Merge "fix(xilinx): optimize logic to read IPI response" into integration
diff --git a/.ctags b/.ctags
new file mode 100644
index 0000000..5e608e4
--- /dev/null
+++ b/.ctags
@@ -0,0 +1,4 @@
+--regex-Asm=/^func[ \t]+([a-zA-Z_0-9]+)$/\1/l,function/
+--regex-Asm=/^.*\.macro[ \t]+([a-zA-Z_0-9]+)$/\1/m,macro/
+--regex-Asm=/^vector_entry[ \t]+([a-zA-Z_0-9]+)$/\1/l,function/
+--regex-Asm=/^.equ[ \t]+([a-zA-Z_0-9]+),/\1/l,name/
diff --git a/changelog.yaml b/changelog.yaml
index dbbff99..d073a84 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -1405,6 +1405,7 @@
- git-hooks
- title: Tools
+ scope: tools
subsections:
- title: STM32 Image
diff --git a/common/fdt_fixup.c b/common/fdt_fixup.c
index 1bad74f..59b7543 100644
--- a/common/fdt_fixup.c
+++ b/common/fdt_fixup.c
@@ -197,6 +197,7 @@
uintptr_t base, size_t size)
{
int offs = fdt_path_offset(dtb, "/reserved-memory");
+ int node;
uint32_t addresses[4];
int ac, sc;
unsigned int idx = 0;
@@ -213,6 +214,24 @@
fdt_setprop(dtb, offs, "ranges", NULL, 0);
}
+ /* Check for existing regions */
+ fdt_for_each_subnode(node, dtb, offs) {
+ uintptr_t c_base;
+ size_t c_size;
+ int ret;
+
+ ret = fdt_get_reg_props_by_index(dtb, node, 0, &c_base, &c_size);
+ /* Ignore illegal subnodes */
+ if (ret != 0) {
+ continue;
+ }
+
+ /* existing region entirely contains the new region */
+ if (base >= c_base && (base + size) <= (c_base + c_size)) {
+ return 0;
+ }
+ }
+
if (ac > 1) {
addresses[idx] = cpu_to_fdt32(HIGH_BITS(base));
idx++;
diff --git a/docs/components/cot-binding.rst b/docs/components/cot-binding.rst
index 1d31e3d..5d9acdf 100644
--- a/docs/components/cot-binding.rst
+++ b/docs/components/cot-binding.rst
@@ -108,7 +108,7 @@
Usage:
This property provides the Object ID of public key
- provided in the certificate which the help of which
+ provided in the certificate with the help of which
public key information can be extracted.
Value type: <string>
@@ -122,7 +122,7 @@
Usage:
This property provides the Object ID of hash provided in
- the certificate which the help of which hash information
+ the certificate with the help of which hash information
can be extracted.
Value type: <string>
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 55ab935..e925e14 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -118,6 +118,14 @@
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
endif
+ifeq (${MBOOT_EL_HASH_ALG}, sha256)
+ $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA256))
+else ifeq (${MBOOT_EL_HASH_ALG}, sha384)
+ $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA384))
+else ifeq (${MBOOT_EL_HASH_ALG}, sha512)
+ $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
+endif
+
ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/mbedtls_config-3.h
index 37a9288..6ed9397 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config-3.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h
@@ -73,23 +73,17 @@
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
#endif
-/* The library does not currently support enabling SHA-256 without SHA-224. */
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-/*
- * If either Trusted Boot or Measured Boot require a stronger algorithm than
- * SHA-256, pull in SHA-512 support. Library currently needs to have SHA_384
- * support when enabling SHA-512.
