From patchwork Tue Feb 20 01:19:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875358 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="fatLPAwR"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljVz6Ghmz9s01 for ; Tue, 20 Feb 2018 12:21:15 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 77A89C21E31; Tue, 20 Feb 2018 01:20:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 678BFC21EA7; Tue, 20 Feb 2018 01:20:14 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2238FC21DA6; Tue, 20 Feb 2018 01:20:00 +0000 (UTC) Received: from mail-qt0-f196.google.com (mail-qt0-f196.google.com [209.85.216.196]) by lists.denx.de (Postfix) with ESMTPS id 68942C21E73 for ; Tue, 20 Feb 2018 01:19:56 +0000 (UTC) Received: by mail-qt0-f196.google.com with SMTP id c19so14521245qtm.7 for ; Mon, 19 Feb 2018 17:19:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dHaMr38/R6/oXXILMTfbZfDT9lZ8hpA5T/Qg3cJKMoM=; b=fatLPAwRDw2666YK7qY41qhKJ9z9ZM9JHft4QDCyq+rJe9SXU/KZVlNTlhwP62LKv5 kneRsd4kUtsK75CEAigq5BHgx2oK7Gg9ciD4b0I5D4K3QwvEAjw7HlmghW5v2JkgkZe7 NfrdcyzIM48gDux2dp8ZfyPeP2aS0Sl1DgPQPgboJiJ0izwVy5QCwubBYM49Da/2eg3e dsv7bKvEXb/LP2/XQjkrEiH6HpKmlsmNLamfrL0YJmWvmKh6KZKzfHmLwgdtQqB6btxo +CujzdhrLoAHz/aMIO0k9/lbnL1lumUVcmEzwVPZowqEslasvOEhxlyJSxw2MbcQiVS2 XrDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dHaMr38/R6/oXXILMTfbZfDT9lZ8hpA5T/Qg3cJKMoM=; b=pvBx0jfojrhTGsbyMKRA3mM83Yfon1IYJOBfAAJ3nWqtSU1++YKN/GibOYbQJorS7p CW+cDRHgPmrLFt0t3ufwbiwRJ4wy7POqapH1+O/Yje0w5ZfSAXTCgrQcSAxFhWUathmg Crvk3RWHrzbj32kO1NfGRtDGRNMDGdZqXCQaK/HJoYvt3bPccOm4X0u/zRdnEv2Q//X5 31EHLmfKOurm2gcq0Y0coWK1emNeWPvMZ+n6h6rJdTFec0spMjAmWzhCF3YtvSdRoXgd zh/U6QmNJNxOFVTWruyK6VZ2GYefV1hhLHEEDzE8pF+71dGDBVL++wh5VQgIIUESV91v pXnA== X-Gm-Message-State: APf1xPDKAKXzb+FvmNW/L9JRTsfWzIk9BO/HA0tXxaHHfLfEtQu0jNGo bbnU1daBh7S7u79We+UvF+ImokHM X-Google-Smtp-Source: AH8x225WOTlcsv6+i1Tgg0rGKRmbl495Df8HZtKhWdLOQwh63RCWKXhIvbYu9/K71rhluj9koIMR9A== X-Received: by 10.200.9.48 with SMTP id t45mr28524688qth.107.1519089595344; Mon, 19 Feb 2018 17:19:55 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.19.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:19:54 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:23 +0000 Message-Id: <1519089566-17147-2-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> References: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> Cc: Breno Lima , u-boot@lists.denx.de, Utkarsh Gupta Subject: [U-Boot] [PATCH 2/5] imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function. X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Utkarsh Gupta DCD commands should only be present in the initial boot image loaded by the SoC ROM. DCD should not be present in images that will be verified by software using HAB RVT authentication APIs. Newer versions of HAB will generate an error if a DCD pointer is present in an image being authenticated by calling the HAB RVT API. Older versions of HAB will process and run DCD if it is present, and this could lead to an incorrect authentication boot flow. It is highly recommended this check is in place to ensure additional HAB verified images do not include a DCD table. Signed-off-by: Utkarsh Gupta Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 1e6b31d..ba6b31d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -516,6 +516,12 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_authentication_exit; } + /* Verify if IVT DCD pointer is NULL */ + if (ivt->dcd) { + puts("Error: DCD pointer must be NULL\n"); + goto hab_authentication_exit; + } + start = ddr_start; bytes = image_size;