_AFFLVL' to MPIDR_AFFLVL1. The tftf test only identify single core no matter 'PLATFORM_CORES_PER_CLUSTER' define to 2. How should I define 'PLATFORM_MAX_AFFLVL'? 2. How to select the test items? Should our platform need to pass all test items? Now I only test the tftf. I'm new for TFA. Please help. Thanks! Best regards, HPChen ________________________________ ________________________________ The privileged confidential information contained in this email is intended for use only by the addressees as indicated by the original sender of this email. If you are not the addressee indicated in this email or are not responsible for delivery of the email to such a person, please kindly reply to the sender indicating this fact and delete all copies of it from your computer and network server immediately. Your cooperation is highly appreciated. It is advised that any unauthorized use of confidential information of Nuvoton is strictly prohibited; and any information in this email irrelevant to the official business of Nuvoton shall be deemed as neither given nor endorsed by Nuvoton.

3 years, 7 months

1
0
0 0

Support for passing 18 parameters to/from an SMC call in AArch64

by Rebecca Cran

I noticed TF-A currently supports passing in 4 parameters and returning up to 8. But SMCCC 1.1+ supports passing up to 18 and returning 18 in AArch64 mode, and passing in/out 8 in AArch32. I was wondering if there are any plans to add support for handling the full set of parameters? -- Rebecca Cran

3 years, 7 months

2
2
0 0

BL1 loading BL2 but returned file length 4294967295

by 起飞的老杨

Hi I'm new to TF-A and OP Tee. While I am using qemu to start TF-A, I got BL1 detected and failed to load BL2, due to BL2 size out of bounds. I changed TF-A BL1 source code to show more information: diff --git a/common/bl_common.c b/common/bl_common.c index 2fcb5385d9..a6239a5257 100644 --- a/common/bl_common.c +++ b/common/bl_common.c @@ -110,7 +111,7 @@ static int load_image(unsigned int image_id, image_info_t *image_data) /* Check that the image size to load is within limit */ if (image_size > image_data->image_max_size) { - WARN("Image id=%u size out of bounds\n", image_id); + WARN("Image id=%u size(%lu, %u) out of bounds\n", image_id, image_size, image_data->image_max_size); io_result = -EFBIG; goto exit; } the log shows: NOTICE: Booting Trusted Firmware NOTICE: BL1: v2.3():v2.3-dirty NOTICE: BL1: Built : 15:56:43, Apr 20 2020 INFO: BL1: RAM 0xe04e000 - 0xe056000 VERBOSE: BL1: cortex_a57: CPU workaround for 806969 was not applied WARNING: BL1: cortex_a57: CPU workaround for 813419 was missing! VERBOSE: BL1: cortex_a57: CPU workaround for 813420 was not applied VERBOSE: BL1: cortex_a57: CPU workaround for 814670 was not applied WARNING: BL1: cortex_a57: CPU workaround for 817169 was missing! INFO: BL1: cortex_a57: CPU workaround for disable_ldnp_overread was applied WARNING: BL1: cortex_a57: CPU workaround for 826974 was missing! WARNING: BL1: cortex_a57: CPU workaround for 826977 was missing! WARNING: BL1: cortex_a57: CPU workaround for 828024 was missing! WARNING: BL1: cortex_a57: CPU workaround for 829520 was missing! WARNING: BL1: cortex_a57: CPU workaround for 833471 was missing! WARNING: BL1: cortex_a57: CPU workaround for 859972 was missing! INFO: BL1: cortex_a57: CPU workaround for cve_2017_5715 was applied INFO: BL1: cortex_a57: CPU workaround for cve_2018_3639 was applied INFO: BL1: Loading BL2 VERBOSE: Using Memmap WARNING: Firmware Image Package header check failed. VERBOSE: Trying alternative IO VERBOSE: Using Semi-hosting IO INFO: Loading image id=1 at address 0xe01b000 WARNING: Image id=1 size(4294967295, 151552) out of bounds ERROR: Failed to load BL2 firmware. I'm using yocto (dunfell) + meta-arm to build / test TF-A + OP TEE under qemuarm64. meta-arm rev: c4f04f3fb66f8f4365b08b553af8206372e90a63 variables defined inside conf/local.conf ( for test ) 23 MACHINE ?= "qemuarm64" 25 26 INSANE_SKIP_pn-optee-examples = "ldflags" 27 COMPATIBLE_MACHINE_pn-optee-examples = "qemuarm64" 28 COMPATIBLE_MACHINE_pn-optee-os = "qemuarm64" 29 COMPATIBLE_MACHINE_pn-optee-client = "qemuarm64" 30 COMPATIBLE_MACHINE_pn-trusted-firmware-a = "qemuarm64" 31 32 TFA_PLATFORM = "qemu" 33 TFA_UBOOT = "1" 34 TFA_DEBUG = "1" 35 TFA_SPD = "opteed" 36 TFA_BUILD_TARGET = "bl1 bl2 bl31" 37 38 OPTEEMACHINE:qemuarm64 = "vexpress-qemu_armv8a" 39 OPTEEOUTPUTMACHINE:qemuarm64 = "vexpress" 40 41 UBOOT_MACHINE_qemuarm64 = "qemu_arm64_defconfig" I started qemu using following command line: BIOS=tmp/deploy/images/qemuarm64/bl1.bin \ KERNEL=tmp/deploy/images/qemuarm64/Image-qemuarm64.bin \ runqemu mydefined-image-core-image-dev-optee nographic -d \ qemuparams=" \ -machine secure=on \ -m 4096 \ -d unimp -semihosting -semihosting-config enable=on,target=native \ " Thanks

