Message ID | 1454995422-31731-14-git-send-email-saksham.jain@nxp.com |
---|---|
State | Changes Requested |
Delegated to: | York Sun |
Headers | show |
On 02/08/2016 09:27 PM, Saksham Jain wrote: > In case of fatal failure during secure boot execution (e.g. header not found) > it is needed that the execution stops. > Earlier, we were asserting reset request in case in case of failure. But if > the RESET_REQ is not tied off to HRESET, this allows the execution to continue. > > This can either be taken care in bootscript (Execute esbc_halt command in case of > image verification process) or it can be taken care in Uboot Code. > > Doing the latter via a esbc_halt. > Please keep the line wrap under 72 characters and consistent. York
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index dfa3e21..375bc24 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -8,7 +8,7 @@ #include <command.h> #include <fsl_validate.h> -static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (fsl_check_boot_mode_secure() == 0) { diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index c12b9c9..95059c7 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); } /* @@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); + } else { change_sec_mon_state(HPSR_SSM_ST_TRUST, HPSR_SSM_ST_NON_SECURE); diff --git a/include/fsl_validate.h b/include/fsl_validate.h index f812c1a..ff6f6b7 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -242,6 +242,9 @@ struct fsl_secboot_img_priv { uint32_t img_size; /* ESBC Image Size */ }; +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); + int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, uintptr_t img_loc); int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,