diff mbox series

[v6,11/25] arm: imx: hab: Only call ROM once headers are verified

Message ID 1515760819-15116-12-git-send-email-bryan.odonoghue@linaro.org
State Accepted
Commit 04099e9ced6421940248d5357786901bb89f4ce4
Headers show
Series Fix and extend i.MX HAB layer | expand

Commit Message

Bryan O'Donoghue Jan. 12, 2018, 12:40 p.m. UTC
Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
---
 arch/arm/mach-imx/hab.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 39f8f2d..a8e3e79 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -436,11 +436,6 @@  int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 	hab_caam_clock_enable(1);
 
-	if (hab_rvt_entry() != HAB_SUCCESS) {
-		puts("hab entry function fail\n");
-		goto hab_caam_clock_disable;
-	}
-
 	/* Calculate IVT address header */
 	ivt_addr = ddr_start + ivt_offset;
 	ivt = (struct ivt *)ivt_addr;
@@ -459,6 +454,12 @@  int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 	start = ddr_start;
 	bytes = image_size;
+
+	if (hab_rvt_entry() != HAB_SUCCESS) {
+		puts("hab entry function fail\n");
+		goto hab_caam_clock_disable;
+	}
+
 #ifdef DEBUG
 	printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
 	puts("Dumping IVT\n");