arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This commit is contained in:
Bryan O'Donoghue
Stefano Babic
parent
cd2d46003c
commit
49b6d05882
@ -80,6 +80,31 @@
|
||||
|
||||
static bool is_hab_enabled(void);
|
||||
|
||||
static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
|
||||
{
|
||||
printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
|
||||
ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int verify_ivt_header(struct ivt_header *ivt_hdr)
|
||||
{
|
||||
int result = 0;
|
||||
|
||||
if (ivt_hdr->magic != IVT_HEADER_MAGIC)
|
||||
result = ivt_header_error("bad magic", ivt_hdr);
|
||||
|
||||
if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
|
||||
result = ivt_header_error("bad length", ivt_hdr);
|
||||
|
||||
if (ivt_hdr->version != IVT_HEADER_V1 &&
|
||||
ivt_hdr->version != IVT_HEADER_V2)
|
||||
result = ivt_header_error("bad version", ivt_hdr);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_SPL_BUILD)
|
||||
|
||||
#define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
|
||||
@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
|
||||
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
|
||||
hab_rvt_entry_t *hab_rvt_entry;
|
||||
hab_rvt_exit_t *hab_rvt_exit;
|
||||
struct ivt *ivt;
|
||||
struct ivt_header *ivt_hdr;
|
||||
|
||||
hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
|
||||
hab_rvt_entry = hab_rvt_entry_p;
|
||||
@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
|
||||
|
||||
/* Calculate IVT address header */
|
||||
ivt_addr = ddr_start + ivt_offset;
|
||||
ivt = (struct ivt *)ivt_addr;
|
||||
ivt_hdr = &ivt->hdr;
|
||||
|
||||
/* Verify IVT header bugging out on error */
|
||||
if (verify_ivt_header(ivt_hdr))
|
||||
goto hab_caam_clock_disable;
|
||||
|
||||
start = ddr_start;
|
||||
bytes = image_size;
|
||||
#ifdef DEBUG
|
||||
@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
|
||||
printf("\tivt_offset = 0x%x\n", ivt_offset);
|
||||
printf("\tstart = 0x%08lx\n", start);
|
||||
printf("\tbytes = 0x%x\n", bytes);
|
||||
#else
|
||||
(void)ivt_addr;
|
||||
#endif
|
||||
/*
|
||||
* If the MMU is enabled, we have to notify the ROM
|
||||
|
||||
Loading…
Reference in New Issue
Block a user