Merge "fix(stm32mp1): include assert.h to fix build failure" into integration
diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 3a54e69..c625090 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -54,7 +54,7 @@
The following libraries must be available to build one or more components or
supporting tools:
-- OpenSSL >= 1.0.1
+- OpenSSL >= 3.0
Required to build the cert_create tool.
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index 9280f7b..3d10e45 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -12,7 +12,7 @@
(64-bit host machine only).
.. note::
- The FVP models used are Version 11.16 Build 16, unless otherwise stated.
+ The FVP models used are Version 11.17 Build 21, unless otherwise stated.
- ``Foundation_Platform``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502``
@@ -48,12 +48,12 @@
- ``FVP_Base_Neoverse-N2x4`` (Version 11.12 build 38)
- ``FVP_Base_Neoverse-V1x4``
- ``FVP_Base_RevC-2xAEMvA`` (For certain configurations also uses 0.0/6557)
-- ``FVP_CSS_SGI-575`` (Version 11.15/26)
-- ``FVP_Morello`` (Version 0.11/19)
-- ``FVP_RD_E1_edge`` (Version 11.15/26)
-- ``FVP_RD_N1_edge_dual`` (Version 11.15/26)
-- ``FVP_RD_N1_edge`` (Version 11.15/26)
-- ``FVP_RD_V1`` (Version 11.15/26)
+- ``FVP_CSS_SGI-575`` (Version 11.17/33)
+- ``FVP_Morello`` (Version 0.11/33)
+- ``FVP_RD_E1_edge`` (Version 11.17/33)
+- ``FVP_RD_N1_edge_dual`` (Version 11.17/33)
+- ``FVP_RD_N1_edge`` (Version 11.17/33)
+- ``FVP_RD_V1`` (Version 11.17/33)
- ``FVP_TC0``
- ``FVP_TC1``
diff --git a/fdts/stm32mp13-fw-config.dtsi b/fdts/stm32mp13-fw-config.dtsi
index dc8ca1b..28f7086 100644
--- a/fdts/stm32mp13-fw-config.dtsi
+++ b/fdts/stm32mp13-fw-config.dtsi
@@ -13,11 +13,9 @@
#endif
#define DDR_NS_BASE STM32MP_DDR_BASE
-#define DDR_SEC_SIZE 0x01e00000
+#define DDR_SEC_SIZE 0x02000000
#define DDR_SEC_BASE (STM32MP_DDR_BASE + (DDR_SIZE - DDR_SEC_SIZE))
-#define DDR_SHARE_SIZE 0x00200000
-#define DDR_SHARE_BASE (DDR_SEC_BASE - DDR_SHARE_SIZE)
-#define DDR_NS_SIZE (DDR_SHARE_BASE - DDR_NS_BASE)
+#define DDR_NS_SIZE (DDR_SEC_BASE - DDR_NS_BASE)
/dts-v1/;
@@ -48,8 +46,6 @@
compatible = "st,mem-firewall";
memory-ranges = <
DDR_NS_BASE DDR_NS_SIZE TZC_REGION_S_NONE TZC_REGION_NSEC_ALL_ACCESS_RDWR
- DDR_SHARE_BASE DDR_SHARE_SIZE TZC_REGION_S_NONE
- TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID)
DDR_SEC_BASE DDR_SEC_SIZE TZC_REGION_S_RDWR 0>;
};
};
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 77d2007..ca548b8 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -62,7 +62,14 @@
# Make soft links and include from local directory otherwise wrong headers
# could get pulled in from firmware tree.
INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
-LIB_DIR := -L ${OPENSSL_DIR}/lib
+
+# Include library directories where OpenSSL library files are located.
+# For a normal installation (i.e.: when ${OPENSSL_DIR} = /usr or
+# /usr/local), binaries are located under the ${OPENSSL_DIR}/lib/
+# directory. However, for a local build of OpenSSL, the built binaries are
+# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+# ${OPENSSL_DIR}/lib/).
+LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
LIB := -lssl -lcrypto
HOSTCC ?= gcc
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 4b35d73..67ae1d6 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -39,7 +39,7 @@
if (!btmp)
return 0;
- if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
goto error;
if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
goto error;
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 6435975..2857a3b 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -40,69 +40,25 @@
static int key_create_rsa(key_t *key, int key_bits)
{
- BIGNUM *e;
- RSA *rsa = NULL;
-
- e = BN_new();
- if (e == NULL) {
- printf("Cannot create RSA exponent\n");
- goto err;
- }
-
- if (!BN_set_word(e, RSA_F4)) {
- printf("Cannot assign RSA exponent\n");
- goto err;
- }
-
- rsa = RSA_new();
+ EVP_PKEY *rsa = EVP_RSA_gen(key_bits);
if (rsa == NULL) {
- printf("Cannot create RSA key\n");
- goto err;
- }
-
- if (!RSA_generate_key_ex(rsa, key_bits, e, NULL)) {
printf("Cannot generate RSA key\n");
- goto err;
- }
-
- if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
- printf("Cannot assign RSA key\n");
- goto err;
+ return 0;
}
-
- BN_free(e);
+ key->key = rsa;
return 1;
-err:
- RSA_free(rsa);
- BN_free(e);
- return 0;
}
#ifndef OPENSSL_NO_EC
static int key_create_ecdsa(key_t *key, int key_bits)
{
- EC_KEY *ec;
-
- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ EVP_PKEY *ec = EVP_EC_gen("prime256v1");
if (ec == NULL) {
- printf("Cannot create EC key\n");
- goto err;
- }
- if (!EC_KEY_generate_key(ec)) {
printf("Cannot generate EC key\n");
- goto err;
- }
- EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
- EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
- if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
- printf("Cannot assign EC key\n");
- goto err;
+ return 0;
}
-
+ key->key = ec;
return 1;
-err:
- EC_KEY_free(ec);
- return 0;
}
#endif /* OPENSSL_NO_EC */
diff --git a/tools/cert_create/src/sha.c b/tools/cert_create/src/sha.c
index 3d977fb..06ef360 100644
--- a/tools/cert_create/src/sha.c
+++ b/tools/cert_create/src/sha.c
@@ -1,26 +1,38 @@
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <openssl/sha.h>
#include <stdio.h>
#include "debug.h"
#include "key.h"
+#include <openssl/evp.h>
+#include <openssl/obj_mac.h>
#define BUFFER_SIZE 256
+static int get_algorithm_nid(int hash_alg)
+{
+ int nids[] = {NID_sha256, NID_sha384, NID_sha512};
+ if (hash_alg < 0 || hash_alg >= sizeof(nids) / sizeof(*nids)) {
+ return NID_undef;
+ }
+ return nids[hash_alg];
+}
+
int sha_file(int md_alg, const char *filename, unsigned char *md)
{
FILE *inFile;
- SHA256_CTX shaContext;
- SHA512_CTX sha512Context;
+ EVP_MD_CTX *mdctx;
+ const EVP_MD *md_type;
int bytes;
+ int alg_nid;
+ unsigned int total_bytes;
unsigned char data[BUFFER_SIZE];
if ((filename == NULL) || (md == NULL)) {
- ERROR("%s(): NULL argument\n", __FUNCTION__);
+ ERROR("%s(): NULL argument\n", __func__);
return 0;
}
@@ -30,26 +42,37 @@
return 0;
}
+ mdctx = EVP_MD_CTX_new();
+ if (mdctx == NULL) {
+ fclose(inFile);
+ ERROR("%s(): Could not create EVP MD context\n", __func__);
+ return 0;
+ }
+
- if (md_alg == HASH_ALG_SHA384) {
- SHA384_Init(&sha512Context);
- while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
- SHA384_Update(&sha512Context, data, bytes);
- }
- SHA384_Final(md, &sha512Context);
- } else if (md_alg == HASH_ALG_SHA512) {
- SHA512_Init(&sha512Context);
- while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
- SHA512_Update(&sha512Context, data, bytes);
- }
- SHA512_Final(md, &sha512Context);
- } else {
- SHA256_Init(&shaContext);
- while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
- SHA256_Update(&shaContext, data, bytes);
- }
- SHA256_Final(md, &shaContext);
+ alg_nid = get_algorithm_nid(md_alg);
+ if (alg_nid == NID_undef) {
+ ERROR("%s(): Invalid hash algorithm\n", __func__);
+ goto err;
}
+ md_type = EVP_get_digestbynid(alg_nid);
+ if (EVP_DigestInit_ex(mdctx, md_type, NULL) == 0) {
+ ERROR("%s(): Could not initialize EVP MD digest\n", __func__);
+ goto err;
+ }
+
+ while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+ EVP_DigestUpdate(mdctx, data, bytes);
+ }
+ EVP_DigestFinal_ex(mdctx, md, &total_bytes);
+
fclose(inFile);
+ EVP_MD_CTX_free(mdctx);
return 1;
+
+err:
+ fclose(inFile);
+ EVP_MD_CTX_free(mdctx);
+ return 0;
}
+
diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
index 96dff23..60bd8ea 100644
--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2020, Linaro Limited. All rights reserved.
+# Copyright (c) 2019-2022, Linaro Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -39,7 +39,14 @@
# Make soft links and include from local directory otherwise wrong headers
# could get pulled in from firmware tree.
INC_DIR := -I ./include -I ../../include/tools_share -I ${OPENSSL_DIR}/include
-LIB_DIR := -L ${OPENSSL_DIR}/lib
+
+# Include library directories where OpenSSL library files are located.
+# For a normal installation (i.e.: when ${OPENSSL_DIR} = /usr or
+# /usr/local), binaries are located under the ${OPENSSL_DIR}/lib/
+# directory. However, for a local build of OpenSSL, the built binaries are
+# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+# ${OPENSSL_DIR}/lib/).
+LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
LIB := -lssl -lcrypto
HOSTCC ?= gcc
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 7c2a083..e6aeba9 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2014-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2022, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -22,7 +22,14 @@
else
HOSTCCFLAGS += -O2
endif
-LDLIBS := -L${OPENSSL_DIR}/lib -lcrypto
+
+# Include library directories where OpenSSL library files are located.
+# For a normal installation (i.e.: when ${OPENSSL_DIR} = /usr or
+# /usr/local), binaries are located under the ${OPENSSL_DIR}/lib/
+# directory. However, for a local build of OpenSSL, the built binaries are
+# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+# ${OPENSSL_DIR}/lib/).
+LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto
ifeq (${V},0)
Q := @