From patchwork Thu Dec 28 18:49:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853533 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="N0C5BkER"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6zgq2Ptlz9sRg for ; Fri, 29 Dec 2017 06:05:27 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 1241EC21D9F; Thu, 28 Dec 2017 18:55:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 621AAC21E63; Thu, 28 Dec 2017 18:51:04 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3B41FC21DA6; Thu, 28 Dec 2017 18:50:08 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id EE027C21C34 for ; Thu, 28 Dec 2017 18:50:03 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id 9so45242662wme.4 for ; Thu, 28 Dec 2017 10:50:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qITMAZB0kBEBYVD0jg4YEIDgGAySjZ7YlWDixrrLCXg=; b=N0C5BkER2phf7xjKF2rRB9w5a53OQsxx4zSAZK7WED5sjiXUPzA4fs8GgqBKgsSoEO Xp3rYEp7thSlW/qCxkZfkSJfuIo/Ae8kKeylApj+I71YbvC/EuA+YUKAWc8jjLePrOVI mvx82M0yfiUxvZEiSs17XslvR/QLcvz0Mo6rQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qITMAZB0kBEBYVD0jg4YEIDgGAySjZ7YlWDixrrLCXg=; b=icww/2bdgOTUkm9hoUTvCBpRCHqUcLutDLkCI+7+vCIB2JUhvvSos/G1TG3ytmj9ln uh9fVnDuiNHqeZhxXjlwrLrkJTj1ByDwsg8Hyy7P5zsP+p0hdtBqmtN09Qens/CKi//O bZohMTj+j8fvt/96u86E1p7ysEn6Qb8cmCinF9Qas9aiq7SGl0ZQOcu7KeulwfPqmKAh XcGRfuinAfvK3ppqx4deRLXkX8DN8br3wI8Po+ZlWBYEkGXCsVqYjGeozSkqul3D7ttJ AYSvlLXeIzI4M9aPxg6yWTOk7fszq2DYJWqkbHhosDxoLj22/bck5nN5IUbqgcPO699i ogmQ== X-Gm-Message-State: AKGB3mKyqJNIFPCr+3e6Pcy6FcAESRt4LEo9fWp05VIUD0CtJ5TfQrTX /1VACD6WEqdQ3UL9Wd1lb59XO9qJPtA= X-Google-Smtp-Source: ACJfBouWySmIVUydrILzVF6c4hpv5xwonsZ8I9jSeucRQMnTtXVYjImZlFeGrpKedZrh3euzmRV4vA== X-Received: by 10.80.142.239 with SMTP id x44mr41242789edx.13.1514487003377; Thu, 28 Dec 2017 10:50:03 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id x28sm35246579edd.0.2017.12.28.10.50.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 28 Dec 2017 10:50:02 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Thu, 28 Dec 2017 18:49:35 +0000 Message-Id: <1514486982-19059-17-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514486982-19059-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514486982-19059-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v2 16/23] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index eb18f76..864b1e2 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -477,6 +480,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,