[U-Boot] [PATCH v4 14/14] SECURE BOOT: Change fsl_secboot_validate function to output image addr
Saksham Jain
saksham.jain at nxp.com
Tue Feb 9 06:23:42 CET 2016
Currently, fsl_secboot_validate function used to set env variable "img_addr"
to contain address of image being validated.
The function has been changed to output image addr via argument
img_addr_ptr. The command esbc_validate sets the env variable
"img_addr".
This change helps when fsl_secboot_validate function is called from within
UBOOT (because now instead of calling function "getenv("img_addr")"
we can directly get the image address.)
Signed-off-by: Aneesh Bansal <aneesh.bansal at nxp.com>
Signed-off-by: Saksham Jain <saksham.jain at nxp.com>
---
Changes for v2:
- No changes
Changes for v3:
- No changes
Changes for v4:
- Cleaned up commit message
board/freescale/common/cmd_esbc_validate.c | 12 +++++++++++-
board/freescale/common/fsl_validate.c | 26 +++++++++++++++-----------
include/fsl_validate.h | 4 ++--
3 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index 375bc24..cefe3cc 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -29,6 +29,8 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char *hash_str = NULL;
uintptr_t haddr;
int ret;
+ uintptr_t img_addr = 0;
+ char buf[20];
if (argc < 2)
return cmd_usage(cmdtp);
@@ -43,7 +45,15 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
* part of header. So, the function is called
* by passing this argument as 0.
*/
- ret = fsl_secboot_validate(haddr, hash_str, 0);
+ ret = fsl_secboot_validate(haddr, hash_str, &img_addr);
+
+ /* Need to set "img_addr" even if validation failure.
+ * Required when SB_EN in RCW set and non-fatal error
+ * to continue U-Boot
+ */
+ sprintf(buf, "%lx", img_addr);
+ setenv("img_addr", buf);
+
if (ret)
return 1;
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 95059c7..64e4e30 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -570,7 +570,7 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
/* Update hash for actual Image */
ret = algo->hash_update(algo, ctx,
- (u8 *)img->img_addr, img->img_size, 1);
+ (u8 *)(*(img->img_addr_ptr)), img->img_size, 1);
if (ret)
return ret;
@@ -646,7 +646,6 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img)
*/
static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
{
- char buf[20];
struct fsl_secboot_img_hdr *hdr = &img->hdr;
void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
u8 *k, *s;
@@ -661,17 +660,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
/* If Image Address is not passed as argument to function,
* then Address and Size must be read from the Header.
*/
- if (img->img_addr == 0) {
+ if (*(img->img_addr_ptr) == 0) {
#ifdef CONFIG_ESBC_ADDR_64BIT
- img->img_addr = hdr->pimg64;
+ *(img->img_addr_ptr) = hdr->pimg64;
#else
- img->img_addr = hdr->pimg;
+ *(img->img_addr_ptr) = hdr->pimg;
#endif
}
- sprintf(buf, "%lx", img->img_addr);
- setenv("img_addr", buf);
-
if (!hdr->img_size)
return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
@@ -814,9 +810,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
return 0;
}
-
+/* haddr - Address of the header of image to be validated.
+ * arg_hash_str - Option hash string. If provided, this
+ * overides the key hash in the SFP fuses.
+ * img_addr_ptr - Optional pointer to address of image to be validated.
+ * If non zero addr, this overides the addr of image in header,
+ * otherwise updated to image addr in header.
+ * Acts as both input and output of function.
+ * This pointer shouldn't be NULL.
+ */
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
- uintptr_t img_addr)
+ uintptr_t *img_addr_ptr)
{
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
ulong hash[SHA256_BYTES/sizeof(ulong)];
@@ -869,7 +873,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
/* Update the information in Private Struct */
hdr = &img->hdr;
img->ehdrloc = haddr;
- img->img_addr = img_addr;
+ img->img_addr_ptr = img_addr_ptr;
esbc = (u8 *)img->ehdrloc;
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index ff6f6b7..a71e1ce 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -238,7 +238,7 @@ struct fsl_secboot_img_priv {
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
uintptr_t ehdrloc; /* ESBC Header location */
- uintptr_t img_addr; /* ESBC Image Location */
+ uintptr_t *img_addr_ptr; /* ESBC Image Location */
uint32_t img_size; /* ESBC Image Size */
};
@@ -246,7 +246,7 @@ int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
- uintptr_t img_loc);
+ uintptr_t *img_addr_ptr);
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
--
1.8.1.4
More information about the U-Boot
mailing list