diff mbox

[U-Boot,v5,13/14] SECURE BOOT: Halt execution when secure boot fail

Message ID 1458730485-447-14-git-send-email-saksham.jain@nxp.com
State Accepted
Delegated to: York Sun
Headers show

Commit Message

Saksham Jain March 23, 2016, 10:54 a.m. UTC 
In case of fatal failure during secure boot execution (e.g. header not
found), it is needed that the execution stops. Earlier, we assert reset
request in case in case of failure. But if the RESET_REQ is not tied off
to HRESET, this allows the execution to continue.

This can either be taken care in bootscript (Execute esbc_halt command
in case of image verification process) or it can be taken care in Uboot
Code. In this commit, doing the latter via esbc_halt().

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
---
Changes for v2:
	- No changes
Changes for v3:
	- No changes
Chnages for v4:
	- Cleaned up commit message
Changes for v5:
	- Cleaned up commit message

 board/freescale/common/cmd_esbc_validate.c | 2 +-
 board/freescale/common/fsl_validate.c      | 5 +++++
 include/fsl_validate.h                     | 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

Comments

York Sun March 29, 2016, 3:58 p.m. UTC | #1 
On 03/22/2016 10:43 PM, Saksham Jain wrote:
> In case of fatal failure during secure boot execution (e.g. header not
> found), it is needed that the execution stops. Earlier, we assert reset
> request in case in case of failure. But if the RESET_REQ is not tied off
> to HRESET, this allows the execution to continue.
> 
> This can either be taken care in bootscript (Execute esbc_halt command
> in case of image verification process) or it can be taken care in Uboot
> Code. In this commit, doing the latter via esbc_halt().
> 
> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
> ---
> Changes for v2:
> 	- No changes
> Changes for v3:
> 	- No changes
> Chnages for v4:
> 	- Cleaned up commit message
> Changes for v5:
> 	- Cleaned up commit message
> 
>  board/freescale/common/cmd_esbc_validate.c | 2 +-
>  board/freescale/common/fsl_validate.c      | 5 +++++
>  include/fsl_validate.h                     | 3 +++
>  3 files changed, 9 insertions(+), 1 deletion(-)
> 


Minor change to commit message.

Applied to u-boot-fsl-qoriq master. Awaiting upstream.

Thanks.

York
diff mbox

Patch

diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index dfa3e21..375bc24 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -8,7 +8,7 @@ 
 #include <command.h>
 #include <fsl_validate.h>
 
-static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
 				char * const argv[])
 {
 	if (fsl_check_boot_mode_secure() == 0) {
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index c12b9c9..95059c7 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -325,6 +325,8 @@  static void fsl_secboot_header_verification_failure(void)
 
 	printf("Generating reset request\n");
 	do_reset(NULL, 0, 0, NULL);
+	/* If reset doesn't coocur, halt execution */
+	do_esbc_halt(NULL, 0, 0, NULL);
 }
 
 /*
@@ -355,6 +357,9 @@  static void fsl_secboot_image_verification_failure(void)
 
 			printf("Generating reset request\n");
 			do_reset(NULL, 0, 0, NULL);
+			/* If reset doesn't coocur, halt execution */
+			do_esbc_halt(NULL, 0, 0, NULL);
+
 		} else {
 			change_sec_mon_state(HPSR_SSM_ST_TRUST,
 					     HPSR_SSM_ST_NON_SECURE);
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index f812c1a..ff6f6b7 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -242,6 +242,9 @@  struct fsl_secboot_img_priv {
 	uint32_t img_size;	/* ESBC Image Size */
 };
 
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+				char * const argv[]);
+
 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
 	uintptr_t img_loc);
 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,