Message ID | 20170222234639.2469-1-afd@ti.com |
---|---|
State | Accepted |
Commit | 4f65ee38131a180cc2d8bc2cfe76cca31a9d55a4 |
Delegated to: | Tom Rini |
Headers | show |
On Wed, Feb 22, 2017 at 05:46:39PM -0600, Andrew F. Davis wrote: > After we authenticate/decrypt an image we need to flush the caches > as they may still contain bits of the encrypted image. This will > cause failures if we attempt to jump to this image. > > Reported-by: Yogesh Siraswar<yogeshs@ti.com> > Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
On Wed, Feb 22, 2017 at 05:46:39PM -0600, Andrew F. Davis wrote: > After we authenticate/decrypt an image we need to flush the caches > as they may still contain bits of the encrypted image. This will > cause failures if we attempt to jump to this image. > > Reported-by: Yogesh Siraswar<yogeshs@ti.com> > Signed-off-by: Andrew F. Davis <afd@ti.com> > Reviewed-by: Tom Rini <trini@konsulko.com> Applied prior to v2017.03-rc3 to u-boot/master, thanks!
diff --git a/arch/arm/mach-omap2/sec-common.c b/arch/arm/mach-omap2/sec-common.c index c5a000ac3a..0fa8db05fe 100644 --- a/arch/arm/mach-omap2/sec-common.c +++ b/arch/arm/mach-omap2/sec-common.c @@ -120,6 +120,12 @@ int secure_boot_verify_image(void **image, size_t *size) result = secure_rom_call( API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); + + /* Perform cache writeback on output buffer */ + flush_dcache_range( + (u32)*image, + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); + auth_exit: if (result != 0) { printf("Authentication failed!\n");
After we authenticate/decrypt an image we need to flush the caches as they may still contain bits of the encrypted image. This will cause failures if we attempt to jump to this image. Reported-by: Yogesh Siraswar<yogeshs@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com> --- arch/arm/mach-omap2/sec-common.c | 6 ++++++ 1 file changed, 6 insertions(+)