[PATCH v1 4/6] mach-k3: security: Propagate verified image addr
Andrew Davis
afd at ti.com
Thu Oct 23 16:24:30 CEST 2025
On 10/23/25 4:46 AM, Philippe Schenker wrote:
> From: Philippe Schenker <philippe.schenker at impulsing.ch>
>
> The ti_secure_image_check() function may relocate the image during
> authentication, updating image_addr to point to the verified location.
> The caller was not updated with this new address, causing it to
> reference the original unverified location.
>
> Update p_image with the verified image address after authentication
> to ensure subsequent operations use the correct location.
>
> Signed-off-by: Philippe Schenker <philippe.schenker at impulsing.ch>
> ---
Seems reasonable,
Acked-by: Andrew Davis <afd at ti.com>
BTW, did you actually run into an issue with having a binary moved
by the authentication, or was this found some other way? Normally
binaries don't move (but they can, so this is still valid).
>
> arch/arm/mach-k3/security.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
> index 3468a370a455..9255505a7944 100644
> --- a/arch/arm/mach-k3/security.c
> +++ b/arch/arm/mach-k3/security.c
> @@ -119,6 +119,8 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size)
> */
> *p_size = image_size;
>
> + *p_image = (void *)image_addr;
> +
> /*
> * Output notification of successful authentication to re-assure the
> * user that the secure code is being processed as expected. However
More information about the U-Boot
mailing list