From patchwork Thu Jan 28 13:20:14 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Saksham Jain X-Patchwork-Id: 574726 X-Patchwork-Delegate: yorksun@freescale.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id A753C140BB5 for ; Fri, 29 Jan 2016 00:59:08 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id B6212A7526; Thu, 28 Jan 2016 14:57:56 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OgeK7YrCBpa5; Thu, 28 Jan 2016 14:57:56 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 584C162155; Thu, 28 Jan 2016 14:57:06 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id E82A6A74F9 for ; Thu, 28 Jan 2016 14:24:06 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLiXTxYf87QV for ; Thu, 28 Jan 2016 14:24:06 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0069.outbound.protection.outlook.com [65.55.169.69]) by theia.denx.de (Postfix) with ESMTPS id 2AFC14B9A5 for ; Thu, 28 Jan 2016 14:24:01 +0100 (CET) Received: from BY2PR03CA057.namprd03.prod.outlook.com (10.141.249.30) by DM2PR0301MB0701.namprd03.prod.outlook.com (10.160.96.27) with Microsoft SMTP Server (TLS) id 15.1.390.13; Thu, 28 Jan 2016 13:23:54 +0000 Received: from BN1BFFO11FD041.protection.gbl (2a01:111:f400:7c10::1:186) by BY2PR03CA057.outlook.office365.com (2a01:111:e400:2c5d::30) with Microsoft SMTP Server (TLS) id 15.1.396.15 via Frontend Transport; Thu, 28 Jan 2016 13:23:54 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=none action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1BFFO11FD041.mail.protection.outlook.com (10.58.144.104) with Microsoft SMTP Server (TLS) id 15.1.355.15 via Frontend Transport; Thu, 28 Jan 2016 13:23:54 +0000 Received: from perf-idc04.ap.freescale.net (perf-idc04.ap.freescale.net [10.232.14.49]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u0SDMiqt022558; Thu, 28 Jan 2016 06:23:51 -0700 From: Saksham Jain To: Date: Thu, 28 Jan 2016 18:50:14 +0530 Message-ID: <1453987216-26745-13-git-send-email-saksham.jain@nxp.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1453987216-26745-1-git-send-email-saksham.jain@nxp.com> References: <1453987216-26745-1-git-send-email-saksham.jain@nxp.com> X-EOPAttributedMessage: 0 X-Matching-Connectors: 130984610345563559; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD041; 1:QuBH2i2nz5b7rgDDTgcHrLBjnLZkJDcvq8Ak6n5hihUXA7dFK24wWrmmhP3iXC8I/cpWgfWdxsq66XVJwpW9rLw0rnqHrD9vic1A2wIasxEuyrVbzRNw9cgP1LOgMolBvSRcfV9t7lh+fMC4ubJsHjGhpryUr03gJOMsGmnrMQeEgMzOH5R/1AMtTUUwpV82yFJZvZ2+Rz/CSeYUKQJwQTgkRMwXzqUJZ7HJSMNYGMT0VV8T6qmffWFidAYgMGDSvT8igiCq5mUViABuw9MNAVKXfaL1x/ap1FTBsX4POhW0Kc48dhoeSUZ1wjA4TRrP99bRVgL9CwG55GnD6XaZ0kRSH6UUkmjv3cyWqoW9dhzjxsjEB8tV1a51fZgYFNbCObOUzoLikR2QRWQ1kNz90jA455gbTAFdspgo1kfn/6NPCrEj3pKSe/dHvNQzzl5jTHxFFuamrZcLVdqfjBwiQ0kjkxEmZ3YarQLFUapX7wNBMmPiSaMdW3xcanlPku164XQ3CeVp3AG/gDTDul6mbPLzcqvQcov5rgOFIsSck4g5+0XwjSd0A12Fcd3GvZRllDqLXw7I0H3wgp/QFC5nbg== X-Forefront-Antispam-Report: