From patchwork Tue Jan  2 16:43:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 854621
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=linaro.org header.i=@linaro.org
	header.b="KTjw2u6G"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3zB0RR6p95z9s7G
	for <incoming@patchwork.ozlabs.org>;
	Wed,  3 Jan 2018 03:50:09 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 7894DC21DE7; Tue,  2 Jan 2018 16:49:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 548AAC21DDD;
	Tue,  2 Jan 2018 16:45:34 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 5C70DC21DEF; Tue,  2 Jan 2018 16:44:41 +0000 (UTC)
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com
	[74.125.82.67])
	by lists.denx.de (Postfix) with ESMTPS id 7F147C21DF1
	for <u-boot@lists.denx.de>; Tue,  2 Jan 2018 16:44:37 +0000 (UTC)
Received: by mail-wm0-f67.google.com with SMTP id a79so22900492wma.0
	for <u-boot@lists.denx.de>; Tue, 02 Jan 2018 08:44:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=K8jGXjHJlQG52Itin0ehjRHo3P34kiVJ1OjHqtyqcC4=;
	b=KTjw2u6Gd1GJa6tRTRUkSHjpYcNET1H/TFiqCYr07dBwcBaE2OOcWoZL75lEEbJ4Ds
	viXQj43zz45h1l7yN4QKoyCy7mY405DHUMbJ5mRLys7/EZrIBgnRVmx0bJAZbkGDT8DN
	zXj7fUMgHjTfUdxyXwyTIl5EISwlWJcCCEhl0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=K8jGXjHJlQG52Itin0ehjRHo3P34kiVJ1OjHqtyqcC4=;
	b=uEjAQhShJH3dUJdlwVG1qMaEhZf7lDu1Q14OAkzotaKP1A+co7Hcxg1nliM1EgY2tR
	C08MHq3mokouUVZ2DrVXCEgvKiIP6PWXTvpDSw1YLoRkRuQD9xJccHMldW2KMbZa98Mx
	TYDfxAzrjyjHMvCTtAaHCAJ0vGMGQuasFaLqLLSXQ80a5f+t2ty/vMaFTngDUT7CyNPp
	t6MmWwXZl1BBuOb3EBrvFNovwVuvrH+qtkE0EhGS5K54qXwaeg/TfuKYwCnLEj3SXHdc
	ZVWPdgiud90e8k7OiITcKBjs2dDo+5a5kydph/6YoVYe63VTMy5HxsQES1Ax1tDM1rHD
	W1Pg==
X-Gm-Message-State: AKGB3mLDPfxVaEuJ5xr5+n2zVKTHgdC95ZMmh9N2yGDsUFFTcJpoMSiU
	TFQFHIGR4F5DZ34+Te4MHyv2lytLY4Q=
X-Google-Smtp-Source: 
 ACJfBotMLLk4ux2/0KrhqQj2CCmb1IjcnC6UyOlZueIDpHt9JDOHenjYON3Je35MpyB+eO4V9gDbhw==
X-Received: by 10.80.142.178 with SMTP id w47mr64304346edw.251.1514911476735;
	Tue, 02 Jan 2018 08:44:36 -0800 (PST)
Received: from localhost.localdomain (D4CCACC7.cm-2.dynamic.ziggo.nl.
	[212.204.172.199]) by smtp.gmail.com with ESMTPSA id
	z5sm29850584edh.76.2018.01.02.08.44.35
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 02 Jan 2018 08:44:35 -0800 (PST)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de,
	brenomatheus@gmail.com
Date: Tue,  2 Jan 2018 16:43:56 +0000
Message-Id: <1514911451-4520-11-git-send-email-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org>
References: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Subject: [U-Boot] [PATCH v4 10/25] arm: imx: hab: Add IVT header verification
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
---
 arch/arm/mach-imx/hab.c | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 1d7b069..cb6214d 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -80,6 +80,31 @@
 
 static bool is_hab_enabled(void);
 
+static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
+{
+	printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
+	       ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
+
+	return 1;
+}
+
+static int verify_ivt_header(struct ivt_header *ivt_hdr)
+{
+	int result = 0;
+
+	if (ivt_hdr->magic != IVT_HEADER_MAGIC)
+		result = ivt_header_error("bad magic", ivt_hdr);
+
+	if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
+		result = ivt_header_error("bad length", ivt_hdr);
+
+	if (ivt_hdr->version != IVT_HEADER_V1 &&
+	    ivt_hdr->version != IVT_HEADER_V2)
+		result = ivt_header_error("bad version", ivt_hdr);
+
+	return result;
+}
+
 #if !defined(CONFIG_SPL_BUILD)
 
 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
@@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
 	hab_rvt_entry_t *hab_rvt_entry;
 	hab_rvt_exit_t *hab_rvt_exit;
+	struct ivt *ivt;
+	struct ivt_header *ivt_hdr;
 
 	hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
 	hab_rvt_entry = hab_rvt_entry_p;
@@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 	/* Calculate IVT address header */
 	ivt_addr = ddr_start + ivt_offset;
+	ivt = (struct ivt *)ivt_addr;
+	ivt_hdr = &ivt->hdr;
+
+	/* Verify IVT header bugging out on error */
+	if (verify_ivt_header(ivt_hdr))
+		goto hab_caam_clock_disable;
+
 	start = ddr_start;
 	bytes = image_size;
 #ifdef DEBUG
@@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 	printf("\tivt_offset = 0x%x\n", ivt_offset);
 	printf("\tstart = 0x%08lx\n", start);
 	printf("\tbytes = 0x%x\n", bytes);
-#else
-	(void)ivt_addr;
 #endif
 	/*
 	 * If the MMU is enabled, we have to notify the ROM