From patchwork Sun May 31 17:25:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Wildt X-Patchwork-Id: 1301480 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=blueri.se Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49ZlZN6ldRz9sPK for ; Mon, 1 Jun 2020 03:25:46 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 054C281CA4; Sun, 31 May 2020 19:25:34 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=blueri.se Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 69E3F81C90; Sun, 31 May 2020 19:25:32 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SUBJ_OBFU_PUNCT_FEW,SUBJ_OBFU_PUNCT_MANY,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 Received: from pwildt.genua.de (pwildt.genua.de [80.154.94.49]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A2E4381C90 for ; Sun, 31 May 2020 19:25:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=blueri.se Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=patrick@blueri.se Received: from nox.fritz.box (p200300c1c741cf008d6d4b05f848fc5a.dip0.t-ipconnect.de [2003:c1:c741:cf00:8d6d:4b05:f848:fc5a]) by pwildt.genua.de (OpenSMTPD) with ESMTPSA id 5788171c (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO); Sun, 31 May 2020 19:25:28 +0200 (CEST) Date: Sun, 31 May 2020 19:25:26 +0200 From: Patrick Wildt To: u-boot@lists.denx.de Cc: Marek Vasut , Heinrich Schuchardt , Ye Li , Fabio Estevam , Simon Glass , Stefano Babic , Peng Fan , Tom Rini , Harald Seiler , Anatolij Gustschin , Adam Ford , Lukasz Majewski Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail Message-ID: <20200531172526.GA15781@nox.fritz.box> MIME-Version: 1.0 Content-Disposition: inline X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image for authenticity using its HAB engine. U-Boot's SPL mechanism allows booting images from other sources as well, but in the current setup the SPL would just hang if it encounters an image that does not pass scrutiny. Allowing the function to return an error, allows the SPL to try booting from another source as a fallback instead of ending up as a brick. Signed-off-by: Patrick Wildt Reviewed-by: Marek Vasut --- Changes in v3: - use EINVAL as return value to have a proper errno Changes in v2: - set SPL_FIT_FOUND only after successful post load arch/arm/mach-imx/spl.c | 6 ++++-- common/spl/spl_fit.c | 10 ++++++---- include/spl.h | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index 1a231c67f5a..1a0d979e2d0 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -313,7 +313,7 @@ ulong board_spl_fit_size_align(ulong size) return size; } -void board_spl_fit_post_load(ulong load_addr, size_t length) +int board_spl_fit_post_load(ulong load_addr, size_t length) { u32 offset = length - CONFIG_CSF_SIZE; @@ -321,8 +321,10 @@ void board_spl_fit_post_load(ulong load_addr, size_t length) offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { puts("spl: ERROR: image authentication unsuccessful\n"); - hang(); + return -EINVAL; } + + return 0; } #endif diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index f581a224213..ead4c6713af 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -26,8 +26,9 @@ DECLARE_GLOBAL_DATA_PTR; #define CONFIG_SYS_BOOTM_LEN (64 << 20) #endif -__weak void board_spl_fit_post_load(ulong load_addr, size_t length) +__weak int board_spl_fit_post_load(ulong load_addr, size_t length) { + return 0; } __weak ulong board_spl_fit_size_align(ulong size) @@ -677,11 +678,12 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_image->entry_point == FDT_ERROR || spl_image->entry_point == 0) spl_image->entry_point = spl_image->load_addr; - spl_image->flags |= SPL_FIT_FOUND; - #ifdef CONFIG_IMX_HAB - board_spl_fit_post_load((ulong)fit, size); + ret = board_spl_fit_post_load((ulong)fit, size); + if (ret) + return ret; #endif + spl_image->flags |= SPL_FIT_FOUND; return 0; } diff --git a/include/spl.h b/include/spl.h index b31c9bb4ab2..2607767d940 100644 --- a/include/spl.h +++ b/include/spl.h @@ -564,7 +564,7 @@ int board_return_to_bootrom(struct spl_image_info *spl_image, * board_spl_fit_post_load - allow process images after loading finished * */ -void board_spl_fit_post_load(ulong load_addr, size_t length); +int board_spl_fit_post_load(ulong load_addr, size_t length); /** * board_spl_fit_size_align - specific size align before processing payload