mirror of
https://github.com/brain-hackers/u-boot-brain
synced 2024-09-30 00:20:44 +09:00
arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
(cherry picked from commit 49b6d05882
)
This commit is contained in:
parent
52f98f35a7
commit
3ff0628fcc
@ -80,6 +80,31 @@
|
|||||||
|
|
||||||
static bool is_hab_enabled(void);
|
static bool is_hab_enabled(void);
|
||||||
|
|
||||||
|
static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
|
||||||
|
{
|
||||||
|
printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
|
||||||
|
ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int verify_ivt_header(struct ivt_header *ivt_hdr)
|
||||||
|
{
|
||||||
|
int result = 0;
|
||||||
|
|
||||||
|
if (ivt_hdr->magic != IVT_HEADER_MAGIC)
|
||||||
|
result = ivt_header_error("bad magic", ivt_hdr);
|
||||||
|
|
||||||
|
if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
|
||||||
|
result = ivt_header_error("bad length", ivt_hdr);
|
||||||
|
|
||||||
|
if (ivt_hdr->version != IVT_HEADER_V1 &&
|
||||||
|
ivt_hdr->version != IVT_HEADER_V2)
|
||||||
|
result = ivt_header_error("bad version", ivt_hdr);
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(CONFIG_SPL_BUILD)
|
#if !defined(CONFIG_SPL_BUILD)
|
||||||
|
|
||||||
#define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
|
#define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
|
||||||
@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
|
|||||||
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
|
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
|
||||||
hab_rvt_entry_t *hab_rvt_entry;
|
hab_rvt_entry_t *hab_rvt_entry;
|
||||||
hab_rvt_exit_t *hab_rvt_exit;
|
hab_rvt_exit_t *hab_rvt_exit;
|
||||||
|
struct ivt *ivt;
|
||||||
|
struct ivt_header *ivt_hdr;
|
||||||
|
|
||||||
hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
|
hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
|
||||||
hab_rvt_entry = hab_rvt_entry_p;
|
hab_rvt_entry = hab_rvt_entry_p;
|
||||||
@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
|
|||||||
|
|
||||||
/* Calculate IVT address header */
|
/* Calculate IVT address header */
|
||||||
ivt_addr = ddr_start + ivt_offset;
|
ivt_addr = ddr_start + ivt_offset;
|
||||||
|
ivt = (struct ivt *)ivt_addr;
|
||||||
|
ivt_hdr = &ivt->hdr;
|
||||||
|
|
||||||
|
/* Verify IVT header bugging out on error */
|
||||||
|
if (verify_ivt_header(ivt_hdr))
|
||||||
|
goto hab_caam_clock_disable;
|
||||||
|
|
||||||
start = ddr_start;
|
start = ddr_start;
|
||||||
bytes = image_size;
|
bytes = image_size;
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
|
|||||||
printf("\tivt_offset = 0x%x\n", ivt_offset);
|
printf("\tivt_offset = 0x%x\n", ivt_offset);
|
||||||
printf("\tstart = 0x%08lx\n", start);
|
printf("\tstart = 0x%08lx\n", start);
|
||||||
printf("\tbytes = 0x%x\n", bytes);
|
printf("\tbytes = 0x%x\n", bytes);
|
||||||
#else
|
|
||||||
(void)ivt_addr;
|
|
||||||
#endif
|
#endif
|
||||||
/*
|
/*
|
||||||
* If the MMU is enabled, we have to notify the ROM
|
* If the MMU is enabled, we have to notify the ROM
|
||||||
|
Loading…
Reference in New Issue
Block a user