Merge '5f62213e684dbea03b5a2bb732405a03ccc1a815' into master am: 5dfd96a0b3 am: 780068d4ee am: 1d4a3be615android-mainline-11.0.0_r9android-mainline-11.0.0_r8android-mainline-11.0.0_r7android-mainline-11.0.0_r6android-mainline-11.0.0_r5android-mainline-11.0.0_r44android-mainline-11.0.0_r43android-mainline-11.0.0_r42android-mainline-11.0.0_r41android-mainline-11.0.0_r40android-mainline-11.0.0_r4android-mainline-11.0.0_r39android-mainline-11.0.0_r38android-mainline-11.0.0_r37android-mainline-11.0.0_r36android-mainline-11.0.0_r35android-mainline-11.0.0_r34android-mainline-11.0.0_r33android-mainline-11.0.0_r32android-mainline-11.0.0_r31android-mainline-11.0.0_r30android-mainline-11.0.0_r3android-mainline-11.0.0_r29android-mainline-11.0.0_r28android-mainline-11.0.0_r27android-mainline-11.0.0_r26android-mainline-11.0.0_r25android-mainline-11.0.0_r24android-mainline-11.0.0_r23android-mainline-11.0.0_r22android-mainline-11.0.0_r21android-mainline-11.0.0_r20android-mainline-11.0.0_r2android-mainline-11.0.0_r19android-mainline-11.0.0_r18android-mainline-11.0.0_r17android-mainline-11.0.0_r16android-mainline-11.0.0_r15android-mainline-11.0.0_r14android-mainline-11.0.0_r13android-mainline-11.0.0_r12android-mainline-11.0.0_r10android-mainline-11.0.0_r1android-11.0.0_r45android-11.0.0_r44android-11.0.0_r43android-11.0.0_r42android-11.0.0_r41android-11.0.0_r40android-11.0.0_r39android-11.0.0_r38android-11.0.0_r37android-11.0.0_r36android-11.0.0_r35android-11.0.0_r34android-11.0.0_r33android-11.0.0_r32android-11.0.0_r31android-11.0.0_r30android-11.0.0_r29android-11.0.0_r28android-11.0.0_r27android-11.0.0_r26android-11.0.0_r24android-11.0.0_r23android-11.0.0_r22android-11.0.0_r21android-11.0.0_r20android-11.0.0_r19android-11.0.0_r18android-11.0.0_r16android11-qpr3-s1-releaseandroid11-qpr3-releaseandroid11-qpr2-releaseandroid11-qpr1-s2-releaseandroid11-qpr1-s1-releaseandroid11-qpr1-releaseandroid11-qpr1-d-s1-releaseandroid11-qpr1-d-releaseandroid11-qpr1-c-releaseandroid11-mainline-tethering-releaseandroid11-mainline-sparse-2021-jan-releaseandroid11-mainline-sparse-2020-dec-releaseandroid11-mainline-releaseandroid11-mainline-permission-releaseandroid11-mainline-os-statsd-releaseandroid11-mainline-networkstack-releaseandroid11-mainline-media-swcodec-releaseandroid11-mainline-media-releaseandroid11-mainline-extservices-releaseandroid11-mainline-documentsui-releaseandroid11-mainline-conscrypt-releaseandroid11-mainline-cellbroadcast-releaseandroid11-mainline-captiveportallogin-releaseandroid11-devandroid11-d2-releaseandroid11-d1-b-release

Change-Id: Ia911040759d199f8c1ec0b51abd4fa556a6b8b40

11 files changed, 202 insertions, 80 deletions

diff --git a/tools/meson/Makefile b/tools/amlogic/Makefile
index 1a1d1f812..1a1d1f812 100644
--- a/tools/meson/Makefile
+++ b/tools/amlogic/Makefile
diff --git a/tools/meson/doimage.c b/tools/amlogic/doimage.c
index b304038d1..b304038d1 100644
--- a/tools/meson/doimage.c
+++ b/tools/amlogic/doimage.c
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index c03629a00..eff929ef0 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -10,53 +10,41 @@ V		?= 0
 DEBUG		:= 0
 BINARY		:= ${PROJECT}${BIN_EXT}
 OPENSSL_DIR	:= /usr
-USE_TBBR_DEFS   := 1
+COT		:= tbbr
 