- */
-#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
-#else
- /* TBB uses SHA-256, what about measured boot? */
-#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
+/* Enable hash algorithms based on TBB or Measured Boot */
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256)
+ #define MBEDTLS_SHA256_C
#endif
+
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384)
+ #define MBEDTLS_SHA384_C
+#endif
+
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512)
+ #define MBEDTLS_SHA512_C
#endif
#define MBEDTLS_VERSION_C
@@ -104,7 +98,9 @@
#endif
/* MPI / BIGNUM options */
-#define MBEDTLS_MPI_WINDOW_SIZE 2
+
+/* Note: Lower numbers trade longer execution time for less RAM allocation */
+#define MBEDTLS_MPI_WINDOW_SIZE 1
#if TF_MBEDTLS_USE_RSA
#if TF_MBEDTLS_KEY_SIZE <= 2048
diff --git a/plat/amd/versal2/platform.mk b/plat/amd/versal2/platform.mk
index c07fc36..1c977a3 100644
--- a/plat/amd/versal2/platform.mk
+++ b/plat/amd/versal2/platform.mk
@@ -116,6 +116,7 @@
plat/xilinx/common/versal.c \
${PLAT_PATH}/bl31_setup.c \
common/fdt_fixup.c \
+ common/fdt_wrappers.c \
${LIBFDT_SRCS} \
${PLAT_PATH}/sip_svc_setup.c \
${PLAT_PATH}/gicv3.c
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 3c4ad64..660a3a5 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -432,10 +432,6 @@
$(info Including ${MEASURED_BOOT_MK})
include ${MEASURED_BOOT_MK}
- ifneq (${MBOOT_EL_HASH_ALG}, sha256)
- $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
- endif
-
ifeq (${MEASURED_BOOT},1)
BL1_SOURCES += ${EVENT_LOG_SOURCES}
BL2_SOURCES += ${EVENT_LOG_SOURCES}
diff --git a/plat/imx/imx8m/imx8mm/platform.mk b/plat/imx/imx8m/imx8mm/platform.mk
index f0cdb3e..d1c1259 100644
--- a/plat/imx/imx8m/imx8mm/platform.mk
+++ b/plat/imx/imx8m/imx8mm/platform.mk
@@ -188,10 +188,6 @@
$(info Including ${MEASURED_BOOT_MK})
include ${MEASURED_BOOT_MK}
-ifneq (${MBOOT_EL_HASH_ALG}, sha256)
- $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
-endif
-
BL2_SOURCES += plat/imx/imx8m/imx8m_measured_boot.c \
plat/imx/imx8m/imx8m_dyn_cfg_helpers.c \
${EVENT_LOG_SOURCES}
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index 066554a..cf1b3a8 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -96,10 +96,6 @@
$(info Including ${MEASURED_BOOT_MK})
include ${MEASURED_BOOT_MK}
- ifneq (${MBOOT_EL_HASH_ALG}, sha256)
- $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
- endif
-
BL2_SOURCES += plat/qemu/qemu/qemu_measured_boot.c \
plat/qemu/qemu/qemu_helpers.c \
${EVENT_LOG_SOURCES}
diff --git a/plat/rpi/rpi4/platform.mk b/plat/rpi/rpi4/platform.mk
index cbfa6f2..c39a587 100644
--- a/plat/rpi/rpi4/platform.mk
+++ b/plat/rpi/rpi4/platform.mk
@@ -31,6 +31,7 @@
plat/common/plat_psci_common.c \
plat/rpi/common/rpi3_topology.c \
common/fdt_fixup.c \
+ common/fdt_wrappers.c \
${LIBFDT_SRCS} \
${GICV2_SOURCES}
diff --git a/plat/st/stm32mp2/bl2_plat_setup.c b/plat/st/stm32mp2/bl2_plat_setup.c
index 96ac68b..edada72 100644
--- a/plat/st/stm32mp2/bl2_plat_setup.c
+++ b/plat/st/stm32mp2/bl2_plat_setup.c
@@ -179,11 +179,6 @@
configure_mmu();
- /* Prevent corruption of preloaded Device Tree */
- mmap_add_dynamic_region(DTB_BASE, DTB_BASE,
- DTB_LIMIT - DTB_BASE,
- MT_RO_DATA | MT_SECURE);
-
if (dt_open_and_check(STM32MP_DTB_BASE) < 0) {
panic();
}
@@ -258,7 +253,10 @@
FW_CONFIG_ID);
fconf_populate("FW_CONFIG", STM32MP_FW_CONFIG_BASE);
- mmap_remove_dynamic_region(DTB_BASE, DTB_LIMIT - DTB_BASE);
+ /*
+ * After this step, the BL2 device tree area will be overwritten
+ * with BL31 binary, no other data should be read from BL2 DT.
