From patchwork Tue Jan 2 16:44:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 854623 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="OiujiYH6"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zB0SF32FFz9t3n for ; Wed, 3 Jan 2018 03:50:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 3762CC21C29; Tue, 2 Jan 2018 16:49:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 82756C21DBB; Tue, 2 Jan 2018 16:45:40 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5F6F0C21DBB; Tue, 2 Jan 2018 16:44:49 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 1DB7FC21DD9 for ; Tue, 2 Jan 2018 16:44:46 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id f140so61721763wmd.2 for ; Tue, 02 Jan 2018 08:44:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PPsvQyZLH4Mt+sx5I0UYIarc4H2t9RPw5bIGqqXCotw=; b=OiujiYH64N4hC89K+FwGJnW/tkssdNFsnqmhYVd/uvW7y6v3yasgzBsv8r+JUExqRg wg7fMSfKvG1tdoXf1ldtt97As2Fof93YFNc16X1kNEzGuGT3F1ViXnENw7+eF+2fqI70 AKjl55jp8R8GXTD/DynQWU5DT3iFMqX3eQ7JM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PPsvQyZLH4Mt+sx5I0UYIarc4H2t9RPw5bIGqqXCotw=; b=qR7CCRXyoeU6lJeGKDXREF8grk41kUuHvvzZCf7AYvSslmGS0QndTcXRt7gRaakaFa VNUJN42dXify1bhIQIKHT/hgGhol7Pzv/r9q7S3Vj4wT7SOYMe4ePLtrYHBFybewOjt2 YSJvyLSXz4IK+n8Y6jDCWCsfG8ARAmnWv/W0PSkMM4T5AgB5GFOMtcL19YcSaSuPq8Tn G5x3pkoFLPur7RBmHMS1nvokrpbOqskWRDEsMAnoq/Y2nVYbutFc8FgeZXtrnUDRwhmm sj5B6yCGNK+XpYNFcMmccpxgF6O3KGT9xLHEsKE6BFNs6tmmxi5iA9BGdlCx4uZA1e+D mX+A== X-Gm-Message-State: AKGB3mICjCD2EO3We0PrTT/PPH/MT0b+UgYSTK1vwFRB8Kar6uzCtmpE MfvrVJM0+wvoEQS/O1U040TB4yXw/l0= X-Google-Smtp-Source: ACJfBou1iGYC5l1FPvuftGLM6dOJUf1qBbNmajN6zLMkOo17LncYdQfa0+W3Pt7zHglfSQg2VxI7bQ== X-Received: by 10.80.149.141 with SMTP id w13mr62311210eda.79.1514911485493; Tue, 02 Jan 2018 08:44:45 -0800 (PST) Received: from localhost.localdomain (D4CCACC7.cm-2.dynamic.ziggo.nl. [212.204.172.199]) by smtp.gmail.com with ESMTPSA id z5sm29850584edh.76.2018.01.02.08.44.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 02 Jan 2018 08:44:44 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Tue, 2 Jan 2018 16:44:03 +0000 Message-Id: <1514911451-4520-18-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v4 17/25] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 858f2a7..92d342b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_caam_clock_disable; } + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,