Merge changes from topic "tegra194-ras-handling" into integration
* changes:
Tegra194: ras: verbose prints for SErrors
Prevent RAS register access from lower ELs
Tegra194: SiP: clear RAS corrected error records
Tegra194: add RAS exception handling
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 9d298d0..bf29186 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -43,6 +43,8 @@
:G: `laurenw-arm`_
:M: Madhukar Pappireddy <Madhukar.Pappireddy@arm.com>
:G: `madhukar-Arm`_
+:M: Raghu Krishnamurthy <raghu.ncstate@icloud.com>
+:G: `raghuncstate`_
.. _code owners:
@@ -610,6 +612,7 @@
.. _J-Alves: https://github.com/J-Alves
.. _madhukar-Arm: https://github.com/madhukar-Arm
.. _john-powell-arm: https://github.com/john-powell-arm
+.. _raghuncstate: https://github.com/raghuncstate
.. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/drivers/auth/tbbr/tbbr_cot_bl2.c b/drivers/auth/tbbr/tbbr_cot_bl2.c
index c47bf1a..63c18fa 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl2.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl2.c
@@ -27,6 +27,9 @@
static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
+#if defined(SPD_spmd)
+static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
+#endif /* SPD_spmd */
static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
@@ -60,6 +63,24 @@
AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
+#if defined(SPD_spmd)
+static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
+static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
+static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
+static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
+static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
+static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
+static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
+static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
+#endif /* SPD_spmd */
/*
* Trusted key certificate
@@ -535,6 +556,99 @@
}
}
};
+/* Secure Partitions */
+#if defined(SPD_spmd)
+static const auth_img_desc_t sp_content_cert = {
+ .img_id = SP_CONTENT_CERT_ID,
+ .img_type = IMG_CERT,
+ .parent = &trusted_key_cert,
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
+ [0] = {
+ .type = AUTH_METHOD_SIG,
+ .param.sig = {
+ .pk = &trusted_world_pk,
+ .sig = &sig,
+ .alg = &sig_alg,
+ .data = &raw_data
+ }
+ },
+ [1] = {
+ .type = AUTH_METHOD_NV_CTR,
+ .param.nv_ctr = {
+ .cert_nv_ctr = &trusted_nv_ctr,
+ .plat_nv_ctr = &trusted_nv_ctr
+ }
+ }
+ },
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
+ [0] = {
+ .type_desc = &sp_pkg1_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[0],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [1] = {
+ .type_desc = &sp_pkg2_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[1],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [2] = {
+ .type_desc = &sp_pkg3_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[2],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [3] = {
+ .type_desc = &sp_pkg4_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[3],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [4] = {
+ .type_desc = &sp_pkg5_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[4],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [5] = {
+ .type_desc = &sp_pkg6_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[5],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [6] = {
+ .type_desc = &sp_pkg7_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[6],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ },
+ [7] = {
+ .type_desc = &sp_pkg8_hash,
+ .data = {
+ .ptr = (void *)sp_pkg_hash_buf[7],
+ .len = (unsigned int)HASH_DER_LEN
+ }
+ }
+ }
+};
+
+DEFINE_SP_PKG(1);
+DEFINE_SP_PKG(2);
+DEFINE_SP_PKG(3);
+DEFINE_SP_PKG(4);
+DEFINE_SP_PKG(5);
+DEFINE_SP_PKG(6);
+DEFINE_SP_PKG(7);
+DEFINE_SP_PKG(8);
+#endif /* SPD_spmd */
static const auth_img_desc_t * const cot_desc[] = {
[TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
@@ -557,6 +671,17 @@
[NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
[BL33_IMAGE_ID] = &bl33_image,
[NT_FW_CONFIG_ID] = &nt_fw_config,
+#if defined(SPD_spmd)
+ [SP_CONTENT_CERT_ID] = &sp_content_cert,
+ [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
+ [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
+ [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
+ [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
+ [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
+ [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
+ [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
+ [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
+#endif
};
/* Register the CoT in the authentication module */
diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h
index da367da..3e88a6d 100644
--- a/include/tools_share/dualroot_oid.h
+++ b/include/tools_share/dualroot_oid.h
@@ -16,16 +16,4 @@
*/
