arm: imx: hab: Add IVT header verification

The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 2a40d065dd775717d6af6c2ddb468f17c95a3ebf..998d253f2c7a447c828b60ab3795a834528bd962 100644 (file)
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -80,6 +80,31 @@
 
 static bool is_hab_enabled(void);
 
 
 static bool is_hab_enabled(void);
 

+static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
+{
+       printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
+              ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
+
+       return 1;
+}
+
+static int verify_ivt_header(struct ivt_header *ivt_hdr)
+{
+       int result = 0;
+
+       if (ivt_hdr->magic != IVT_HEADER_MAGIC)
+               result = ivt_header_error("bad magic", ivt_hdr);
+
+       if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
+               result = ivt_header_error("bad length", ivt_hdr);
+
+       if (ivt_hdr->version != IVT_HEADER_V1 &&
+           ivt_hdr->version != IVT_HEADER_V2)
+               result = ivt_header_error("bad version", ivt_hdr);
+
+       return result;
+}
+

 #if !defined(CONFIG_SPL_BUILD)
 
 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
 #if !defined(CONFIG_SPL_BUILD)
 
 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */


@@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
        hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
        hab_rvt_entry_t *hab_rvt_entry;
        hab_rvt_exit_t *hab_rvt_exit;
        hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
        hab_rvt_entry_t *hab_rvt_entry;
        hab_rvt_exit_t *hab_rvt_exit;

+       struct ivt *ivt;
+       struct ivt_header *ivt_hdr;

 
        hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
        hab_rvt_entry = hab_rvt_entry_p;
 
        hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
        hab_rvt_entry = hab_rvt_entry_p;


@@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
        /* Calculate IVT address header */
        ivt_addr = ddr_start + ivt_offset;
 
        /* Calculate IVT address header */
        ivt_addr = ddr_start + ivt_offset;

+       ivt = (struct ivt *)ivt_addr;
+       ivt_hdr = &ivt->hdr;
+
+       /* Verify IVT header bugging out on error */
+       if (verify_ivt_header(ivt_hdr))
+               goto hab_caam_clock_disable;
+

        start = ddr_start;
        bytes = image_size;
 #ifdef DEBUG
        start = ddr_start;
        bytes = image_size;
 #ifdef DEBUG


@@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
        printf("\tivt_offset = 0x%x\n", ivt_offset);
        printf("\tstart = 0x%08lx\n", start);
        printf("\tbytes = 0x%x\n", bytes);
        printf("\tivt_offset = 0x%x\n", ivt_offset);
        printf("\tstart = 0x%08lx\n", start);
        printf("\tbytes = 0x%x\n", bytes);

-#else
-       (void)ivt_addr;

 #endif
        /*
         * If the MMU is enabled, we have to notify the ROM
 #endif
        /*
         * If the MMU is enabled, we have to notify the ROM