+MAKE_HELPERS_DIRECTORY := ../../make_helpers/
+include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
+include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+
+# Common source files.
 OBJECTS := src/cert.o \
            src/cmd_opt.o \
            src/ext.o \
            src/key.o \
            src/main.o \
-           src/sha.o \
-           src/tbbr/tbb_cert.o \
-           src/tbbr/tbb_ext.o \
-           src/tbbr/tbb_key.o
+           src/sha.o
 
-HOSTCCFLAGS := -Wall -std=c99
-
-MAKE_HELPERS_DIRECTORY := ../../make_helpers/
-include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
-include ${MAKE_HELPERS_DIRECTORY}build_env.mk
-
-ifeq (${USE_TBBR_DEFS},1)
-# In this case, cert_tool is platform-independent
-PLAT_MSG		:=	TBBR Generic
-PLAT_INCLUDE		:=	../../include/tools_share
+# Chain of trust.
+ifeq (${COT},tbbr)
+  include src/tbbr/tbbr.mk
 else
-PLAT_MSG		:=	${PLAT}
-
-TF_PLATFORM_ROOT		:=	../../plat/
-include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
-
-PLAT_INCLUDE		:=	$(wildcard ${PLAT_DIR}include)
-
-ifeq ($(PLAT_INCLUDE),)
-  $(error "Error: Invalid platform '${PLAT}' has no include directory.")
-endif
+  $(error Unknown chain of trust ${COT})
 endif
 
+HOSTCCFLAGS := -Wall -std=c99
+
 ifeq (${DEBUG},1)
   HOSTCCFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40
 else
   HOSTCCFLAGS += -O2 -DLOG_LEVEL=20
 endif
+
 ifeq (${V},0)
   Q := @
 else
   Q :=
 endif
 
-$(eval $(call add_define,USE_TBBR_DEFS))
 HOSTCCFLAGS += ${DEFINES}
 
 # Make soft links and include from local directory otherwise wrong headers
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 39b45b58e..6db9b579d 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -49,7 +49,6 @@ int cert_init(void);
 cert_t *cert_get_by_opt(const char *opt);
 int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
 int cert_new(
-	int key_alg,
 	int md_alg,
 	cert_t *cert,
 	int days,
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index 310a77f3e..d96d9839a 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -9,8 +9,6 @@
 
 #include <openssl/ossl_typ.h>
 
-#define RSA_KEY_BITS		2048
-
 /* Error codes */
 enum {
 	KEY_ERR_NONE,
@@ -23,13 +21,15 @@ enum {
 /* Supported key algorithms */
 enum {
 	KEY_ALG_RSA,		/* RSA PSS as defined by PKCS#1 v2.1 (default) */
-	KEY_ALG_RSA_1_5,	/* RSA as defined by PKCS#1 v1.5 */
 #ifndef OPENSSL_NO_EC
 	KEY_ALG_ECDSA,
 #endif /* OPENSSL_NO_EC */
 	KEY_ALG_MAX_NUM
 };
 
+/* Maximum number of valid key sizes per algorithm */
+#define KEY_SIZE_MAX_NUM	4
+
 /* Supported hash algorithms */
 enum{
 	HASH_ALG_SHA256,
@@ -37,6 +37,15 @@ enum{
 	HASH_ALG_SHA512,
 };
 
