From patchwork Tue Jan 2 16:44:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 123177 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp9181018qgn; Tue, 2 Jan 2018 08:58:11 -0800 (PST) X-Google-Smtp-Source: ACJfBoveE+KOLHgmyuaDJXUOQVsRslkh/bmBiBmyJmDQO3e3LFpPsoVeldEGLwnC/Muo4sOHek1T X-Received: by 10.80.184.52 with SMTP id j49mr21404045ede.160.1514912291241; Tue, 02 Jan 2018 08:58:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1514912291; cv=none; d=google.com; s=arc-20160816; b=QL9vP8UqkVcw1Wtn9tOOca+ZYeA8OcT4iduuk2HfTZiQF+hfaHTGAOSk8kSIRNsCDA rCCbCfdMVfATL4AVvqG1JGwV9bSQDKz9drJdkJYjciyB9RO4CiNf3fuj6MWNvq+8ztp7 Sv/7vIjjmcaUamjtsXQLQRuSGOzmtFKEmjpPswn+3r5UbfdAzqIIV4+Ejnz3+t54zTjH 8RUM7SSD3uR4Bd0v604ZjWgb+63/ZvQdQCYlcuowr+y5/tnYCmRO2O4of0PE6SAjtM8a IUrpGVTnL/dfzl0VfAP+mLjnxJhJHAN1VVvVtd/dc6r1rOBKOtzmOUZ9QL2G0CJhhZZo VQEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=3XTExcfm/R4RjVYQ5snUtBTR1VaGqHb70DkOCWDVdKo=; b=FXM0gXtkcx1St5LWkkqNYBrVzP62XgolxyOKBYfX6aiViXE+OlzEkVloliX1twd84l spd6nrxuH5YmoYWY1vx/9Jz3anvnOv3fcDoTFmCcWqAAGylQsjIQKqEmSGA4lt7AE4NT 0sjHgz50b8LCJs4RlQrZnsjTzLGDrQBgtieeOHDA74X9feoAIXm7oWXOutqu3mUhpdEn OzSvA1uDNqLml1A6uRy4QyytCSTStAEa7QuBUMMRTp4e4VRuAQkJAgjCFKiGiKMcZNeK iFJvM8wrOF9BM3fqdW7LTxq7JUjYP+3blb2eGI/VcmufknWdUZ6qYKem17Tp7/taY0yt NCFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=OiujiYH6; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id i6si3482398edf.419.2018.01.02.08.58.10; Tue, 02 Jan 2018 08:58:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=OiujiYH6; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id C7E53C21DA3; Tue, 2 Jan 2018 16:49:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 82756C21DBB; Tue, 2 Jan 2018 16:45:40 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5F6F0C21DBB; Tue, 2 Jan 2018 16:44:49 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 1DB7FC21DD9 for ; Tue, 2 Jan 2018 16:44:46 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id f140so61721763wmd.2 for ; Tue, 02 Jan 2018 08:44:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PPsvQyZLH4Mt+sx5I0UYIarc4H2t9RPw5bIGqqXCotw=; b=OiujiYH64N4hC89K+FwGJnW/tkssdNFsnqmhYVd/uvW7y6v3yasgzBsv8r+JUExqRg wg7fMSfKvG1tdoXf1ldtt97As2Fof93YFNc16X1kNEzGuGT3F1ViXnENw7+eF+2fqI70 AKjl55jp8R8GXTD/DynQWU5DT3iFMqX3eQ7JM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PPsvQyZLH4Mt+sx5I0UYIarc4H2t9RPw5bIGqqXCotw=; b=qR7CCRXyoeU6lJeGKDXREF8grk41kUuHvvzZCf7AYvSslmGS0QndTcXRt7gRaakaFa VNUJN42dXify1bhIQIKHT/hgGhol7Pzv/r9q7S3Vj4wT7SOYMe4ePLtrYHBFybewOjt2 YSJvyLSXz4IK+n8Y6jDCWCsfG8ARAmnWv/W0PSkMM4T5AgB5GFOMtcL19YcSaSuPq8Tn G5x3pkoFLPur7RBmHMS1nvokrpbOqskWRDEsMAnoq/Y2nVYbutFc8FgeZXtrnUDRwhmm sj5B6yCGNK+XpYNFcMmccpxgF6O3KGT9xLHEsKE6BFNs6tmmxi5iA9BGdlCx4uZA1e+D mX+A== X-Gm-Message-State: AKGB3mICjCD2EO3We0PrTT/PPH/MT0b+UgYSTK1vwFRB8Kar6uzCtmpE MfvrVJM0+wvoEQS/O1U040TB4yXw/l0= X-Received: by 10.80.149.141 with SMTP id w13mr62311210eda.79.1514911485493; Tue, 02 Jan 2018 08:44:45 -0800 (PST) Received: from localhost.localdomain (D4CCACC7.cm-2.dynamic.ziggo.nl. [212.204.172.199]) by smtp.gmail.com with ESMTPSA id z5sm29850584edh.76.2018.01.02.08.44.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 02 Jan 2018 08:44:44 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Tue, 2 Jan 2018 16:44:03 +0000 Message-Id: <1514911451-4520-18-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v4 17/25] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 858f2a7..92d342b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_caam_clock_disable; } + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,