[U-Boot] [PATCH 10/23] arm: imx: hab: Add IVT header verification
Breno Matheus Lima
brenomatheus at gmail.com
Thu Dec 28 00:59:18 UTC 2017
Hi Bryan,
2017-12-27 10:25 GMT-02:00 Bryan O'Donoghue <bryan.odonoghue at linaro.org>:
> The IVT header contains a magic number, fixed length and one of two version
> identifiers. Validate these settings before doing anything with a putative
> IVT binary.
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
> Cc: Stefano Babic <sbabic at denx.de>
> Cc: Fabio Estevam <fabio.estevam at nxp.com>
> Cc: Peng Fan <peng.fan at nxp.com>
> Cc: Albert Aribaud <albert.u.boot at aribaud.net>
> Cc: Sven Ebenfeld <sven.ebenfeld at gmail.com>
> Cc: George McCollister <george.mccollister at gmail.com>
> ---
> arch/arm/mach-imx/hab.c | 34 ++++++++++++++++++++++++++++++++++
> 1 file changed, 34 insertions(+)
>
> diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
> index 76267a7..5591cb5 100644
> --- a/arch/arm/mach-imx/hab.c
> +++ b/arch/arm/mach-imx/hab.c
> @@ -229,6 +229,31 @@ uint8_t hab_engines[16] = {
> -1
> };
>
> +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
> +{
> + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
> + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
> +
> + return 1;
> +}
> +
> +static int verify_ivt_header(struct ivt_header *ivt_hdr)
> +{
> + int result = 0;
> +
> + if (ivt_hdr->magic != IVT_HEADER_MAGIC)
> + result = ivt_header_error("bad magic", ivt_hdr);
> +
> + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
> + result = ivt_header_error("bad length", ivt_hdr);
> +
> + if (ivt_hdr->version != IVT_HEADER_V1 &&
> + ivt_hdr->version != IVT_HEADER_V2)
> + result = ivt_header_error("bad version", ivt_hdr);
> +
> + return result;
> +}
> +
I'm trying to build mx6sabreauto which uses the SPL framework and I'm
getting the following build error:
arch/arm/mach-imx/hab.c: In function 'imx_hab_authenticate_image':
arch/arm/mach-imx/hab.c:514:6: warning: implicit declaration of
function 'verify_ivt_header' [-Wimplicit-function-declaration]
if (verify_ivt_header(ivt_hdr))
^
arch/arm/mach-imx/hab.c: At top level:
arch/arm/mach-imx/hab.c:73:13: warning: 'hab_rvt_failsafe_new' defined
but not used [-Wunused-function]
static void hab_rvt_failsafe_new(void)
^
LD lib/built-in.o
LD spl/arch/arm/mach-imx/built-in.o
CC spl/lib/display_options.o
LD spl/common/spl/built-in.o
LD drivers/video/built-in.o
LD drivers/built-in.o
LD spl/lib/built-in.o
LD u-boot
LD spl/u-boot-spl
arch/arm/mach-imx/built-in.o: In function `imx_hab_authenticate_image':
/home/breno/NXP/bootloader/mainline/u-boot-imx/arch/arm/mach-imx/hab.c:514:
undefined reference to `verify_ivt_header'
scripts/Makefile.spl:358: recipe for target 'spl/u-boot-spl' failed
make[1]: *** [spl/u-boot-spl] Error 1
Makefile:1394: recipe for target 'spl/u-boot-spl' failed
make: *** [spl/u-boot-spl] Error 2
make: *** Waiting for unfinished jobs....
Moving the functions ivt_header_error and verify_ivt_header outside of
the "#if !defined(CONFIG_SPL_BUILD)" branch solves this issue in my
side. Can you please check if it's possible to move these functions?
Thanks,
Breno Lima
More information about the U-Boot
mailing list