+/* Supported key sizes */
+/* NOTE: the first item in each array is the default key size */
+static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
+	{ 2048, 1024, 3072, 4096 },	/* KEY_ALG_RSA */
+#ifndef OPENSSL_NO_EC
+	{}				/* KEY_ALG_ECDSA */
+#endif /* OPENSSL_NO_EC */
+};
+
 /*
  * This structure contains the relevant information to create the keys
  * required to sign the certificates.
@@ -58,7 +67,7 @@ typedef struct key_s {
 int key_init(void);
 key_t *key_get_by_opt(const char *opt);
 int key_new(key_t *key);
-int key_create(key_t *key, int type);
+int key_create(key_t *key, int type, int key_bits);
 int key_load(key_t *key, unsigned int *err_code);
 int key_store(key_t *key);
 
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 8e8aee699..153f5557d 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -15,12 +15,6 @@
 #include <openssl/sha.h>
 #include <openssl/x509v3.h>
 
-#if USE_TBBR_DEFS
-#include <tbbr_oid.h>
-#else
-#include <platform_oid.h>
-#endif
-
 #include "cert.h"
 #include "cmd_opt.h"
 #include "debug.h"
@@ -93,7 +87,6 @@ int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value)
 }
 
 int cert_new(
-	int key_alg,
 	int md_alg,
 	cert_t *cert,
 	int days,
@@ -143,10 +136,10 @@ int cert_new(
 	}
 
 	/*
-	 * Set additional parameters if algorithm is RSA PSS. This is not
-	 * required for RSA 1.5 or ECDSA.
+	 * Set additional parameters if issuing public key algorithm is RSA.
+	 * This is not required for ECDSA.
 	 */
-	if (key_alg == KEY_ALG_RSA) {
+	if (EVP_PKEY_base_id(ikey) == EVP_PKEY_RSA) {
 		if (!EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, RSA_PKCS1_PSS_PADDING)) {
 			ERR_print_errors_fp(stdout);
 			goto END;
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 055ddbfd0..d9a92bb10 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -33,11 +33,11 @@ DECLARE_ASN1_FUNCTIONS(HASH)
 IMPLEMENT_ASN1_FUNCTIONS(HASH)
 
 /*
- * This function adds the TBB extensions to the internal extension list
+ * This function adds the CoT extensions to the internal extension list
  * maintained by OpenSSL so they can be used later.
  *
  * It also initializes the methods to print the contents of the extension. If an
- * alias is specified in the TBB extension, we reuse the methods of the alias.
+ * alias is specified in the CoT extension, we reuse the methods of the alias.
  * Otherwise, only methods for V_ASN1_INTEGER and V_ASN1_OCTET_STRING are
  * provided. Any other type will be printed as a raw ascii string.
  *
@@ -284,6 +284,7 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k)
 	ex = ext_new(nid, crit, p, sz);
 
 	/* Clean up */
+	BIO_free(mem);
 	OPENSSL_free(p);
 
 	return ex;
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 871f9ee8b..fcc9d5316 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -13,12 +13,6 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
-#if USE_TBBR_DEFS
-#include <tbbr_oid.h>
-#else
-#include <platform_oid.h>
-#endif
-
 #include "cert.h"
 #include "cmd_opt.h"
 #include "debug.h"
@@ -41,7 +35,7 @@ int key_new(key_t *key)
 	return 1;
 }
 
-static int key_create_rsa(key_t *key)
+static int key_create_rsa(key_t *key, int key_bits)
 {
 	BIGNUM *e;
 	RSA *rsa = NULL;
@@ -63,7 +57,7 @@ static int key_create_rsa(key_t *key)
 		goto err;
 	}
 
-	if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
+	if (!RSA_generate_key_ex(rsa, key_bits, e, NULL)) {
 		printf("Cannot generate RSA key\n");
 		goto err;
 	}
@@ -73,6 +67,7 @@ static int key_create_rsa(key_t *key)
 		goto err;
 	}
 
+	BN_free(e);
 	return 1;
 err:
 	RSA_free(rsa);
@@ -81,7 +76,7 @@ err:
 }
 
 #ifndef OPENSSL_NO_EC
-static int key_create_ecdsa(key_t *key)
+static int key_create_ecdsa(key_t *key, int key_bits)
 {
 	EC_KEY *ec;
 
