diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/amlogic/Makefile (renamed from tools/meson/Makefile) | 0 | ||||
| -rw-r--r-- | tools/amlogic/doimage.c (renamed from tools/meson/doimage.c) | 0 | ||||
| -rw-r--r-- | tools/cert_create/Makefile | 42 | ||||
| -rw-r--r-- | tools/cert_create/include/cert.h | 3 | ||||
| -rw-r--r-- | tools/cert_create/include/key.h | 19 | ||||
| -rw-r--r-- | tools/cert_create/src/cert.c | 15 | ||||
| -rw-r--r-- | tools/cert_create/src/ext.c | 7 | ||||
| -rw-r--r-- | tools/cert_create/src/key.c | 22 | ||||
| -rw-r--r-- | tools/cert_create/src/main.c | 77 | ||||
| -rw-r--r-- | tools/cert_create/src/tbbr/tbbr.mk | 29 | ||||
| -rwxr-xr-x | tools/memory/print_memory_map.py | 68 |
11 files changed, 202 insertions, 80 deletions
diff --git a/tools/meson/Makefile b/tools/amlogic/Makefile index 1a1d1f812..1a1d1f812 100644 --- a/tools/meson/Makefile +++ b/tools/amlogic/Makefile diff --git a/tools/meson/doimage.c b/tools/amlogic/doimage.c index b304038d1..b304038d1 100644 --- a/tools/meson/doimage.c +++ b/tools/amlogic/doimage.c diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile index c03629a00..eff929ef0 100644 --- a/tools/cert_create/Makefile +++ b/tools/cert_create/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -10,53 +10,41 @@ V ?= 0 DEBUG := 0 BINARY := ${PROJECT}${BIN_EXT} OPENSSL_DIR := /usr -USE_TBBR_DEFS := 1 +COT := tbbr +MAKE_HELPERS_DIRECTORY := ../../make_helpers/ +include ${MAKE_HELPERS_DIRECTORY}build_macros.mk +include ${MAKE_HELPERS_DIRECTORY}build_env.mk + +# Common source files. OBJECTS := src/cert.o \ src/cmd_opt.o \ src/ext.o \ src/key.o \ src/main.o \ - src/sha.o \ - src/tbbr/tbb_cert.o \ - src/tbbr/tbb_ext.o \ - src/tbbr/tbb_key.o + src/sha.o -HOSTCCFLAGS := -Wall -std=c99 - -MAKE_HELPERS_DIRECTORY := ../../make_helpers/ -include ${MAKE_HELPERS_DIRECTORY}build_macros.mk -include ${MAKE_HELPERS_DIRECTORY}build_env.mk - -ifeq (${USE_TBBR_DEFS},1) -# In this case, cert_tool is platform-independent -PLAT_MSG := TBBR Generic -PLAT_INCLUDE := ../../include/tools_share +# Chain of trust. +ifeq (${COT},tbbr) + include src/tbbr/tbbr.mk else -PLAT_MSG := ${PLAT} - -TF_PLATFORM_ROOT := ../../plat/ -include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk - -PLAT_INCLUDE := $(wildcard ${PLAT_DIR}include) - -ifeq ($(PLAT_INCLUDE),) - $(error "Error: Invalid platform '${PLAT}' has no include directory.") -endif + $(error Unknown chain of trust ${COT}) endif +HOSTCCFLAGS := -Wall -std=c99 + ifeq (${DEBUG},1) HOSTCCFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40 else HOSTCCFLAGS += -O2 -DLOG_LEVEL=20 endif + ifeq (${V},0) Q := @ else Q := endif -$(eval $(call add_define,USE_TBBR_DEFS)) HOSTCCFLAGS += ${DEFINES} # Make soft links and include from local directory otherwise wrong headers diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h index 39b45b58e..6db9b579d 100644 --- a/tools/cert_create/include/cert.h +++ b/tools/cert_create/include/cert.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -49,7 +49,6 @@ int cert_init(void); cert_t *cert_get_by_opt(const char *opt); int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); int cert_new( - int key_alg, int md_alg, cert_t *cert, int days, diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h index 310a77f3e..d96d9839a 100644 --- a/tools/cert_create/include/key.h +++ b/tools/cert_create/include/key.