[U-Boot] [PATCH v2 16/23] arm: imx: hab: Add a hab_rvt_check_target to image auth

Bryan O'Donoghue bryan.odonoghue at linaro.org
Thu Dec 28 18:49:35 UTC 2017


Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.

This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
Cc: Stefano Babic <sbabic at denx.de>
Cc: Fabio Estevam <fabio.estevam at nxp.com>
Cc: Peng Fan <peng.fan at nxp.com>
Cc: Albert Aribaud <albert.u.boot at aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld at gmail.com>
Cc: George McCollister <george.mccollister at gmail.com>
Cc: Breno Matheus Lima <brenomatheus at gmail.com>
---
 arch/arm/mach-imx/hab.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index eb18f76..864b1e2 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
 	hab_rvt_entry_t *hab_rvt_entry;
 	hab_rvt_exit_t *hab_rvt_exit;
+	hab_rvt_check_target_t *hab_rvt_check_target;
 	struct ivt *ivt;
 	struct ivt_header *ivt_hdr;
+	enum hab_status status;
 
 	hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
 	hab_rvt_entry = hab_rvt_entry_p;
 	hab_rvt_exit = hab_rvt_exit_p;
+	hab_rvt_check_target = hab_rvt_check_target_p;
 
 	if (!is_hab_enabled()) {
 		puts("hab fuse not enabled\n");
@@ -477,6 +480,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 	start = ddr_start;
 	bytes = image_size;
+
+	status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
+	if (status != HAB_SUCCESS) {
+		printf("HAB check target 0x%08x-0x%08x fail\n",
+		       ddr_start, ddr_start + bytes);
+		goto hab_caam_clock_disable;
+	}
 #ifdef DEBUG
 	printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
 	printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
-- 
2.7.4



More information about the U-Boot mailing list