Merge "refactor(plat/arm): store UUID as a string, rather than ints" into integration
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index 55c8bda..3e8dd91 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -44,7 +44,9 @@
+-----------------+---------------------------+------------------------------+
| v2.4 | 2nd week of Nov '20 | 4th week of Oct '20 |
+-----------------+---------------------------+------------------------------+
-| v2.5 | 2nd week of May '21 | 4th week of Apr '21 |
+| v2.5 | 3rd week of May '21 | 5th week of Apr '21 |
++-----------------+---------------------------+------------------------------+
+| v2.6 | 4th week of Oct '21 | 1st week of Oct '21 |
+-----------------+---------------------------+------------------------------+
Removal of Deprecated Interfaces
@@ -64,4 +66,4 @@
--------------
-*Copyright (c) 2018-2020, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/license.rst b/docs/license.rst
index 2f97043..f0caa39 100644
--- a/docs/license.rst
+++ b/docs/license.rst
@@ -76,5 +76,14 @@
BSD-3-Clause license. Any contributions to this code must be made under the
terms of both licenses.
+- Some source files originating from the Linux source tree, which are
+ disjunctively dual licensed (GPL-2.0 OR MIT), are redistributed under the
+ terms of the MIT license. These files are:
+
+ - ``include/dt-bindings/interrupt-controller/arm-gic.h``
+
+ See the original `Linux MIT license`_.
+
.. _FreeBSD: http://www.freebsd.org
+.. _Linux MIT license: https://raw.githubusercontent.com/torvalds/linux/master/LICENSES/preferred/MIT
.. _SCC: http://www.simple-cc.org/
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 91ee1be..c7f84af 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -222,19 +222,25 @@
* To protect the system against rollback, the platform includes a non-volatile
* counter whose value can only be increased. All certificates include a counter
* value that should not be lower than the value stored in the platform. If the
- * value is larger, the counter in the platform must be updated to the new
- * value.
+ * value is larger, the counter in the platform must be updated to the new value
+ * (provided it has been authenticated).
*
* Return: 0 = success, Otherwise = error
+ * Returns additionally,
+ * cert_nv_ctr -> NV counter value present in the certificate
+ * need_nv_ctr_upgrade = 0 -> platform NV counter upgrade is not needed
+ * need_nv_ctr_upgrade = 1 -> platform NV counter upgrade is needed
*/
static int auth_nvctr(const auth_method_param_nv_ctr_t *param,
const auth_img_desc_t *img_desc,
- void *img, unsigned int img_len)
+ void *img, unsigned int img_len,
+ unsigned int *cert_nv_ctr,
+ bool *need_nv_ctr_upgrade)
{
char *p;
void *data_ptr = NULL;
unsigned int data_len, len, i;
- unsigned int cert_nv_ctr, plat_nv_ctr;
+ unsigned int plat_nv_ctr;
int rc = 0;
/* Get the counter value from current image. The AM expects the IPM
@@ -265,22 +271,20 @@
}
/* Convert to unsigned int. This code is for a little-endian CPU */
- cert_nv_ctr = 0;
+ *cert_nv_ctr = 0;
for (i = 0; i < len; i++) {
- cert_nv_ctr = (cert_nv_ctr << 8) | *p++;
+ *cert_nv_ctr = (*cert_nv_ctr << 8) | *p++;
}
/* Get the counter from the platform */
rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr);
return_if_error(rc);
- if (cert_nv_ctr < plat_nv_ctr) {
+ if (*cert_nv_ctr < plat_nv_ctr) {
/* Invalid NV-counter */
return 1;
- } else if (cert_nv_ctr > plat_nv_ctr) {
- rc = plat_set_nv_ctr2(param->plat_nv_ctr->cookie,
- img_desc, cert_nv_ctr);
- return_if_error(rc);
+ } else if (*cert_nv_ctr > plat_nv_ctr) {
+ *need_nv_ctr_upgrade = true;
}
return 0;
@@ -351,6 +355,10 @@
void *param_ptr;
unsigned int param_len;
int rc, i;
+ unsigned int cert_nv_ctr = 0;
+ bool need_nv_ctr_upgrade = false;
+ bool sig_auth_done = false;
+ const auth_method_param_nv_ctr_t *nv_ctr_param = NULL;
/* Get the image descriptor from the chain of trust */
img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id);
@@ -376,10 +384,13 @@
case AUTH_METHOD_SIG:
rc = auth_signature(&auth_method->param.sig,
img_desc, img_ptr, img_len);
+ sig_auth_done = true;
break;
case AUTH_METHOD_NV_CTR:
- rc = auth_nvctr(&auth_method->param.nv_ctr,
- img_desc, img_ptr, img_len);
+ nv_ctr_param = &auth_method->param.nv_ctr;
+ rc = auth_nvctr(nv_ctr_param,
+ img_desc, img_ptr, img_len,
+ &cert_nv_ctr, &need_nv_ctr_upgrade);
break;
default:
/* Unknown authentication method */
@@ -389,6 +400,16 @@
return_if_error(rc);
}
+ /*
+ * Do platform NV counter upgrade only if the certificate gets
+ * authenticated, and platform NV-counter upgrade is needed.