CIP:192.88.168.50; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(2980300002)(1109001)(1110001)(339900001)(199003)(189002)(4326007)(87936001)(2906002)(5003940100001)(50466002)(19580405001)(50226001)(11100500001)(33646002)(36756003)(85426001)(86362001)(3470700001)(19580395003)(2351001)(48376002)(5008740100001)(50986999)(229853001)(92566002)(104016004)(6806005)(110136002)(2950100001)(77096005)(5001960100002)(1220700001)(1096002)(97736004)(81156007)(586003)(105606002)(106466001)(189998001)(47776003)(76176999)(7059030); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR0301MB0701; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: e4ed7566-1fd9-4f8a-5446-08d327e64525 X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB0701; 2:fZ1Zohh7h3ZOP0mZ2nA1nw0AOJkPbePBgvEOi7wPwQc9poQEzPnG8gZ9fOBmPPHeAtywzFKMM6VBvmxW2YtO4AcpCocm4iz/Dq97HzA5V2Y7O+oKORCFUSmHD4E1IByjM0bno3D4ZRvbpxsivydQ23p3KvM6Ziv0STYUaE7Bhx9r6OYOBJi13f/kiHNYuYTq; 3:7K38NnQRXeKQt2kCEf0Bhn6HGvjJY8OMiHoXg/uaiAztRyY275CEIzTOhwEilxkhJcsIoROTAmgA/nqTRXahxZq6xhpaszKqJ5sojkTw3UwpA3D5CE6livCQsLDDM20K9nNruhmAJMqdy8m18dwaZN5MY51bomZvWCjoezwMZfMqIUVdvpARcSJIZfg/W+zr+PSapVux+W6p9BrXi4xSwhDuP/VyJwWGA0W4Lsm14MI=; 25:9j7CntJESUN/877auwABeS01Plg+fPCMJsv6P4AWUb+A8szwtQATrRUK/cMnhQC32HDjs15Np0F3wpgcBJ5jt2gzxzR6+zddJpNFPLbY9vmgGsb1aV+H8+BCfhXWeUGPqy5zWxnw1Dsh+nhRHQzOOiNnmBakZVJmIYVKYzMPEaf/oQLkn2pIKpTeu7wPnDm1s5t5CKhw+5I0c5Tnqj1olOyYGeCgipWsapT61p+ZOncxPseCHXw2/al2di+wUQCD X-Exchange-Antispam-Report-Test: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0701; UriScan:(185117386973197); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(13015025)(13023025)(13018025)(13024025)(8121501046)(13017025)(5005006)(3002001)(10201501046); SRVR:DM2PR0301MB0701; BCL:0; PCL:0; RULEID:(400006); SRVR:DM2PR0301MB0701; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB0701; 4:eJdEtLwk8ammxqhWEFYVshnFEPMU973uqKFlwedYCzxr3a6DU7rNCJVC+PrnWuMoRjUhYyM03Qf0WI5JGy6H+LrMXmS3x2fELkMtJ84VR1LTddxhlxOJPYwl15z+iPzNbJk6G6AiiHIKIGigqQgq2C6ud6aHM1GmpdIQp2ynlgjaSadiWPHSVhHsrqgSkOyYxAREFsEpOyHiX6pSjaRBfBna/lTulHT2cumzbSjbfoIgmRqH2qvteghte3W7uJ96x9COsuSaspdAdbo//2bhZBzb4qv3H/Cx5ReHSKoc5oZTc0KCxx3Qnl3Org/Kpr+q9uPb72QFo++YGK+SkljyAk4P2CVe0FRpzLE2h80IOVxVSHYpTLpHGqar0arQGKqFxkj1qCZFZNH0uOj6dKfcNeHcS11WtsZkX0Xxomezm4JpvqlT23r56Dxltrn+rEAL8BltrBP3h6aOwyOg+esiPIcgnBtMvRf0haApJSbY+2R7rewXotAsYLSN4x6kxGko X-Forefront-PRVS: 083526BF8A X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0301MB0701; 23:EmcOnUeQUroKoEPUzixxqMI4as2qm1ApG4RHVWd?= =?us-ascii?Q?qtojR1/BuaYBpn6DZ1z8ifywzCiRnTeE7f9+wSvQZ7giBV/sAqlljDt/yTf3?= =?us-ascii?Q?jeD4wlgC6Ds5SC0rpdWV9+o885mVoXwxwoZMen62n20ILOxr5+IfNA6kzssN?= =?us-ascii?Q?UO3WPiuw7kSzfWNEp5aRNQ6Tkce/BpG3WrZVbn0qxJ64nOBchuR06FD2LnNn?= =?us-ascii?Q?vDoWwFi8q2Th3Ocbe07xO743lka+FVC2uObxeSdVEBrkAdn41n7LSCzXcfyt?= =?us-ascii?Q?fXY/VCRRA8PFl9Bu9nngMUPh1LTi1aIzgNDN5c+ZNgUNiolp0qNMegNBiuun?= =?us-ascii?Q?HRMRmqguXPGUiPj7QZqhbKyDW0wGwpn5qChsKV/aa/ji4w2Vy848GQv/CJC5?= =?us-ascii?Q?TyH2/RKaM9KbmFIwCSsVbuDacbFuxGvsgufOepf3bvbQ6Np79iyupg0Pgl9Y?= =?us-ascii?Q?bMH8YXCgSvaHTnB+GWzclSCjsmX1P4YTO4eD7YBQVtm5cRoLZsMUeBT49OwL?= =?us-ascii?Q?//iMbCk0O/2ZcTbDWc65E41YSJVETHLXxcIuh2AhQtiiolXxe3qcAkZVit9v?