Message ID | 1519089566-17147-2-git-send-email-brenomatheus@gmail.com |
---|---|
State | Accepted |
Commit | 8c4037a09a5c2f15aae4c79860a31c8045bd4ee8 |
Delegated to: | Stefano Babic |
Headers | show |
Series | [U-Boot,1/5] imx: hab: Keep CAAM clock enabled after authenticating additional images | expand |
On Mon, Feb 19, 2018 at 10:19 PM, Breno Lima <brenomatheus@gmail.com> wrote: > From: Utkarsh Gupta <utkarsh.gupta@nxp.com> > > DCD commands should only be present in the initial boot image loaded by > the SoC ROM. DCD should not be present in images that will be verified > by software using HAB RVT authentication APIs. Newer versions of HAB > will generate an error if a DCD pointer is present in an image being > authenticated by calling the HAB RVT API. Older versions of HAB will > process and run DCD if it is present, and this could lead to an incorrect > authentication boot flow. > > It is highly recommended this check is in place to ensure additional HAB > verified images do not include a DCD table. > > Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> > Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 1e6b31d..ba6b31d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -516,6 +516,12 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_authentication_exit; } + /* Verify if IVT DCD pointer is NULL */ + if (ivt->dcd) { + puts("Error: DCD pointer must be NULL\n"); + goto hab_authentication_exit; + } + start = ddr_start; bytes = image_size;