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,8 +9,6 @@ #include <openssl/ossl_typ.h> -#define RSA_KEY_BITS 2048 - /* Error codes */ enum { KEY_ERR_NONE, @@ -23,13 +21,15 @@ enum { /* Supported key algorithms */ enum { KEY_ALG_RSA, /* RSA PSS as defined by PKCS#1 v2.1 (default) */ - KEY_ALG_RSA_1_5, /* RSA as defined by PKCS#1 v1.5 */ #ifndef OPENSSL_NO_EC KEY_ALG_ECDSA, #endif /* OPENSSL_NO_EC */ KEY_ALG_MAX_NUM }; +/* Maximum number of valid key sizes per algorithm */ +#define KEY_SIZE_MAX_NUM 4 + /* Supported hash algorithms */ enum{ HASH_ALG_SHA256, @@ -37,6 +37,15 @@ enum{ HASH_ALG_SHA512, }; +/* Supported key sizes */ +/* NOTE: the first item in each array is the default key size */ +static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = { + { 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA */ +#ifndef OPENSSL_NO_EC + {} /* KEY_ALG_ECDSA */ +#endif /* OPENSSL_NO_EC */ +}; + /* * This structure contains the relevant information to create the keys * required to sign the certificates. @@ -58,7 +67,7 @@ typedef struct key_s { int key_init(void); key_t *key_get_by_opt(const char *opt); int key_new(key_t *key); -int key_create(key_t *key, int type); +int key_create(key_t *key, int type, int key_bits); int key_load(key_t *key, unsigned int *err_code); int key_store(key_t *key); diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c index 8e8aee699..153f5557d 100644 --- a/tools/cert_create/src/cert.c +++ b/tools/cert_create/src/cert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,12 +15,6 @@ #include <openssl/sha.h> #include <openssl/x509v3.h> -#if USE_TBBR_DEFS -#include <tbbr_oid.h> -#else -#include <platform_oid.h> -#endif - #include "cert.h" #include "cmd_opt.h" #include "debug.h" @@ -93,7 +87,6 @@ int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value) } int cert_new( - int key_alg, int md_alg, cert_t *cert, int days, @@ -143,10 +136,10 @@ int cert_new( } /* - * Set additional parameters if algorithm is RSA PSS. This is not - * required for RSA 1.5 or ECDSA. + * Set additional parameters if issuing public key algorithm is RSA. + * This is not required for ECDSA. */ - if (key_alg == KEY_ALG_RSA) { + if (EVP_PKEY_base_id(ikey) == EVP_PKEY_RSA) { if (!EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, RSA_PKCS1_PSS_PADDING)) { ERR_print_errors_fp(stdout); goto END; diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c index 055ddbfd0..d9a92bb10 100644 --- a/tools/cert_create/src/ext.c +++ b/tools/cert_create/src/ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -33,11 +33,11 @@ DECLARE_ASN1_FUNCTIONS(HASH) IMPLEMENT_ASN1_FUNCTIONS(HASH) /* - * This function adds the TBB extensions to the internal extension list + * This function adds the CoT extensions to the internal extension list * maintained by OpenSSL so they can be used later. * * It also initializes the methods to print the contents of the extension. If an - * alias is specified in the TBB extension, we reuse the methods of the alias. + * alias is specified in the CoT extension, we reuse the methods of the alias. * Otherwise, only methods for V_ASN1_INTEGER and