@@ -108,16 +103,15 @@ err:
 }
 #endif /* OPENSSL_NO_EC */
 
-typedef int (*key_create_fn_t)(key_t *key);
+typedef int (*key_create_fn_t)(key_t *key, int key_bits);
 static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
 	key_create_rsa, 	/* KEY_ALG_RSA */
-	key_create_rsa, 	/* KEY_ALG_RSA_1_5 */
 #ifndef OPENSSL_NO_EC
 	key_create_ecdsa, 	/* KEY_ALG_ECDSA */
 #endif /* OPENSSL_NO_EC */
 };
 
-int key_create(key_t *key, int type)
+int key_create(key_t *key, int type, int key_bits)
 {
 	if (type >= KEY_ALG_MAX_NUM) {
 		printf("Invalid key type\n");
@@ -125,7 +119,7 @@ int key_create(key_t *key, int type)
 	}
 
 	if (key_create_fn[type]) {
-		return key_create_fn[type](key);
+		return key_create_fn[type](key, key_bits);
 	}
 
 	return 0;
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index ed566207c..2ba110132 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdbool.h>
 
 #include <openssl/conf.h>
 #include <openssl/engine.h>
@@ -18,21 +19,12 @@
 #include <openssl/sha.h>
 #include <openssl/x509v3.h>
 
-#if USE_TBBR_DEFS
-#include <tbbr_oid.h>
-#else
-#include <platform_oid.h>
-#endif
-
 #include "cert.h"
 #include "cmd_opt.h"
 #include "debug.h"
 #include "ext.h"
 #include "key.h"
 #include "sha.h"
-#include "tbbr/tbb_cert.h"
-#include "tbbr/tbb_ext.h"
-#include "tbbr/tbb_key.h"
 
 /*
  * Helper macros to simplify the code. This macro assigns the return value of
@@ -55,7 +47,7 @@
 	do { \
 		v = OBJ_txt2nid(oid); \
 		if (v == NID_undef) { \
-			ERROR("Cannot find TBB extension %s\n", oid); \
+			ERROR("Cannot find extension %s\n", oid); \
 			exit(1); \
 		} \
 	} while (0)
@@ -69,6 +61,7 @@
 /* Global options */
 static int key_alg;
 static int hash_alg;
+static int key_size;
 static int new_keys;
 static int save_keys;
 static int print_cert;
@@ -90,7 +83,6 @@ static char *strdup(const char *str)
 
 static const char *key_algs_str[] = {
 	[KEY_ALG_RSA] = "rsa",
-	[KEY_ALG_RSA_1_5] = "rsa_1_5",
 #ifndef OPENSSL_NO_EC
 	[KEY_ALG_ECDSA] = "ecdsa"
 #endif /* OPENSSL_NO_EC */
@@ -155,6 +147,18 @@ static int get_key_alg(const char *key_alg_str)
 	return -1;
 }
 
+static int get_key_size(const char *key_size_str)
+{
+	char *end;
+	long key_size;
+
+	key_size = strtol(key_size_str, &end, 10);
+	if (*end != '\0')
+		return -1;
+
+	return key_size;
+}
+
 static int get_hash_alg(const char *hash_alg_str)
 {
 	int i;
@@ -174,6 +178,7 @@ static void check_cmd_params(void)
 	ext_t *ext;
 	key_t *key;
 	int i, j;
+	bool valid_size;
 
 	/* Only save new keys */
 	if (save_keys && !new_keys) {
@@ -181,6 +186,26 @@ static void check_cmd_params(void)
 		exit(1);
 	}
 
