From patchwork Mon Jan 8 17:36:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856973 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="GCp8XVkO"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjNx5XJPz9s4s for ; Tue, 9 Jan 2018 04:45:53 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 51463C21FD2; Mon, 8 Jan 2018 17:41:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 3C103C21FB8; Mon, 8 Jan 2018 17:37:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 83AF0C21FC9; Mon, 8 Jan 2018 17:37:09 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 66913C21F77 for ; Mon, 8 Jan 2018 17:37:05 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id a79so15702943wma.0 for ; Mon, 08 Jan 2018 09:37:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bDGiXyeGrstKzpxh4dz8o4SVfHf4OFCJ2mDeVzNoIdA=; b=GCp8XVkOGBTTlTt3e/x7RQREa0EzjdT1QiPv/47ml8Wrwt/9MH83G75955N5RWeBvK Wwit/1xzIfq9+yds1CNeue6QCXg7F/BYyUdwSIzjF+T5sBjnfdbTlWDnQ5AiZgCuPvgi 8tCCdpZ5v1j5yXR3KcrMid4e7WrQ8Oge2vl78= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bDGiXyeGrstKzpxh4dz8o4SVfHf4OFCJ2mDeVzNoIdA=; b=Yd4EOXc1sAZlbmnTpOJfPErbWFdROH4U8BKC36sFk7BPIDowqIIPvHKpiQsP+7YvfU /yFD4oQxZ1Cvftlom84qahY/rjdu9EiYlRDMVJHjNGF6Zr0nHfudfpmor6VpHZJU6DjS er55pAx/t4jjTWrF1UrgSzvu+ZZ3it/pdFAfUFuCbO9pSHC729xX4NXqSdnw60HAs2FI WmCvoQ07M6lGbjoc7Nil5zDzy0A9IP51qRycihSHIyXo7MF4b5CnzUha0sgDIkVeW+ii LSvGILhs4D9yIFQBNXh6AYjWEFLNGbbrbX6iFc2fLrfn3a0290W0ewiM7s2sCBk1NuP3 sxDQ== X-Gm-Message-State: AKGB3mJWvqgZqW/f+hSqfHWeGGHcHXAmFroc9XIhOsyNyoMHwJFfv63L ZD+1n2E77DDvqtrbzOdAP3f2HBZvSP4= X-Google-Smtp-Source: ACJfBov9oi2d+g6lELWSNt2Fa1Yl7sdUgMXUS+y2aMvGN5kmtPS+b3EYhoei6TkdkRy/JENdMahJDg== X-Received: by 10.80.213.154 with SMTP id v26mr17488917edi.170.1515433024730; Mon, 08 Jan 2018 09:37:04 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:04 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:33 +0000 Message-Id: <1515433001-13857-17-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 16/24] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a18ea2..079423a 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_caam_clock_disable; } + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,