From a01b20a6bb1394e7048d565e10b349d3b3fa1d98 Mon Sep 17 00:00:00 2001
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Date: Fri, 12 Jan 2018 12:40:05 +0000
Subject: [PATCH] arm: imx: hab: Only call ROM once headers are verified

Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
(cherry picked from commit 04099e9ced6421940248d5357786901bb89f4ce4)
---
 arch/arm/mach-imx/hab.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 39f8f2de59..a8e3e79c3b 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 	hab_caam_clock_enable(1);
 
-	if (hab_rvt_entry() != HAB_SUCCESS) {
-		puts("hab entry function fail\n");
-		goto hab_caam_clock_disable;
-	}
-
 	/* Calculate IVT address header */
 	ivt_addr = ddr_start + ivt_offset;
 	ivt = (struct ivt *)ivt_addr;
@@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 	start = ddr_start;
 	bytes = image_size;
+
+	if (hab_rvt_entry() != HAB_SUCCESS) {
+		puts("hab entry function fail\n");
+		goto hab_caam_clock_disable;
+	}
+
 #ifdef DEBUG
 	printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
 	puts("Dumping IVT\n");