diff mbox series

[v5,16/24] arm: imx: hab: Add a hab_rvt_check_target to image auth

Message ID 1515433001-13857-17-git-send-email-bryan.odonoghue@linaro.org
State Superseded
Headers show
Series Fix and extend i.MX HAB layer | expand

Commit Message

Bryan O'Donoghue Jan. 8, 2018, 5:36 p.m. UTC 
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.

This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
---
 arch/arm/mach-imx/hab.c | 9 +++++++++
 1 file changed, 9 insertions(+)
diff mbox series

Patch

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 2a18ea2..079423a 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -437,12 +437,15 @@  int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
 	hab_rvt_entry_t *hab_rvt_entry;
 	hab_rvt_exit_t *hab_rvt_exit;
+	hab_rvt_check_target_t *hab_rvt_check_target;
 	struct ivt *ivt;
 	struct ivt_header *ivt_hdr;
+	enum hab_status status;
 
 	hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
 	hab_rvt_entry = hab_rvt_entry_p;
 	hab_rvt_exit = hab_rvt_exit_p;
+	hab_rvt_check_target = hab_rvt_check_target_p;
 
 	if (!is_hab_enabled()) {
 		puts("hab fuse not enabled\n");
@@ -478,6 +481,12 @@  int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 		goto hab_caam_clock_disable;
 	}
 
+	status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
+	if (status != HAB_SUCCESS) {
+		printf("HAB check target 0x%08x-0x%08x fail\n",
+		       ddr_start, ddr_start + bytes);
+		goto hab_caam_clock_disable;
+	}
 #ifdef DEBUG
 	printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
 	printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,