#define PROT_PK_OID "1.3.6.1.4.1.4128.2100.1102"
-/*
- * Secure Partitions Content Certificate
- */
-#define SP_PKG1_HASH_OID "1.3.6.1.4.1.4128.2100.1301"
-#define SP_PKG2_HASH_OID "1.3.6.1.4.1.4128.2100.1302"
-#define SP_PKG3_HASH_OID "1.3.6.1.4.1.4128.2100.1303"
-#define SP_PKG4_HASH_OID "1.3.6.1.4.1.4128.2100.1304"
-#define SP_PKG5_HASH_OID "1.3.6.1.4.1.4128.2100.1305"
-#define SP_PKG6_HASH_OID "1.3.6.1.4.1.4128.2100.1306"
-#define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307"
-#define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308"
-
#endif /* DUALROOT_OID_H */
diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 6bccfdd..24a8f39 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -145,4 +145,16 @@
/* NonTrustedFirmwareConfigHash - NT_FW_CONFIG */
#define NON_TRUSTED_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1202"
+/*
+ * Secure Partitions Content Certificate
+ */
+#define SP_PKG1_HASH_OID "1.3.6.1.4.1.4128.2100.1301"
+#define SP_PKG2_HASH_OID "1.3.6.1.4.1.4128.2100.1302"
+#define SP_PKG3_HASH_OID "1.3.6.1.4.1.4128.2100.1303"
+#define SP_PKG4_HASH_OID "1.3.6.1.4.1.4128.2100.1304"
+#define SP_PKG5_HASH_OID "1.3.6.1.4.1.4128.2100.1305"
+#define SP_PKG6_HASH_OID "1.3.6.1.4.1.4128.2100.1306"
+#define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307"
+#define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308"
+
#endif /* TBBR_OID_H */
diff --git a/tools/cert_create/include/tbbr/tbb_cert.h b/tools/cert_create/include/tbbr/tbb_cert.h
index 628ef3a..e5fa3a2 100644
--- a/tools/cert_create/include/tbbr/tbb_cert.h
+++ b/tools/cert_create/include/tbbr/tbb_cert.h
@@ -23,6 +23,7 @@
TRUSTED_OS_FW_CONTENT_CERT,
NON_TRUSTED_FW_KEY_CERT,
NON_TRUSTED_FW_CONTENT_CERT,
+ SIP_SECURE_PARTITION_CONTENT_CERT,
FWU_CERT
};
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 462aafc..7ac97a5 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -30,6 +30,14 @@
NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
NON_TRUSTED_FW_CONFIG_HASH_EXT,
+ SP_PKG1_HASH_EXT,
+ SP_PKG2_HASH_EXT,
+ SP_PKG3_HASH_EXT,
+ SP_PKG4_HASH_EXT,
+ SP_PKG5_HASH_EXT,
+ SP_PKG6_HASH_EXT,
+ SP_PKG7_HASH_EXT,
+ SP_PKG8_HASH_EXT,
SCP_FWU_CFG_HASH_EXT,
AP_FWU_CFG_HASH_EXT,
FWU_HASH_EXT
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 7fb32d8..b614e2e 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -164,6 +164,27 @@
},
.num_ext = 3
},
+ [SIP_SECURE_PARTITION_CONTENT_CERT] = {
+ .id = SIP_SECURE_PARTITION_CONTENT_CERT,
+ .opt = "sip-sp-cert",
+ .help_msg = "SiP owned Secure Partition Content Certificate (output file)",
+ .fn = NULL,
+ .cn = "SiP owned Secure Partition Content Certificate",
+ .key = TRUSTED_WORLD_KEY,
+ .issuer = SIP_SECURE_PARTITION_CONTENT_CERT,
+ .ext = {
+ TRUSTED_FW_NVCOUNTER_EXT,
+ SP_PKG1_HASH_EXT,
+ SP_PKG2_HASH_EXT,
+ SP_PKG3_HASH_EXT,
+ SP_PKG4_HASH_EXT,
+ SP_PKG5_HASH_EXT,
+ SP_PKG6_HASH_EXT,
+ SP_PKG7_HASH_EXT,
+ SP_PKG8_HASH_EXT,
+ },
+ .num_ext = 9
+ },
[FWU_CERT] = {
.id = FWU_CERT,
.opt = "fwu-cert",
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index ee5377f..0068d3b 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -203,6 +203,86 @@
.type = EXT_TYPE_HASH,
.optional = 1
},
+ [SP_PKG1_HASH_EXT] = {
+ .oid = SP_PKG1_HASH_OID,
+ .opt = "sp-pkg1",
+ .help_msg = "Secure Partition Package1 file",
+ .sn = "SPPkg1Hash",
+ .ln = "SP Pkg1 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG2_HASH_EXT] = {
+ .oid = SP_PKG2_HASH_OID,
+ .opt = "sp-pkg2",
+ .help_msg = "Secure Partition Package2 file",
+ .sn = "SPPkg2Hash",
+ .ln = "SP Pkg2 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG3_HASH_EXT] = {
+ .oid = SP_PKG3_HASH_OID,
+ .opt = "sp-pkg3",
+ .help_msg = "Secure Partition Package3 file",
+ .sn = "SPPkg3Hash",
+ .ln = "SP Pkg3 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG4_HASH_EXT] = {
+ .oid = SP_PKG4_HASH_OID,
+ .opt = "sp-pkg4",
+ .help_msg = "Secure Partition Package4 file",
+ .sn = "SPPkg4Hash",
+ .ln = "SP Pkg4 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG5_HASH_EXT] = {
+ .oid = SP_PKG5_HASH_OID,
+ .opt = "sp-pkg5",
+ .help_msg = "Secure Partition Package5 file",
+ .sn = "SPPkg5Hash",
+ .ln = "SP Pkg5 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG6_HASH_EXT] = {
+ .oid = SP_PKG6_HASH_OID,
+ .opt = "sp-pkg6",
+ .help_msg = "Secure Partition Package6 file",
+ .sn = "SPPkg6Hash",
+ .ln = "SP Pkg6 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG7_HASH_EXT] = {
+ .oid = SP_PKG7_HASH_OID,
+ .opt = "sp-pkg7",
+ .help_msg = "Secure Partition Package7 file",
+ .sn = "SPPkg7Hash",
+ .ln = "SP Pkg7 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [SP_PKG8_HASH_EXT] = {
+ .oid = SP_PKG8_HASH_OID,
+ .opt = "sp-pkg8",
+ .help_msg = "Secure Partition Package8 file",
+ .sn = "SPPkg8Hash",
+ .ln = "SP Pkg8 hash (SHA256)",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
[SCP_FWU_CFG_HASH_EXT] = {
.oid = SCP_FWU_CFG_HASH_OID,
.opt = "scp-fwu-cfg",