From a6ccd46142221929b483907f74ef81dd6ed7432e Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Fri, 12 Jan 2018 12:40:11 +0000 Subject: [PATCH] arm: imx: hab: Print HAB event log only after calling ROM The current flow of authenticate_image() will print the HAB event log even if we reject an element of the IVT header before ever calling into the ROM. This can be confusing. This patch changes the flow of the code so that the HAB event log is only printed out if we have called into the ROM and received some sort of status code. Signed-off-by: Bryan O'Donoghue Suggested-by: Cc: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Tested-by: Breno Lima Reviewed-by: Fabio Estevam (cherry picked from commit 2c6c68d282b84f8766917bd72db17bfb223f2cca) --- arch/arm/mach-imx/hab.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 079423a1e3..3ae88a483d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -478,14 +478,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (hab_rvt_entry() != HAB_SUCCESS) { puts("hab entry function fail\n"); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); if (status != HAB_SUCCESS) { printf("HAB check target 0x%08x-0x%08x fail\n", ddr_start, ddr_start + bytes); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); @@ -543,12 +543,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, load_addr = 0; } -hab_caam_clock_disable: - hab_caam_clock_enable(0); - +hab_exit_failure_print_status: #if !defined(CONFIG_SPL_BUILD) get_hab_status(); #endif + +hab_caam_clock_disable: + hab_caam_clock_enable(0); + if (load_addr != 0) result = 0;