3 years, 7 months

3
2
0 0

[RFC]: UFS patches

by Jorge Troncoso

Hi all, We made a few changes to the UFS driver. The proposed patches are posted here: https://review.trustedfirmware.org/q/topic:%22ufs_patches%22+(status:open%2… . The patches mainly consist of the below changes: 1. Delete asserts. Return error values instead. 2. Add retry logic and timeouts. 3. Reuse ufshc_send_uic_cmd() for DME_GET and DME_SET commands. Any feedback/comments on these patches would be greatly appreciated. Thanks! Jorge Troncoso

3 years, 7 months

5
11
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 5 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 373584: (BAD_SHIFT) /lib/gpt_rme/gpt_rme.c: 335 in gpt_validate_l0_params() /lib/gpt_rme/gpt_rme.c: 346 in gpt_validate_l0_params() ________________________________________________________________________________________________________ *** CID 373584: (BAD_SHIFT) /lib/gpt_rme/gpt_rme.c: 335 in gpt_validate_l0_params() 329 } 330 gpt_config.pps = pps; 331 gpt_config.t = gpt_t_lookup[pps]; 332 333 /* Alignment must be the greater of 4k or l0 table size. */ 334 l0_alignment = PAGE_SIZE_4KB; >>> CID 373584: (BAD_SHIFT) >>> In expression "0xffffffffffffffffUL >> 64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", right shifting by more than 63 bits has undefined behavior. The shift amount, "64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", is 64. 335 if (l0_alignment < GPT_L0_TABLE_SIZE(gpt_config.t)) { 336 l0_alignment = GPT_L0_TABLE_SIZE(gpt_config.t); 337 } 338 339 /* Check base address. */ 340 if ((l0_mem_base == 0U) || ((l0_mem_base & (l0_alignment - 1)) != 0U)) { /lib/gpt_rme/gpt_rme.c: 346 in gpt_validate_l0_params() 340 if ((l0_mem_base == 0U) || ((l0_mem_base & (l0_alignment - 1)) != 0U)) { 341 ERROR("[GPT] Invalid L0 base address: 0x%lx\n", l0_mem_base); 342 return -EFAULT; 343 } 344 345 /* Check size. */ >>> CID 373584: (BAD_SHIFT) >>> In expression "0xffffffffffffffffUL >> 64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", right shifting by more than 63 bits has undefined behavior. The shift amount, "64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", is 64. 346 if (l0_mem_size < GPT_L0_TABLE_SIZE(gpt_config.t)) { 347 ERROR("[GPT] Inadequate L0 memory: need 0x%lx, have 0x%lx)\n", 348 GPT_L0_TABLE_SIZE(gpt_config.t), 349 l0_mem_size); 350 return -ENOMEM; 351 } ** CID 373583: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 373583: Memory - corruptions (OVERRUN) /plat/imx/imx7/warp7/warp7_bl2_el3_setup.c: 110 in warp7_usdhc_setup() 104 105 zeromem(&params, sizeof(imx_usdhc_params_t)); 106 params.reg_base = PLAT_WARP7_BOOT_MMC_BASE; 107 params.clk_rate = 25000000; 108 params.bus_width = MMC_BUS_WIDTH_8; 109 mmc_info.mmc_dev_type = MMC_IS_EMMC; >>> CID 373583: Memory - corruptions (OVERRUN) >>> Overrunning struct type imx_usdhc_params_t of 16 bytes by passing it to a function which accesses it at byte offset 23. 110 imx_usdhc_init(&params, &mmc_info); 111 } 112 113 static void warp7_setup_usb_clocks(void) 114 { 115 uint32_t usb_en_bits = (uint32_t)USB_CLK_SELECT; ** CID 373582: Null pointer dereferences (NULL_RETURNS) /plat/intel/soc/common/socfpga_storage.c: 171 in socfpga_io_setup() ________________________________________________________________________________________________________ *** CID 373582: Null pointer dereferences (NULL_RETURNS) /plat/intel/soc/common/socfpga_storage.c: 171 in socfpga_io_setup() 165 166 result = io_dev_open(fip_dev_con, (uintptr_t)NULL, &fip_dev_handle); 167 assert(result == 0); 168 169 if (boot_source == BOOT_SOURCE_SDMMC) { 170 partition_init(GPT_IMAGE_ID); >>> CID 373582: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing "get_partition_entry(a2)", which is known to be "NULL". 171 fip_spec.offset = get_partition_entry(a2)->start; 172 } 173 174 (void)result; 175 } 176 ** CID 373581: (BAD_SHIFT) /lib/gpt_rme/gpt_rme.c: 780 in gpt_init_l0_tables() /lib/gpt_rme/gpt_rme.c: 775 in gpt_init_l0_tables() ________________________________________________________________________________________________________ *** CID 373581: (BAD_SHIFT) /lib/gpt_rme/gpt_rme.c: 780 in gpt_init_l0_tables() 774 /* Iterate through all L0 entries */ 775 for (unsigned int i = 0U; i < GPT_L0_REGION_COUNT(gpt_config.t); i++) { 776 ((uint64_t *)l0_mem_base)[i] = gpt_desc; 777 } 778 779 /* Flush updated L0 tables to memory. */ >>> CID 373581: (BAD_SHIFT) >>> In expression "0xffffffffffffffffUL >> 64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", right shifting by more than 63 bits has undefined behavior. The shift amount, "64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", is 64. 780 flush_dcache_range((uintptr_t)l0_mem_base, 781 (size_t)GPT_L0_TABLE_SIZE(gpt_config.t)); 782 783 /* Stash the L0 base address once initial setup is complete. */ 784 gpt_config.plat_gpt_l0_base = l0_mem_base; 785 /lib/gpt_rme/gpt_rme.c: 775 in gpt_init_l0_tables() 769 } 770 771 /* Create the descriptor to initialize L0 entries with. */ 772 gpt_desc = GPT_L0_BLK_DESC(GPT_GPI_ANY); 773 774 /* Iterate through all L0 entries */ >>> CID 373581: (BAD_SHIFT) >>> In expression "0xffffffffffffffffUL >> 64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", right shifting by more than 63 bits has undefined behavior. The shift amount, "64U - ((gpt_config.t > (unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) ? gpt_config.t - ((unsigned int)((read_gpccr_el3() >> 20U) & 0xfUL) + 30U) : 0U)", is 64. 775 for (unsigned int i = 0U; i < GPT_L0_REGION_COUNT(gpt_config.t); i++) { 776 ((uint64_t *)l0_mem_base)[i] = gpt_desc; 777 } 778 779 /* Flush updated L0 tables to memory. */ 780 flush_dcache_range((uintptr_t)l0_mem_base, ** CID 373580: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 373580: Memory - corruptions (OVERRUN) /plat/imx/imx7/picopi/picopi_bl2_el3_setup.c: 104 in picopi_usdhc_setup() 98 99 zeromem(&params, sizeof(imx_usdhc_params_t)); 100 params.reg_base = PLAT_PICOPI_BOOT_MMC_BASE; 101 params.clk_rate = 25000000; 102 params.bus_width = MMC_BUS_WIDTH_8; 103 mmc_info.mmc_dev_type = MMC_IS_EMMC; >>> CID 373580: Memory - corruptions (OVERRUN) >>> Overrunning struct type imx_usdhc_params_t of 16 bytes by passing it to a function which accesses it at byte offset 23. 104 imx_usdhc_init(&params, &mmc_info); 105 } 106 107 static void picopi_setup_usb_clocks(void) 108 { 109 uint32_t usb_en_bits = (uint32_t)USB_CLK_SELECT; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

