diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | bl31/runtime_svc.c | 4 | ||||
| -rw-r--r-- | bl32/tsp/tsp_main.c | 34 | ||||
| -rw-r--r-- | docs/trusted-board-boot.md | 7 | ||||
| -rw-r--r-- | include/common/debug.h | 2 | ||||
| -rw-r--r-- | include/stdlib/stdio.h | 7 | ||||
| -rw-r--r-- | plat/juno/bl1_plat_setup.c | 2 | ||||
| -rw-r--r-- | tools/cert_create/src/cert.c | 2 |
8 files changed, 32 insertions, 30 deletions
@@ -77,7 +77,9 @@ TRUSTED_BOARD_BOOT := 0 AUTH_MOD := none # Checkpatch ignores -CHECK_IGNORE = --ignore COMPLEX_MACRO --ignore GERRIT_CHANGE_ID +CHECK_IGNORE = --ignore COMPLEX_MACRO \ + --ignore GERRIT_CHANGE_ID \ + --ignore GIT_COMMIT_ID CHECKPATCH_ARGS = --no-tree --no-signoff ${CHECK_IGNORE} CHECKCODE_ARGS = --no-patch --no-tree --no-signoff ${CHECK_IGNORE} diff --git a/bl31/runtime_svc.c b/bl31/runtime_svc.c index c33748f9..fd64c824 100644 --- a/bl31/runtime_svc.c +++ b/bl31/runtime_svc.c @@ -103,8 +103,8 @@ void runtime_svc_init(void) */ rc = validate_rt_svc_desc(&rt_svc_descs[index]); if (rc) { - ERROR("Invalid runtime service descriptor 0x%x (%s)\n", - &rt_svc_descs[index], + ERROR("Invalid runtime service descriptor 0x%lx (%s)\n", + (uintptr_t) &rt_svc_descs[index], rt_svc_descs[index].name); goto error; } diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c index c6000e19..d8895b2f 100644 --- a/bl32/tsp/tsp_main.c +++ b/bl32/tsp/tsp_main.c @@ -109,9 +109,9 @@ uint64_t tsp_main(void) { NOTICE("TSP: %s\n", version_string); NOTICE("TSP: %s\n", build_message); - INFO("TSP: Total memory base : 0x%x\n", (unsigned long)BL32_TOTAL_BASE); - INFO("TSP: Total memory size : 0x%x bytes\n", - (unsigned long)(BL32_TOTAL_LIMIT - BL32_TOTAL_BASE)); + INFO("TSP: Total memory base : 0x%lx\n", BL32_TOTAL_BASE); + INFO("TSP: Total memory size : 0x%lx bytes\n", + BL32_TOTAL_LIMIT - BL32_TOTAL_BASE); uint64_t mpidr = read_mpidr(); uint32_t linear_id = platform_get_core_pos(mpidr); @@ -129,7 +129,7 @@ uint64_t tsp_main(void) #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu on requests\n", mpidr, + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, tsp_stats[linear_id].cpu_on_count); @@ -158,8 +158,8 @@ tsp_args_t *tsp_cpu_on_main(void) #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x turned on\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu on requests\n", mpidr, + INFO("TSP: cpu 0x%lx turned on\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, tsp_stats[linear_id].cpu_on_count); @@ -199,8 +199,8 @@ tsp_args_t *tsp_cpu_off_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x off request\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu off requests\n", mpidr, + INFO("TSP: cpu 0x%lx off request\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu off requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, tsp_stats[linear_id].cpu_off_count); @@ -242,7 +242,7 @@ tsp_args_t *tsp_cpu_suspend_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu suspend requests\n", + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -281,9 +281,9 @@ tsp_args_t *tsp_cpu_resume_main(uint64_t suspend_level, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x resumed. suspend level %d\n", + INFO("TSP: cpu 0x%lx resumed. suspend level %ld\n", mpidr, suspend_level); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu suspend requests\n", + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -316,8 +316,8 @@ tsp_args_t *tsp_system_off_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x SYSTEM_OFF request\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets requests\n", mpidr, + INFO("TSP: cpu 0x%lx SYSTEM_OFF request\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count); spin_unlock(&console_lock); @@ -349,8 +349,8 @@ tsp_args_t *tsp_system_reset_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x SYSTEM_RESET request\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets requests\n", mpidr, + INFO("TSP: cpu 0x%lx SYSTEM_RESET request\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count); spin_unlock(&console_lock); @@ -384,10 +384,10 @@ tsp_args_t *tsp_smc_handler(uint64_t func, tsp_stats[linear_id].smc_count++; tsp_stats[linear_id].eret_count++; - INFO("TSP: cpu 0x%x received %s smc 0x%x\n", read_mpidr(), + INFO("TSP: cpu 0x%lx received %s smc 0x%lx\n", mpidr, ((func >> 31) & 1) == 1 ? "fast" : "standard", func); - INFO("TSP: cpu 0x%x: %d smcs, %d erets\n", mpidr, + INFO("TSP: cpu 0x%lx: %d smcs, %d erets\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count); diff --git a/docs/trusted-board-boot.md b/docs/trusted-board-boot.md index abba0309..f3b9f14e 100644 --- a/docs/trusted-board-boot.md +++ b/docs/trusted-board-boot.md @@ -44,10 +44,9 @@ essential information to establish the CoT. In the TBB CoT all certificates are self-signed. There is no need for a Certificate Authority (CA) because the CoT is not established by verifying the validity of a certificate's issuer but by the content of the certificate -extensions. To sign the certificates, the PKCS#1 SHA-1 with RSA Encryption +extensions. To sign the certificates, the PKCS#1 SHA-256 with RSA Encryption signature scheme is used with a RSA key length of 2048 bits. Future version of -Trusted Firmware will replace SHA-1 usage with SHA-256 and support additional -cryptographic algorithms. +Trusted Firmware will support additional cryptographic algorithms. The certificates are categorised as "Key" and "Content" certificates. Key certificates are used to verify public keys which have been used to sign content @@ -218,7 +217,7 @@ corresponding certificates or images at each step in the Trusted Board Boot sequence. The module relies on the PolarSSL library (v1.3.9) to perform the following operations: -* Parsing X.509 certificates and verifying them using SHA-1 with RSA +* Parsing X.509 certificates and verifying them using SHA-256 with RSA Encryption. * Extracting public keys and hashes from the certificates. * Generating hashes (SHA-256) of boot loader images diff --git a/include/common/debug.h b/include/common/debug.h index a8dcb8da..d198c321 100644 --- a/include/common/debug.h +++ b/include/common/debug.h @@ -84,6 +84,6 @@ void __dead2 do_panic(void); #define panic() do_panic() -void tf_printf(const char *fmt, ...); +void tf_printf(const char *fmt, ...) __printflike(1, 2); #endif /* __DEBUG_H__ */ diff --git a/include/stdlib/stdio.h b/include/stdlib/stdio.h index 60e081b4..57e5c7fa 100644 --- a/include/stdlib/stdio.h +++ b/include/stdlib/stdio.h @@ -58,12 +58,13 @@ typedef __ssize_t ssize_t; #define EOF (-1) -int printf(const char * __restrict, ...); +int printf(const char * __restrict, ...) __printflike(1, 2); int putchar(int); int puts(const char *); -int sprintf(char * __restrict, const char * __restrict, ...); +int sprintf(char * __restrict, const char * __restrict, ...) + __printflike(2, 3); int vsprintf(char * __restrict, const char * __restrict, - __va_list); + __va_list) __printflike(2, 0); int sscanf(const char *__restrict, char const *__restrict, ...); diff --git a/plat/juno/bl1_plat_setup.c b/plat/juno/bl1_plat_setup.c index 23e8592b..2aeaba61 100644 --- a/plat/juno/bl1_plat_setup.c +++ b/plat/juno/bl1_plat_setup.c @@ -99,7 +99,7 @@ void bl1_early_platform_setup(void) BL1_RAM_BASE, bl1_size); - INFO("BL1: 0x%lx - 0x%lx [size = %u]\n", BL1_RAM_BASE, BL1_RAM_LIMIT, + INFO("BL1: 0x%lx - 0x%lx [size = %lu]\n", BL1_RAM_BASE, BL1_RAM_LIMIT, bl1_size); } diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c index 9705643d..22fe3d58 100644 --- a/tools/cert_create/src/cert.c +++ b/tools/cert_create/src/cert.c @@ -170,7 +170,7 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk) } /* Sign the certificate with the issuer key */ - if (!X509_sign(x, ikey, EVP_sha1())) { + if (!X509_sign(x, ikey, EVP_sha256())) { ERR_print_errors_fp(stdout); return 0; } |