V_ASN1_OCTET_STRING are * provided. Any other type will be printed as a raw ascii string. * @@ -284,6 +284,7 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k) ex = ext_new(nid, crit, p, sz); /* Clean up */ + BIO_free(mem); OPENSSL_free(p); return ex; diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index 871f9ee8b..fcc9d5316 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,12 +13,6 @@ #include <openssl/evp.h> #include <openssl/pem.h> -#if USE_TBBR_DEFS -#include <tbbr_oid.h> -#else -#include <platform_oid.h> -#endif - #include "cert.h" #include "cmd_opt.h" #include "debug.h" @@ -41,7 +35,7 @@ int key_new(key_t *key) return 1; } -static int key_create_rsa(key_t *key) +static int key_create_rsa(key_t *key, int key_bits) { BIGNUM *e; RSA *rsa = NULL; @@ -63,7 +57,7 @@ static int key_create_rsa(key_t *key) goto err; } - if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) { + if (!RSA_generate_key_ex(rsa, key_bits, e, NULL)) { printf("Cannot generate RSA key\n"); goto err; } @@ -73,6 +67,7 @@ static int key_create_rsa(key_t *key) goto err; } + BN_free(e); return 1; err: RSA_free(rsa); @@ -81,7 +76,7 @@ err: } #ifndef OPENSSL_NO_EC -static int key_create_ecdsa(key_t *key) +static int key_create_ecdsa(key_t *key, int key_bits) { EC_KEY *ec; @@ -108,16 +103,15 @@ err: } #endif /* OPENSSL_NO_EC */ -typedef int (*key_create_fn_t)(key_t *key); +typedef int (*key_create_fn_t)(key_t *key, int key_bits); static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = { key_create_rsa, /* KEY_ALG_RSA */ - key_create_rsa, /* KEY_ALG_RSA_1_5 */ #ifndef OPENSSL_NO_EC key_create_ecdsa, /* KEY_ALG_ECDSA */ #endif /* OPENSSL_NO_EC */ }; -int key_create(key_t *key, int type) +int key_create(key_t *key, int type, int key_bits) { if (type >= KEY_ALG_MAX_NUM) { printf("Invalid key type\n"); @@ -125,7 +119,7 @@ int key_create(key_t *key, int type) } if (key_create_fn[type]) { - return key_create_fn[type](key); + return key_create_fn[type](key, key_bits); } return 0; diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index ed566207c..2ba110132 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <stdbool.h> #include <openssl/conf.h> #include <openssl/engine.h> @@ -18,21 +19,12 @@ #include <openssl/sha.h> #include <openssl/x509v3.h> -#if USE_TBBR_DEFS -#include <tbbr_oid.h> -#else -#include <platform_oid.h> -#endif - #include "cert.h" #include "cmd_opt.h" #include "debug.h" #include "ext.h" #include "key.h" #include "sha.h" -#include "tbbr/tbb_cert.h" -#include "tbbr/tbb_ext.h" -#include "tbbr/tbb_key.h" /* * Helper macros to simplify the code. This macro assigns the return value of @@ -55,7 +47,7 @@ do { \ v = OBJ_txt2nid(oid); \ if (v == NID_undef) { \ - ERROR("Cannot find TBB extension %s\n", oid); \ + ERROR("Cannot find extension %s\n", oid); \ exit(1); \ } \ } while (0) @@ -69,6 +61,7 @@ /* Global options */ static int key_alg; static int hash_alg; +static int key_size; static int new_keys; static int save_keys; static int print_cert; @@ -90,7 +83,6 @@ static char *strdup(const char *str) static const char *key_algs_str[] = { [KEY_ALG_RSA] = "rsa", - [KEY_ALG_RSA_1_5] = "rsa_1_5", #ifndef OPENSSL_NO_EC [KEY_ALG_ECDSA] = "ecdsa" #endif /* OPENSSL_NO_EC */ @@ -155,6 +147,18 @@ static int get_key_alg(const