+	/* Validate key-size */
+	valid_size = false;
+	for (i = 0; i < KEY_SIZE_MAX_NUM; i++) {
+		if (key_size == KEY_SIZES[key_alg][i]) {
+			valid_size = true;
+			break;
+		}
+	}
+	if (!valid_size) {
+		ERROR("'%d' is not a valid key size for '%s'\n",
+				key_size, key_algs_str[key_alg]);
+		NOTICE("Valid sizes are: ");
+		for (i = 0; i < KEY_SIZE_MAX_NUM &&
+				KEY_SIZES[key_alg][i] != 0; i++) {
+			printf("%d ", KEY_SIZES[key_alg][i]);
+		}
+		printf("\n");
+		exit(1);
+	}
+
 	/* Check that all required options have been specified in the
 	 * command line */
 	for (i = 0; i < num_certs; i++) {
@@ -242,8 +267,11 @@ static const cmd_opt_t common_cmd_opt[] = {
 	},
 	{
 		{ "key-alg", required_argument, NULL, 'a' },
-		"Key algorithm: 'rsa' (default) - RSAPSS scheme as per \
-PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'"
+		"Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, 'ecdsa'"
+	},
+	{
+		{ "key-size", required_argument, NULL, 'b' },
+		"Key size (for supported algorithms)."
 	},
 	{
 		{ "hash-alg", required_argument, NULL, 's' },
@@ -286,6 +314,7 @@ int main(int argc, char *argv[])
 	/* Set default options */
 	key_alg = KEY_ALG_RSA;
 	hash_alg = HASH_ALG_SHA256;
+	key_size = -1;
 
 	/* Add common command line options */
 	for (i = 0; i < NUM_ELEM(common_cmd_opt); i++) {
@@ -306,7 +335,7 @@ int main(int argc, char *argv[])
 
 	/* Initialize the new types and register OIDs for the extensions */
 	if (ext_init() != 0) {
-		ERROR("Cannot initialize TBB extensions\n");
+		ERROR("Cannot initialize extensions\n");
 		exit(1);
 	}
 
@@ -315,7 +344,7 @@ int main(int argc, char *argv[])
 
 	while (1) {
 		/* getopt_long stores the option index here. */
-		c = getopt_long(argc, argv, "a:hknps:", cmd_opt, &opt_idx);
+		c = getopt_long(argc, argv, "a:b:hknps:", cmd_opt, &opt_idx);
 
 		/* Detect the end of the options. */
 		if (c == -1) {
@@ -330,6 +359,13 @@ int main(int argc, char *argv[])
 				exit(1);
 			}
 			break;
+		case 'b':
+			key_size = get_key_size(optarg);
+			if (key_size <= 0) {
+				ERROR("Invalid key size '%s'\n", optarg);
+				exit(1);
+			}
+			break;
 		case 'h':
 			print_help(argv[0], cmd_opt);
 			exit(0);
@@ -371,6 +407,11 @@ int main(int argc, char *argv[])
 		}
 	}
 
+	/* Select a reasonable default key-size */
+	if (key_size == -1) {
+		key_size = KEY_SIZES[key_alg][0];
+	}
+
 	/* Check command line arguments */
 	check_cmd_params();
 
@@ -413,7 +454,7 @@ int main(int argc, char *argv[])
 		if (new_keys) {
 			/* Try to create a new key */
 			NOTICE("Creating new key for '%s'\n", keys[i].desc);
-			if (!key_create(&keys[i], key_alg)) {
+			if (!key_create(&keys[i], key_alg, key_size)) {
 				ERROR("Error creating key '%s'\n", keys[i].desc);
 				exit(1);
 			}
@@ -493,7 +534,7 @@ int main(int argc, char *argv[])
 		}
 
