| Message ID | 1453460848-21808-8-git-send-email-aneesh.bansal@nxp.com |
|---|---|
| State | Accepted |
| Delegated to: | York Sun |
| Headers | show |
> -----Original Message----- > From: Aneesh Bansal [mailto:aneesh.bansal@nxp.com] > Sent: Friday, January 22, 2016 4:37 PM > To: u-boot@lists.denx.de > Cc: york sun <york.sun@nxp.com>; Ruchika Gupta > <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > <prabhakar.kushwaha@nxp.com>; Aneesh Bansal > <aneesh.bansal@nxp.com> > Subject: [PATCH v3 7/7] SECURE_BOOT: change error handler for > esbc_validate > > In case of error while executing esbc_validate command, SNVS transition and > issue of reset is required only for secure-boot. > If boot mode is non-secure, this is not required. > > Similarly, esbc_halt command which puts the core in Spin Loop is applicable > only for Secure Boot. > > Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> > --- > Changes in v3: > None > > Changes in v2: > None (Changed the Sign-Off with New E-Mail ID) > > board/freescale/common/cmd_esbc_validate.c | 7 ++++++- > board/freescale/common/fsl_validate.c | 7 +++++++ > 2 files changed, 13 insertions(+), 1 deletion(-) > > diff --git a/board/freescale/common/cmd_esbc_validate.c > b/board/freescale/common/cmd_esbc_validate.c > index ca7c737..dfa3e21 100644 > --- a/board/freescale/common/cmd_esbc_validate.c > +++ b/board/freescale/common/cmd_esbc_validate.c > @@ -11,6 +11,11 @@ > static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, > char * const argv[]) > { > + if (fsl_check_boot_mode_secure() == 0) { > + printf("Boot Mode is Non-Secure. Not entering spin > loop.\n"); > + return 0; > + } > + > printf("Core is entering spin loop.\n"); > loop: > goto loop; > @@ -64,6 +69,6 @@ U_BOOT_CMD( > > U_BOOT_CMD( > esbc_halt, 1, 0, do_esbc_halt, > - "Put the core in spin loop ", > + "Put the core in spin loop (Secure Boot Only)", > "" > ); > diff --git a/board/freescale/common/fsl_validate.c > b/board/freescale/common/fsl_validate.c > index de40081..8fd6dd6 100644 > --- a/board/freescale/common/fsl_validate.c > +++ b/board/freescale/common/fsl_validate.c > @@ -370,6 +370,13 @@ void fsl_secboot_handle_error(int error) > printf("ERROR :: %x :: %s\n", error, e->name); > } > > + /* If Boot Mode is secure, transition the SNVS state and issue > + * reset based on type of failure and ITS setting. > + * If Boot mode is non-secure, return from this function. > + */ > + if (fsl_check_boot_mode_secure() == 0) > + return; > + > switch (error) { > case ERROR_ESBC_CLIENT_HEADER_BARKER: > case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: > -- > 1.8.1.4 Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
On 01/22/2016 03:10 AM, Aneesh Bansal wrote: > In case of error while executing esbc_validate command, SNVS > transition and issue of reset is required only for secure-boot. > If boot mode is non-secure, this is not required. > > Similarly, esbc_halt command which puts the core in Spin Loop > is applicable only for Secure Boot. > > Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> > --- > Changes in v3: > None > > Changes in v2: > None (Changed the Sign-Off with New E-Mail ID) > > board/freescale/common/cmd_esbc_validate.c | 7 ++++++- > board/freescale/common/fsl_validate.c | 7 +++++++ > 2 files changed, 13 insertions(+), 1 deletion(-) > Change subject prefix to "secure_boot:". Applied to u-boot-fsl-qoriq master. Awaiting upstream. Thanks. York
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index ca7c737..dfa3e21 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -11,6 +11,11 @@ static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { + if (fsl_check_boot_mode_secure() == 0) { + printf("Boot Mode is Non-Secure. Not entering spin loop.\n"); + return 0; + } + printf("Core is entering spin loop.\n"); loop: goto loop; @@ -64,6 +69,6 @@ U_BOOT_CMD( U_BOOT_CMD( esbc_halt, 1, 0, do_esbc_halt, - "Put the core in spin loop ", + "Put the core in spin loop (Secure Boot Only)", "" ); diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index de40081..8fd6dd6 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -370,6 +370,13 @@ void fsl_secboot_handle_error(int error) printf("ERROR :: %x :: %s\n", error, e->name); } + /* If Boot Mode is secure, transition the SNVS state and issue + * reset based on type of failure and ITS setting. + * If Boot mode is non-secure, return from this function. + */ + if (fsl_check_boot_mode_secure() == 0) + return; + switch (error) { case ERROR_ESBC_CLIENT_HEADER_BARKER: case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE:
In case of error while executing esbc_validate command, SNVS transition and issue of reset is required only for secure-boot. If boot mode is non-secure, this is not required. Similarly, esbc_halt command which puts the core in Spin Loop is applicable only for Secure Boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> --- Changes in v3: None Changes in v2: None (Changed the Sign-Off with New E-Mail ID) board/freescale/common/cmd_esbc_validate.c | 7 ++++++- board/freescale/common/fsl_validate.c | 7 +++++++ 2 files changed, 13 insertions(+), 1 deletion(-)