char *key_alg_str) return -1; } +static int get_key_size(const char *key_size_str) +{ + char *end; + long key_size; + + key_size = strtol(key_size_str, &end, 10); + if (*end != '\0') + return -1; + + return key_size; +} + static int get_hash_alg(const char *hash_alg_str) { int i; @@ -174,6 +178,7 @@ static void check_cmd_params(void) ext_t *ext; key_t *key; int i, j; + bool valid_size; /* Only save new keys */ if (save_keys && !new_keys) { @@ -181,6 +186,26 @@ static void check_cmd_params(void) exit(1); } + /* Validate key-size */ + valid_size = false; + for (i = 0; i < KEY_SIZE_MAX_NUM; i++) { + if (key_size == KEY_SIZES[key_alg][i]) { + valid_size = true; + break; + } + } + if (!valid_size) { + ERROR("'%d' is not a valid key size for '%s'\n", + key_size, key_algs_str[key_alg]); + NOTICE("Valid sizes are: "); + for (i = 0; i < KEY_SIZE_MAX_NUM && + KEY_SIZES[key_alg][i] != 0; i++) { + printf("%d ", KEY_SIZES[key_alg][i]); + } + printf("\n"); + exit(1); + } + /* Check that all required options have been specified in the * command line */ for (i = 0; i < num_certs; i++) { @@ -242,8 +267,11 @@ static const cmd_opt_t common_cmd_opt[] = { }, { { "key-alg", required_argument, NULL, 'a' }, - "Key algorithm: 'rsa' (default) - RSAPSS scheme as per \ -PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'" + "Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, 'ecdsa'" + }, + { + { "key-size", required_argument, NULL, 'b' }, + "Key size (for supported algorithms)." }, { { "hash-alg", required_argument, NULL, 's' }, @@ -286,6 +314,7 @@ int main(int argc, char *argv[]) /* Set default options */ key_alg = KEY_ALG_RSA; hash_alg = HASH_ALG_SHA256; + key_size = -1; /* Add common command line options */ for (i = 0; i < NUM_ELEM(common_cmd_opt); i++) { @@ -306,7 +335,7 @@ int main(int argc, char *argv[]) /* Initialize the new types and register OIDs for the extensions */ if (ext_init() != 0) { - ERROR("Cannot initialize TBB extensions\n"); + ERROR("Cannot initialize extensions\n"); exit(1); } @@ -315,7 +344,7 @@ int main(int argc, char *argv[]) while (1) { /* getopt_long stores the option index here. */ - c = getopt_long(argc, argv, "a:hknps:", cmd_opt, &opt_idx); + c = getopt_long(argc, argv, "a:b:hknps:", cmd_opt, &opt_idx); /* Detect the end of the options. */ if (c == -1) { @@ -330,6 +359,13 @@ int main(int argc, char *argv[]) exit(1); } break; + case 'b': + key_size = get_key_size(optarg); + if (key_size <= 0) { + ERROR("Invalid key size '%s'\n", optarg); + exit(1); + } + break; case 'h': print_help(argv[0], cmd_opt); exit(0); @@ -371,6 +407,11 @@ int main(int argc, char *argv[]) } } + /* Select a reasonable default key-size */ + if (key_size == -1) { + key_size = KEY_SIZES[key_alg][0]; + } + /* Check command line arguments */ check_cmd_params(); @@ -413,7 +454,7 @@ int main(int argc, char *argv[]) if (new_keys) { /* Try to create a new key */ NOTICE("Creating new key for '%s'\n", keys[i].desc); - if (!key_create(&keys[i], key_alg)) { + if (!key_create(&keys[i], key_alg, key_size)) { ERROR("Error creating key '%s'\n", keys[i].desc); exit(1); } @@ -493,7 +534,7 @@ int main(int argc, char *argv[]) } /* Create certificate. Signed with corresponding key */ - if (cert->fn && !cert_new(key_alg, hash_alg, cert, VAL_DAYS, 