From: Saksham Jain <saksham.jain@nxp.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 13/14] SECURE BOOT: Halt execution when secure boot fail after reset request
Date: Wed, 27 Jan 2016 15:31:10 +0530 [thread overview]
Message-ID: <1453888871-13307-14-git-send-email-saksham.jain@nxp.com> (raw)
In-Reply-To: <1453888871-13307-1-git-send-email-saksham.jain@nxp.com>
In case of fatal failure during secure boot execution (e.g. header not found)
it is needed that the execution stops.
Earlier, we were asserting reset request in case in case of failure. But if
the RESET_REQ is not tied off to HRESET, this allows the execution to continue.
This can either be taken care in bootscript (Execute esbc_halt command in case of
image verification process) or it can be taken care in Uboot Code.
Doing the latter via a esbc_halt.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
---
board/freescale/common/cmd_esbc_validate.c | 2 +-
board/freescale/common/fsl_validate.c | 5 +++++
include/fsl_validate.h | 3 +++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index dfa3e21..375bc24 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -8,7 +8,7 @@
#include <command.h>
#include <fsl_validate.h>
-static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
if (fsl_check_boot_mode_secure() == 0) {
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index c12b9c9..95059c7 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void)
printf("Generating reset request\n");
do_reset(NULL, 0, 0, NULL);
+ /* If reset doesn't coocur, halt execution */
+ do_esbc_halt(NULL, 0, 0, NULL);
}
/*
@@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void)
printf("Generating reset request\n");
do_reset(NULL, 0, 0, NULL);
+ /* If reset doesn't coocur, halt execution */
+ do_esbc_halt(NULL, 0, 0, NULL);
+
} else {
change_sec_mon_state(HPSR_SSM_ST_TRUST,
HPSR_SSM_ST_NON_SECURE);
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index f812c1a..ff6f6b7 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -242,6 +242,9 @@ struct fsl_secboot_img_priv {
uint32_t img_size; /* ESBC Image Size */
};
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[]);
+
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
uintptr_t img_loc);
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
--
1.8.1.4
next prev parent reply other threads:[~2016-01-27 10:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-27 10:00 [U-Boot] [PATCH 00/14] Add Support for Secure Boot on LS208x Saksham Jain
2016-01-27 10:00 ` [U-Boot] [PATCH 01/14] armv8: ls2080: Add SFP Configs for LS2080/LS2085 Saksham Jain
2016-01-27 10:00 ` [U-Boot] [PATCH 02/14] armv8: ls2080: Add Secure Boot configs: SEC, Security Monitor, SRK and RCW Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 03/14] SECURE BOOT: Add new ESBC header for ls-ch3 Secure Boot Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 04/14] SECURE BOOT: Add Secure Boot support on ls2080aqds/rdb Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 05/14] armv8: fsl-lsch3: Add bootscript header address for Secure Boot Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 06/14] SECURE BOOT: Copy Bootscript and header from NOR to DDR for LS2080/5 Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 07/14] SECURE BOOT: Change env variable "fdt_high" for LS2080a and LS2085a Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 08/14] armv8 : ls2080: Add config for endianess of CCSR GUR Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 09/14] armv8: fsl-lsch3: Disable SMMU during Secure Boot Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 10/14] crypto/fsl: Correct 64bit Write when MMU disabled Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 11/14] crypto/fsl: Make CAAM transactions cacheable Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 12/14] SECURE_BOOT: Use default bootargs during Secure Boot Saksham Jain
2016-01-27 10:01 ` Saksham Jain [this message]
2016-01-27 10:01 ` [U-Boot] [PATCH 14/14] SECURE_BOOT: Enable IE (Key extention) Feature in Ls2085a & LS2088a Saksham Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453888871-13307-14-git-send-email-saksham.jain@nxp.com \
--to=saksham.jain@nxp.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.