3 years, 7 months

1
0
0 0

Re: [TF-A] ATF F/w image Decryption support

by Sumit Garg

+ TF-A ML (for the benefit of other trying to use firmware encryption feature) Hi Promod, On Fri, 8 Oct 2021 at 00:09, pramod kumar <pramod.jnumca04(a)gmail.com> wrote: > Hi Sumit, > > This is Pramod, Presently working in Amazon Lab126. I'm working in ATF and > was going through your patch which provides f/w image encryption/decryption > support. > > commit 7cda17bb0f92db39d123a4f2a1732c9978556453 > Author: Sumit Garg <sumit.garg(a)linaro.org> > Date: Fri Nov 15 10:43:00 2019 +0530 > > drivers: crypto: Add authenticated decryption framework > > Add framework for autheticated decryption of data. Currently this > patch optionally imports mbedtls library as a backend if build option > "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated > decryption > using AES-GCM algorithm. > > Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> > Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271 > > I see that this support comes under DECRYPTION_SUPPORT macro hence can't > be used dynamically. I see the TBBR spec provides a flag for this which > could be used to exercise this feature dynamically- > [image: image.png] > > > Just wanted to understand that did you see any limitation to use this flag > for making this feature support dynamically? Or do you have any plan to > push follow up patches for this? > > Actually there are security concerns associated if we use an unsigned encryption flag in the header (see earlier discussions [1]). > If this feature is made available, with the help of "disable_auth" flag, > BL1 would be able to boot plane images even when TRUSTED_BOARD_BOOT is > enabled in development mode. > I agree here that it would be useful to have such a flag in development mode. For TRUSTED_BOARD_BOOT in development mode, I guess you are referring to DYN_DISABLE_AUTH. If yes then I think such a macro makes sense for encryption as well in order to disable decryption at runtime in development mode, patches are very much welcome. [1] https://lists.trustedfirmware.org/pipermail/tf-a/2020-February/000288.html -Sumit > Regards, > Pramod >

3 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A