0, sk)) { + if (cert->fn && !cert_new(hash_alg, cert, VAL_DAYS, 0, sk)) { ERROR("Cannot create %s\n", cert->cn); exit(1); } diff --git a/tools/cert_create/src/tbbr/tbbr.mk b/tools/cert_create/src/tbbr/tbbr.mk new file mode 100644 index 000000000..ee82d31e3 --- /dev/null +++ b/tools/cert_create/src/tbbr/tbbr.mk @@ -0,0 +1,29 @@ +# +# Copyright (c) 2020, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +USE_TBBR_DEFS := 1 +$(eval $(call add_define,USE_TBBR_DEFS)) + +ifeq (${USE_TBBR_DEFS},1) +# In this case, cert_tool is platform-independent +PLAT_MSG := TBBR Generic +PLAT_INCLUDE := ../../include/tools_share +else +PLAT_MSG := ${PLAT} + +TF_PLATFORM_ROOT := ../../plat/ +include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk + +PLAT_INCLUDE := $(wildcard ${PLAT_DIR}include) + +ifeq ($(PLAT_INCLUDE),) + $(error "Error: Invalid platform '${PLAT}' has no include directory.") +endif +endif + +OBJECTS += src/tbbr/tbb_cert.o \ + src/tbbr/tbb_ext.o \ + src/tbbr/tbb_key.o diff --git a/tools/memory/print_memory_map.py b/tools/memory/print_memory_map.py new file mode 100755 index 000000000..35cccd38c --- /dev/null +++ b/tools/memory/print_memory_map.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python3 +# +# Copyright (c) 2019, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +import re +import os +import sys +import operator + +# List of folder/map to parse +bl_images = ['bl1', 'bl2', 'bl31'] + +# List of symbols to search for +blx_symbols = ['__BL1_RAM_START__', '__BL1_RAM_END__', + '__BL2_END__', + '__BL31_END__', + '__TEXT_START__', '__TEXT_END__', + '__RODATA_START__', '__RODATA_END__', + '__DATA_START__', '__DATA_END__', + '__STACKS_START__', '__STACKS_END__', + '__BSS_END', + ] + +# Regex to extract address from map file +address_pattern = re.compile(r"\b0x\w*") + +# List of found element: [address, symbol, file] +address_list = [] + +# Get the directory from command line or use a default one +if len(sys.argv) >= 2: + build_dir = sys.argv[1] +else: + build_dir = 'build/fvp/debug' + +# Extract all the required symbols from the map files +for image in bl_images: + file_path = os.path.join(build_dir, image, '{}.map'.format(image)) + if os.path.isfile(file_path): + with open (file_path, 'rt') as mapfile: + for line in mapfile: + for symbol in blx_symbols: + if line.find(symbol) > 0 and line.find("ASSERT") < 0: + # Extract address from line + match = address_pattern.search(line) + if match: + address_list.append([match.group(0), symbol, image]) + +# Sort by address +address_list.sort(key=operator.itemgetter(0)) + +# Generate memory view +print('{:-^87}'.format('Memory Map from: ' + build_dir)) +for address in reversed(address_list): + if "bl1" in address[2]: + print(address[0], '+{:-^20}+ |{:^20}| |{:^20}|'.format(address[1], '', '')) + elif "bl2" in address[2]: + print(address[0], '|{:^20}| +{:-^20}+ |{:^20}|'.format('', address[1], '')) + elif "bl31" in address[2]: + print(address[0], '|{:^20}| |{:^20}| +{:-^20}+'.format('', '', address[1])) + else: + print(address[0], '|{:^20}| |{:^20}| +{:-^20}+'.format('', '', address[1])) + +print('{:^20}{:_^20} {:_^20} {:_^20}'.format('', '', '', '')) +print('{:^20}{:^20} {:^20} {:^20}'.format('address', 'bl1', 'bl2', 'bl31')) |