From 47939f67252edc6295268dfebff24b5450eaba85 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 6 Jan 2020 15:45:22 +0100 Subject: coverity: debugfs devfip remove comparisons to LONG_MAX CID 353228: Integer handling issues (CONSTANT_EXPRESSION_RESULT) The checks on size and offset_address in get_entry always resolve to false provided those fields are long long int and cannot be greater than LONG_MAX. Signed-off-by: Olivier Deprez Change-Id: I0fac485a39ac4a40ae8c0d25a706ad74c795e130 --- lib/debugfs/devfip.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lib/debugfs/devfip.c') diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c index 5581b219f..fc14e707e 100644 --- a/lib/debugfs/devfip.c +++ b/lib/debugfs/devfip.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Arm Limited. All rights reserved. + * Copyright (c) 2019-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -103,10 +103,6 @@ static int get_entry(chan_t *c, struct fip_entry *entry) return -1; } - if ((entry->size > LONG_MAX) || (entry->offset_address > LONG_MAX)) { - return -1; - } - if (entry->size == 0) { return 0; } -- cgit v1.2.3 From 0792dd7d64d1056fae05eab8cebe91ffc993923e Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Fri, 22 May 2020 12:27:28 +0100 Subject: cert_create: add SiP owned secure partitions support Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d --- lib/debugfs/devfip.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/debugfs/devfip.c') diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c index fc14e707e..70ac3bc04 100644 --- a/lib/debugfs/devfip.c +++ b/lib/debugfs/devfip.c @@ -74,7 +74,8 @@ static const struct uuidnames uuidnames[] = { {"tos-fw.cfg", UUID_TOS_FW_CONFIG}, {"nt-fw.cfg", UUID_NT_FW_CONFIG}, {"rot-k.crt", UUID_ROT_KEY_CERT}, - {"nt-k.crt", UUID_NON_TRUSTED_WORLD_KEY_CERT} + {"nt-k.crt", UUID_NON_TRUSTED_WORLD_KEY_CERT}, + {"sip-sp.crt", UUID_SIP_SECURE_PARTITION_CONTENT_CERT} }; /******************************************************************************* -- cgit v1.2.3 From ce10f9f4629181ce9cb0b574c9cde1fad94a5027 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Thu, 11 Jun 2020 21:02:03 +0100 Subject: fiptool: Add fw_config in FIP Added support in fiptool to include fw_config image in FIP. Signed-off-by: Manish V Badarkhe Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc --- lib/debugfs/devfip.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/debugfs/devfip.c') diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c index 70ac3bc04..b0ee39a11 100644 --- a/lib/debugfs/devfip.c +++ b/lib/debugfs/devfip.c @@ -73,6 +73,7 @@ static const struct uuidnames uuidnames[] = { {"soc-fw.cfg", UUID_SOC_FW_CONFIG}, {"tos-fw.cfg", UUID_TOS_FW_CONFIG}, {"nt-fw.cfg", UUID_NT_FW_CONFIG}, + {"fw.cfg", UUID_FW_CONFIG}, {"rot-k.crt", UUID_ROT_KEY_CERT}, {"nt-k.crt", UUID_NON_TRUSTED_WORLD_KEY_CERT}, {"sip-sp.crt", UUID_SIP_SECURE_PARTITION_CONTENT_CERT} -- cgit v1.2.3 From 23d5f03ad00a7a815555d52a15f34fdcc958cccd Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Fri, 24 Jul 2020 16:43:54 +0100 Subject: cert_create: add Platform owned secure partitions support Add support to generate a certificate named "plat-sp-cert" for Secure Partitions(SP) owned by Platform. Earlier a single certificate file "sip-sp-cert" was generated which contained hash of all 8 SPs, with this change SPs are divided into two categories viz "SiP owned" and "Plat owned" containing 4 SPs each. Platform RoT key pair is used for signing. Signed-off-by: Manish Pandey Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6 --- lib/debugfs/devfip.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/debugfs/devfip.c') diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c index b0ee39a11..d8b83b7a4 100644 --- a/lib/debugfs/devfip.c +++ b/lib/debugfs/devfip.c @@ -76,7 +76,8 @@ static const struct uuidnames uuidnames[] = { {"fw.cfg", UUID_FW_CONFIG}, {"rot-k.crt", UUID_ROT_KEY_CERT}, {"nt-k.crt", UUID_NON_TRUSTED_WORLD_KEY_CERT}, - {"sip-sp.crt", UUID_SIP_SECURE_PARTITION_CONTENT_CERT} + {"sip-sp.crt", UUID_SIP_SECURE_PARTITION_CONTENT_CERT}, + {"plat-sp.crt", UUID_PLAT_SECURE_PARTITION_CONTENT_CERT} }; /******************************************************************************* -- cgit v1.2.3 From b226c74737090f5fca17656f43743b2c6ab766ca Mon Sep 17 00:00:00 2001 From: Zelalem Date: Fri, 18 Dec 2020 11:02:25 -0600 Subject: DebugFS: Check channel index before calling clone function To avoid a potential out-of-bounds access, check whether a device exists on a channel before calling the corresponding clone function. Signed-off-by: Zelalem Change-Id: Ia0dd66b331d3fa8a33109a02369e1bc9ae0fdd5b --- lib/debugfs/devfip.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lib/debugfs/devfip.c') diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c index d8b83b7a4..85e6403c7 100644 --- a/lib/debugfs/devfip.c +++ b/lib/debugfs/devfip.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020, Arm Limited. All rights reserved. + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -129,7 +129,10 @@ static int fipgen(chan_t *c, const dirtab_t *tab, int ntab, int n, dir_t *dir) panic(); } - clone(archives[c->dev].c, &nc); + if (clone(archives[c->dev].c, &nc) == NULL) { + panic(); + } + fip = &archives[nc.dev]; off = STOC_HEADER; @@ -202,7 +205,9 @@ static int fipread(chan_t *c, void *buf, int n) panic(); } - clone(fip->c, &cs); + if (clone(fip->c, &cs) == NULL) { + panic(); + } size = fip->size[c->qid]; if (c->offset >= size) { -- cgit v1.2.3