 		/* Create certificate. Signed with corresponding key */
-		if (cert->fn && !cert_new(key_alg, hash_alg, cert, VAL_DAYS, 0, sk)) {
+		if (cert->fn && !cert_new(hash_alg, cert, VAL_DAYS, 0, sk)) {
 			ERROR("Cannot create %s\n", cert->cn);
 			exit(1);
 		}
diff --git a/tools/cert_create/src/tbbr/tbbr.mk b/tools/cert_create/src/tbbr/tbbr.mk
new file mode 100644
index 000000000..ee82d31e3
--- /dev/null
+++ b/tools/cert_create/src/tbbr/tbbr.mk
@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+USE_TBBR_DEFS   := 1
+$(eval $(call add_define,USE_TBBR_DEFS))
+
+ifeq (${USE_TBBR_DEFS},1)
+# In this case, cert_tool is platform-independent
+PLAT_MSG		:=	TBBR Generic
+PLAT_INCLUDE		:=	../../include/tools_share
+else
+PLAT_MSG		:=	${PLAT}
+
+TF_PLATFORM_ROOT	:=	../../plat/
+include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
+
+PLAT_INCLUDE		:=	$(wildcard ${PLAT_DIR}include)
+
+ifeq ($(PLAT_INCLUDE),)
+  $(error "Error: Invalid platform '${PLAT}' has no include directory.")
+endif
+endif
+
+OBJECTS += src/tbbr/tbb_cert.o \
+           src/tbbr/tbb_ext.o \
+           src/tbbr/tbb_key.o
diff --git a/tools/memory/print_memory_map.py b/tools/memory/print_memory_map.py
new file mode 100755
index 000000000..35cccd38c
--- /dev/null
+++ b/tools/memory/print_memory_map.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+#
+# Copyright (c) 2019, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+import re
+import os
+import sys
+import operator
+
+# List of folder/map to parse
+bl_images = ['bl1', 'bl2', 'bl31']
+
+# List of symbols to search for
+blx_symbols = ['__BL1_RAM_START__', '__BL1_RAM_END__',
+                '__BL2_END__',
+                '__BL31_END__',
+                '__TEXT_START__', '__TEXT_END__',
+                '__RODATA_START__', '__RODATA_END__',
+                '__DATA_START__', '__DATA_END__',
+                '__STACKS_START__', '__STACKS_END__',
+                '__BSS_END',
+               ]
+
+# Regex to extract address from map file
+address_pattern = re.compile(r"\b0x\w*")
+
+# List of found element: [address, symbol, file]
+address_list = []
+
+# Get the directory from command line or use a default one
+if len(sys.argv) >= 2:
+    build_dir = sys.argv[1]
+else:
+    build_dir = 'build/fvp/debug'
+
+# Extract all the required symbols from the map files
+for image in bl_images:
+    file_path = os.path.join(build_dir, image, '{}.map'.format(image))
+    if os.path.isfile(file_path):
+        with open (file_path, 'rt') as mapfile:
+            for line in mapfile:
+                for symbol in blx_symbols:
+                    if line.find(symbol) > 0 and line.find("ASSERT") < 0:
+                        # Extract address from line
+                        match = address_pattern.search(line)
+                        if match:
+                            address_list.append([match.group(0), symbol, image])
+
+# Sort by address
+address_list.sort(key=operator.itemgetter(0))
+
+# Generate memory view
+print('{:-^87}'.format('Memory Map from: ' + build_dir))
+for address in reversed(address_list):
+    if "bl1" in address[2]:
+        print(address[0], '+{:-^20}+ |{:^20}| |{:^20}|'.format(address[1], '', ''))
+    elif "bl2" in address[2]:
+        print(address[0], '|{:^20}| +{:-^20}+ |{:^20}|'.format('', address[1], ''))
+    elif "bl31" in address[2]:
+        print(address[0], '|{:^20}| |{:^20}| +{:-^20}+'.format('', '', address[1]))
+    else:
+        print(address[0], '|{:^20}| |{:^20}| +{:-^20}+'.format('', '', address[1]))
+
+print('{:^20}{:_^20}   {:_^20}   {:_^20}'.format('', '', '', ''))
+print('{:^20}{:^20}   {:^20}   {:^20}'.format('address', 'bl1', 'bl2', 'bl31'))