+ */
break;
diff --git a/plat/st/stm32mp2/include/platform_def.h b/plat/st/stm32mp2/include/platform_def.h
index 2f7570d..0f22a93 100644
--- a/plat/st/stm32mp2/include/platform_def.h
+++ b/plat/st/stm32mp2/include/platform_def.h
@@ -81,13 +81,6 @@
#define BL33_BASE STM32MP_BL33_BASE
/*******************************************************************************
- * DTB specific defines.
- ******************************************************************************/
-#define DTB_BASE STM32MP_DTB_BASE
-#define DTB_LIMIT (STM32MP_DTB_BASE + \
- STM32MP_DTB_SIZE)
-
-/*******************************************************************************
* Platform specific page table and MMU setup constants
******************************************************************************/
#define PLAT_PHY_ADDR_SPACE_SIZE (ULL(1) << 33)
diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c
index b9c83fa..53afb17 100644
--- a/services/std_svc/drtm/drtm_main.c
+++ b/services/std_svc/drtm/drtm_main.c
@@ -808,12 +808,12 @@
case ARM_DRTM_SVC_GET_ERROR:
INFO("DRTM service handler: get error\n");
- drtm_get_error(handle);
+ return drtm_get_error(handle);
break; /* not reached */
case ARM_DRTM_SVC_SET_ERROR:
INFO("DRTM service handler: set error\n");
- drtm_set_error(x1, handle);
+ return drtm_set_error(x1, handle);
break; /* not reached */
case ARM_DRTM_SVC_SET_TCB_HASH:
diff --git a/services/std_svc/drtm/drtm_remediation.c b/services/std_svc/drtm/drtm_remediation.c
index 696b4ea..81d27ec 100644
--- a/services/std_svc/drtm/drtm_remediation.c
+++ b/services/std_svc/drtm/drtm_remediation.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -21,7 +21,7 @@
rc = plat_set_drtm_error(x1);
if (rc != 0) {
- SMC_RET1(ctx, INTERNAL_ERROR);
+ SMC_RET1(ctx, NOT_FOUND);
}
SMC_RET1(ctx, SUCCESS);
@@ -35,7 +35,7 @@
rc = plat_get_drtm_error(&error_code);
if (rc != 0) {
- SMC_RET1(ctx, INTERNAL_ERROR);
+ SMC_RET1(ctx, NOT_FOUND);
}
SMC_RET2(ctx, SUCCESS, error_code);
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index e0ecdae..f7adfab 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -65,35 +65,35 @@
const char *desc; /* Key description (debug purposes) */
char *fn; /* Filename to load/store the key */
EVP_PKEY *key; /* Key container */
-} key_t;
+} cert_key_t;
/* Exported API */
int key_init(void);
-key_t *key_get_by_opt(const char *opt);
+cert_key_t *key_get_by_opt(const char *opt);
#if !USING_OPENSSL3
-int key_new(key_t *key);
+int key_new(cert_key_t *key);
#endif
-int key_create(key_t *key, int type, int key_bits);
-unsigned int key_load(key_t *key);
-int key_store(key_t *key);
+int key_create(cert_key_t *key, int type, int key_bits);
+unsigned int key_load(cert_key_t *key);
+int key_store(cert_key_t *key);
void key_cleanup(void);
/* Macro to register the keys used in the CoT */
#define REGISTER_KEYS(_keys) \
- key_t *def_keys = &_keys[0]; \
+ cert_key_t *def_keys = &_keys[0]; \
const unsigned int num_def_keys = sizeof(_keys)/sizeof(_keys[0])
/* Macro to register the platform defined keys used in the CoT */
#define PLAT_REGISTER_KEYS(_pdef_keys) \
- key_t *pdef_keys = &_pdef_keys[0]; \
+ cert_key_t *pdef_keys = &_pdef_keys[0]; \
const unsigned int num_pdef_keys = sizeof(_pdef_keys)/sizeof(_pdef_keys[0])
/* Exported variables */
-extern key_t *def_keys;
+extern cert_key_t *def_keys;
