spl: allow board_spl_fit_post_load() to fail
Patrick Wildt
patrick at blueri.se
Sat May 9 18:13:28 CEST 2020
On i.MX platforms board_spl_fit_post_load() can check the loaded
SPL image for authenticity using its HAB engine. U-Boot's SPL
mechanism allows booting images from other sources as well, but
in the current setup the SPL would just hang if it encounters an
image that does not pass scrutiny. Allowing the function to return
an error, allows the SPL to try booting from another source as a
fallback instead of ending up as a brick.
Signed-off-by: Patrick Wildt <patrick at blueri.se>
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index fd3fa04600..b8f6fcb4df 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -311,7 +311,7 @@ ulong board_spl_fit_size_align(ulong size)
return size;
}
-void board_spl_fit_post_load(ulong load_addr, size_t length)
+int board_spl_fit_post_load(ulong load_addr, size_t length)
{
u32 offset = length - CONFIG_CSF_SIZE;
@@ -319,8 +319,10 @@ void board_spl_fit_post_load(ulong load_addr, size_t length)
offset + IVT_SIZE + CSF_PAD_SIZE,
offset)) {
puts("spl: ERROR: image authentication unsuccessful\n");
- hang();
+ return -1;
}
+
+ return 0;
}
#endif
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index c51e4beb1c..21c873c5fb 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -24,8 +24,9 @@ DECLARE_GLOBAL_DATA_PTR;
#define CONFIG_SYS_BOOTM_LEN (64 << 20)
#endif
-__weak void board_spl_fit_post_load(ulong load_addr, size_t length)
+__weak int board_spl_fit_post_load(ulong load_addr, size_t length)
{
+ return 0;
}
__weak ulong board_spl_fit_size_align(ulong size)
@@ -678,7 +679,9 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
spl_image->flags |= SPL_FIT_FOUND;
#ifdef CONFIG_IMX_HAB
- board_spl_fit_post_load((ulong)fit, size);
+ ret = board_spl_fit_post_load((ulong)fit, size);
+ if (ret)
+ return ret;
#endif
return 0;
diff --git a/include/spl.h b/include/spl.h
index 6bf9fd8beb..93d5a5a1f3 100644
--- a/include/spl.h
+++ b/include/spl.h
@@ -560,7 +560,7 @@ int board_return_to_bootrom(struct spl_image_info *spl_image,
* board_spl_fit_post_load - allow process images after loading finished
*
*/
-void board_spl_fit_post_load(ulong load_addr, size_t length);
+int board_spl_fit_post_load(ulong load_addr, size_t length);
/**
* board_spl_fit_size_align - specific size align before processing payload
More information about the U-Boot
mailing list