+ */
+ if (need_nv_ctr_upgrade && sig_auth_done) {
+ rc = plat_set_nv_ctr2(nv_ctr_param->plat_nv_ctr->cookie,
+ img_desc, cert_nv_ctr);
+ return_if_error(rc);
+ }
+
/* Extract the parameters indicated in the image descriptor to
* authenticate the children images. */
if (img_desc->authenticated_data != NULL) {
diff --git a/fdts/fvp-base-gicv2-psci-aarch32.dts b/fdts/fvp-base-gicv2-psci-aarch32.dts
index 957aea5..3a921f4 100644
--- a/fdts/fvp-base-gicv2-psci-aarch32.dts
+++ b/fdts/fvp-base-gicv2-psci-aarch32.dts
@@ -11,8 +11,8 @@
#define AFF
#define REG_32
-#include "fvp-defs.dtsi"
#include <dt-bindings/interrupt-controller/arm-gic.h>
+#include "fvp-defs.dtsi"
/memreserve/ 0x80000000 0x00010000;
diff --git a/fdts/fvp-base-gicv2-psci.dts b/fdts/fvp-base-gicv2-psci.dts
index f0c71b4..e99719e 100644
--- a/fdts/fvp-base-gicv2-psci.dts
+++ b/fdts/fvp-base-gicv2-psci.dts
@@ -10,8 +10,8 @@
#define AFF
-#include "fvp-defs.dtsi"
#include <dt-bindings/interrupt-controller/arm-gic.h>
+#include "fvp-defs.dtsi"
/memreserve/ 0x80000000 0x00010000;
diff --git a/fdts/fvp-base-gicv3-psci-common.dtsi b/fdts/fvp-base-gicv3-psci-common.dtsi
index 0ef9273..b6753de 100644
--- a/fdts/fvp-base-gicv3-psci-common.dtsi
+++ b/fdts/fvp-base-gicv3-psci-common.dtsi
@@ -4,8 +4,8 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <services/sdei_flags.h>
#include <dt-bindings/interrupt-controller/arm-gic.h>
+#include <services/sdei_flags.h>
#define LEVEL 0
#define EDGE 2
diff --git a/fdts/fvp-foundation-gicv2-psci.dts b/fdts/fvp-foundation-gicv2-psci.dts
index 7dd9afd..5a82c46 100644
--- a/fdts/fvp-foundation-gicv2-psci.dts
+++ b/fdts/fvp-foundation-gicv2-psci.dts
@@ -11,8 +11,8 @@
#define AFF
#define CLUSTER_COUNT 1
-#include "fvp-defs.dtsi"
#include <dt-bindings/interrupt-controller/arm-gic.h>
+#include "fvp-defs.dtsi"
/memreserve/ 0x80000000 0x00010000;
diff --git a/fdts/fvp-foundation-gicv3-psci.dts b/fdts/fvp-foundation-gicv3-psci.dts
index 0b265ad..e1249d4 100644
--- a/fdts/fvp-foundation-gicv3-psci.dts
+++ b/fdts/fvp-foundation-gicv3-psci.dts
@@ -11,8 +11,8 @@
#define AFF
#define CLUSTER_COUNT 1
-#include "fvp-defs.dtsi"
#include <dt-bindings/interrupt-controller/arm-gic.h>
+#include "fvp-defs.dtsi"
/memreserve/ 0x80000000 0x00010000;
diff --git a/include/dt-bindings/interrupt-controller/arm-gic.h b/include/dt-bindings/interrupt-controller/arm-gic.h
index 024a6c6..fbe07da 100644
--- a/include/dt-bindings/interrupt-controller/arm-gic.h
+++ b/include/dt-bindings/interrupt-controller/arm-gic.h
@@ -1,5 +1,8 @@
-/* SPDX-License-Identifier: GPL-2.0 or BSD-3-Clause */
/*
+ * Copyright (c) 2019-2021, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: MIT
+ *
* This header provides constants for the ARM GIC.
*/
diff --git a/licenses/LICENSE.MIT b/licenses/LICENSE.MIT
new file mode 100644
index 0000000..8aa2645
--- /dev/null
+++ b/licenses/LICENSE.MIT
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) [year] [fullname]
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.