summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBryan O'Donoghue <bryan.odonoghue@linaro.org>2018-01-12 12:40:10 +0000
committerStefano Babic <sbabic@denx.de>2018-01-14 17:26:30 +0100
commitb7c3cae7d35f003b8f4d15e8597eb638e5302796 (patch)
tree1895f0a7ddafdf98dfcb711c60202017d6acd492
parentc0a55b7344d4ed0b003e3f9696663539f50aaacb (diff)
arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
-rw-r--r--arch/arm/mach-imx/hab.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 2a18ea2da5..079423a1e3 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
hab_rvt_entry_t *hab_rvt_entry;
hab_rvt_exit_t *hab_rvt_exit;
+ hab_rvt_check_target_t *hab_rvt_check_target;
struct ivt *ivt;
struct ivt_header *ivt_hdr;
+ enum hab_status status;
hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
hab_rvt_entry = hab_rvt_entry_p;
hab_rvt_exit = hab_rvt_exit_p;
+ hab_rvt_check_target = hab_rvt_check_target_p;
if (!is_hab_enabled()) {
puts("hab fuse not enabled\n");
@@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
goto hab_caam_clock_disable;
}
+ status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
+ if (status != HAB_SUCCESS) {
+ printf("HAB check target 0x%08x-0x%08x fail\n",
+ ddr_start, ddr_start + bytes);
+ goto hab_caam_clock_disable;
+ }
#ifdef DEBUG
printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,