= =?us-ascii?Q?HclhtkF78gCR7swoYAqrgH+wnbzDkoskR6GJ+Vy5/g2TIWS5dpJqycIW8mAK?= =?us-ascii?Q?Bdv357W+XtttlYeByCkaFrBXU2+IBq8NzqktUtkx0cymRzjMl3rI+On5A9ln?= =?us-ascii?Q?78jcl+QLDp46cjoqK8kCUyL57PHO436XxPue+LqAqbzRSN3IFjOUJ3ZgjRYK?= =?us-ascii?Q?pzGUEtZL9xlD/D2II0RIl6hhD9bTXgq4Ij6+KX3PlOUTxN824uROzu8lhwNv?= =?us-ascii?Q?Ojv4AH9v3MSEq1Wk8jL2gAU4Pj+gu0W5lrd5H/cgftIWYgDwu09ec5yeuXLb?= =?us-ascii?Q?hnxomkh3chPfI3vNF1JX2LDiAugiJMAN3XWsBGJIDGkwW3oIaVuI4PLQQXeF?= =?us-ascii?Q?68za8b8n29bsUbG0Ym5NH8G+1gNewzeQHDlnweUqwOsSFOP6J1Z+/N74+Oa0?= =?us-ascii?Q?Az5nR1AZnr6SAsPjew+EfabTaPjmGycDBSpPUh4pun7N/zFatNXkd3atTlvD?= =?us-ascii?Q?7nO5S57pumDuWCBsNNHMwPKDdeaIVIHXIcvLMtv/QoNy2l85MyeRbP2xyHAs?= =?us-ascii?Q?I8eq5CNPoij+xgZzytjq/T1RjNhI9LioV?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB0701; 5:Xx32kOxGJqgzfWSKYXF5+Yn6G/QGnIlHweD+qBf3vK1BXw4ndOx7n8mrttOEWHnBqy/JfdP1ue4xt1YQYE0dlHUw/8eYD7pjf9b8zhMBNICCZyp9QuLcXYgB/lp/ReSAgAHQ093jMtIruiue/pApWpQklFv9Z04pCO1y0wuB1wQ=; 24:yRaPktLVgIBk9YdjuCXxJbu5f+QPPbeIz6G/tHxtHHdo3rYjIG+Xzfk7nnHljK3YLmVZpGD6R9B5hXZ56LTh1hEMKI9pCRblx8l2fCveNDw= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jan 2016 13:23:54.3691 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0701 X-Mailman-Approved-At: Thu, 28 Jan 2016 14:56:36 +0100 Cc: Saksham Jain , ruchika.gupta@nxp.com Subject: [U-Boot] [PATCH v2 13/15] SECURE BOOT: Halt execution when secure boot fail after reset request X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" In case of fatal failure during secure boot execution (e.g. header not found) it is needed that the execution stops. Earlier, we were asserting reset request in case in case of failure. But if the RESET_REQ is not tied off to HRESET, this allows the execution to continue. This can either be taken care in bootscript (Execute esbc_halt command in case of image verification process) or it can be taken care in Uboot Code. Doing the latter via a esbc_halt. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain --- Changes for v2: - No changes board/freescale/common/cmd_esbc_validate.c | 2 +- board/freescale/common/fsl_validate.c | 5 +++++ include/fsl_validate.h | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index dfa3e21..375bc24 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -8,7 +8,7 @@ #include #include -static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (fsl_check_boot_mode_secure() == 0) { diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index c12b9c9..95059c7 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); } /* @@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); + } else { change_sec_mon_state(HPSR_SSM_ST_TRUST, HPSR_SSM_ST_NON_SECURE); diff --git a/include/fsl_validate.h b/include/fsl_validate.h index f812c1a..ff6f6b7 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -242,6 +242,9 @@ struct fsl_secboot_img_priv { uint32_t img_size; /* ESBC Image Size */ }; +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); + int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, uintptr_t img_loc); int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,