extern const unsigned int num_def_keys;
-extern key_t *pdef_keys;
+extern cert_key_t *pdef_keys;
extern const unsigned int num_pdef_keys;
-extern key_t *keys;
+extern cert_key_t *keys;
extern unsigned int num_keys;
#endif /* KEY_H */
diff --git a/tools/cert_create/src/cca/cot.c b/tools/cert_create/src/cca/cot.c
index 372d908..658b81c 100644
--- a/tools/cert_create/src/cca/cot.c
+++ b/tools/cert_create/src/cca/cot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -410,7 +410,7 @@
REGISTER_EXTENSIONS(cot_ext);
/* Keys used to establish the chain of trust. */
-static key_t cot_keys[] = {
+static cert_key_t cot_keys[] = {
[ROT_KEY] = {
.id = ROT_KEY,
.opt = "rot-key",
diff --git a/tools/cert_create/src/dualroot/cot.c b/tools/cert_create/src/dualroot/cot.c
index 81a7d75..d2c15bf 100644
--- a/tools/cert_create/src/dualroot/cot.c
+++ b/tools/cert_create/src/dualroot/cot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -536,7 +536,7 @@
/* Keys used to establish the chain of trust. */
-static key_t cot_keys[] = {
+static cert_key_t cot_keys[] = {
[ROT_KEY] = {
.id = ROT_KEY,
.opt = "rot-key",
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index f6ceeda..190c096 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,14 +26,14 @@
#define MAX_FILENAME_LEN 1024
-key_t *keys;
+cert_key_t *keys;
unsigned int num_keys;
#if !USING_OPENSSL3
/*
* Create a new key container
*/
-int key_new(key_t *key)
+int key_new(cert_key_t *key)
{
/* Create key pair container */
key->key = EVP_PKEY_new();
@@ -45,7 +45,7 @@
}
#endif
-static int key_create_rsa(key_t *key, int key_bits)
+static int key_create_rsa(cert_key_t *key, int key_bits)
{
#if USING_OPENSSL3
EVP_PKEY *rsa = EVP_RSA_gen(key_bits);
@@ -99,7 +99,7 @@
#ifndef OPENSSL_NO_EC
#if USING_OPENSSL3
-static int key_create_ecdsa(key_t *key, int key_bits, const char *curve)
+static int key_create_ecdsa(cert_key_t *key, int key_bits, const char *curve)
{
EVP_PKEY *ec = EVP_EC_gen(curve);
if (ec == NULL) {
@@ -111,7 +111,7 @@
return 1;
}
-static int key_create_ecdsa_nist(key_t *key, int key_bits)
+static int key_create_ecdsa_nist(cert_key_t *key, int key_bits)
{
if (key_bits == 384) {
return key_create_ecdsa(key, key_bits, "secp384r1");
@@ -121,17 +121,17 @@
}
}
-static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)
+static int key_create_ecdsa_brainpool_r(cert_key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, "brainpoolP256r1");
}
-static int key_create_ecdsa_brainpool_t(key_t *key, int key_bits)
+static int key_create_ecdsa_brainpool_t(cert_key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, "brainpoolP256t1");
}
#else
-static int key_create_ecdsa(key_t *key, int key_bits, const int curve_id)
+static int key_create_ecdsa(cert_key_t *key, int key_bits, const int curve_id)
{
EC_KEY *ec;
@@ -158,7 +158,7 @@
return 0;
}
-static int key_create_ecdsa_nist(key_t *key, int key_bits)
+static int key_create_ecdsa_nist(cert_key_t *key, int key_bits)
{
if (key_bits == 384) {
return key_create_ecdsa(key, key_bits, NID_secp384r1);
@@ -169,12 +169,12 @@
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)
+static int key_create_ecdsa_brainpool_r(cert_key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, NID_brainpoolP256r1);
}
-static int key_create_ecdsa_brainpool_t(key_t *key, int key_bits)
+static int key_create_ecdsa_brainpool_t(cert_key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, NID_brainpoolP256t1);
}
@@ -182,7 +182,7 @@
#endif /* USING_OPENSSL3 */
#endif /* OPENSSL_NO_EC */
-typedef int (*key_create_fn_t)(key_t *key, int key_bits);
+typedef int (*key_create_fn_t)(cert_key_t *key, int key_bits);
static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
[KEY_ALG_RSA] = key_create_rsa,
#ifndef OPENSSL_NO_EC
@@ -194,7 +194,7 @@
#endif /* OPENSSL_NO_EC */
};
-int key_create(key_t *key, int type, int key_bits)
+int key_create(cert_key_t *key, int type, int key_bits)
{
if (type >= KEY_ALG_MAX_NUM) {
printf("Invalid key type\n");
@@ -243,7 +243,7 @@
}
-unsigned int key_load(key_t *key)
+unsigned int key_load(cert_key_t *key)
{
if (key->fn == NULL) {
VERBOSE("Key not specified\n");
@@ -273,7 +273,7 @@
return KEY_ERR_NONE;
}
-int key_store(key_t *key)
+int key_store(cert_key_t *key)
{
FILE *fp;
@@ -301,7 +301,7 @@
int key_init(void)
{
cmd_opt_t cmd_opt;
- key_t *key;
+ cert_key_t *key;
unsigned int i;
keys = malloc((num_def_keys * sizeof(def_keys[0]))
@@ -341,9 +341,9 @@
return 0;
}
-key_t *key_get_by_opt(const char *opt)
+cert_key_t *key_get_by_opt(const char *opt)
{
- key_t *key;
+ cert_key_t *key;
unsigned int i;
/* Sequential search. This is not a performance concern since the number
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index edc2d68..aa21206 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -4,6 +4,8 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#define _POSIX_C_SOURCE 200809L
+
#include <assert.h>
#include <ctype.h>
#include <getopt.h>
@@ -69,16 +71,6 @@
static const char build_msg[] = "Built : " __TIME__ ", " __DATE__;
static const char platform_msg[] = PLAT_MSG;
-static char *strdup(const char *str)
-{
- int n = strlen(str) + 1;
- char *dup = malloc(n);
- if (dup) {
- strcpy(dup, str);
- }
- return dup;
-}
-
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
#ifndef OPENSSL_NO_EC
@@ -178,7 +170,7 @@
{
cert_t *cert;
ext_t *ext;
- key_t *key;
+ cert_key_t *key;
int i, j;
bool valid_size;
@@ -303,7 +295,7 @@
STACK_OF(X509_EXTENSION) * sk;
X509_EXTENSION *cert_ext = NULL;
ext_t *ext;
- key_t *key;
+ cert_key_t *key;
cert_t *cert;
FILE *file;
int i, j, ext_nid, nvctr;
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c
index 5b84b6e..3d99067 100644
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,7 +11,7 @@
*
* The order of the keys must follow the enumeration specified in tbb_key.h
*/
-static key_t tbb_keys[] = {
+static cert_key_t tbb_keys[] = {
[ROT_KEY] = {
.id = ROT_KEY,
.opt = "rot-key",
diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c
index 6c566ef..27119a1 100644
--- a/tools/fiptool/fiptool.c
+++ b/tools/fiptool/fiptool.c
@@ -1,12 +1,13 @@
/*
- * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#ifndef _MSC_VER
+#ifdef __linux__
#include <sys/mount.h>
#endif
+
#include <sys/types.h>
#include <sys/stat.h>
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_key.c b/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
index cf2ebda..cd48866 100644
--- a/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
@@ -6,7 +6,7 @@
#include <pdef_tbb_key.h>
-static key_t pdef_tbb_keys[] = {
+static cert_key_t pdef_tbb_keys[] = {
[DDR_FW_CONTENT_KEY - DDR_FW_CONTENT_KEY] = {
.id = DDR_FW_CONTENT_KEY,
.opt = "ddr-fw-key",