From 85bb38965431424d4e4a7b5030cc589a3401a988 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:45 +0530 Subject: [PATCH] SECURE BOOT: Change fsl_secboot_validate func to pass image addr Use a pointer to pass image address to fsl_secboot_validate(), instead of using environmental variable "img_addr". Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun --- board/freescale/common/cmd_esbc_validate.c | 12 +++++++++++- board/freescale/common/fsl_validate.c | 26 +++++++++++++++----------- include/fsl_validate.h | 4 ++-- 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index 375bc24..cefe3cc 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -29,6 +29,8 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc, char *hash_str = NULL; uintptr_t haddr; int ret; + uintptr_t img_addr = 0; + char buf[20]; if (argc < 2) return cmd_usage(cmdtp); @@ -43,7 +45,15 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc, * part of header. So, the function is called * by passing this argument as 0. */ - ret = fsl_secboot_validate(haddr, hash_str, 0); + ret = fsl_secboot_validate(haddr, hash_str, &img_addr); + + /* Need to set "img_addr" even if validation failure. + * Required when SB_EN in RCW set and non-fatal error + * to continue U-Boot + */ + sprintf(buf, "%lx", img_addr); + setenv("img_addr", buf); + if (ret) return 1; diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 95059c7..64e4e30 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -570,7 +570,7 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, - (u8 *)img->img_addr, img->img_size, 1); + (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); if (ret) return ret; @@ -646,7 +646,6 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) */ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) { - char buf[20]; struct fsl_secboot_img_hdr *hdr = &img->hdr; void *esbc = (u8 *)(uintptr_t)img->ehdrloc; u8 *k, *s; @@ -661,17 +660,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) /* If Image Address is not passed as argument to function, * then Address and Size must be read from the Header. */ - if (img->img_addr == 0) { + if (*(img->img_addr_ptr) == 0) { #ifdef CONFIG_ESBC_ADDR_64BIT - img->img_addr = hdr->pimg64; + *(img->img_addr_ptr) = hdr->pimg64; #else - img->img_addr = hdr->pimg; + *(img->img_addr_ptr) = hdr->pimg; #endif } - sprintf(buf, "%lx", img->img_addr); - setenv("img_addr", buf); - if (!hdr->img_size) return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; @@ -814,9 +810,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) return 0; } - +/* haddr - Address of the header of image to be validated. + * arg_hash_str - Option hash string. If provided, this + * overides the key hash in the SFP fuses. + * img_addr_ptr - Optional pointer to address of image to be validated. + * If non zero addr, this overides the addr of image in header, + * otherwise updated to image addr in header. + * Acts as both input and output of function. + * This pointer shouldn't be NULL. + */ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_addr) + uintptr_t *img_addr_ptr) { struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -869,7 +873,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, /* Update the information in Private Struct */ hdr = &img->hdr; img->ehdrloc = haddr; - img->img_addr = img_addr; + img->img_addr_ptr = img_addr_ptr; esbc = (u8 *)img->ehdrloc; memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); diff --git a/include/fsl_validate.h b/include/fsl_validate.h index ff6f6b7..a71e1ce 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -238,7 +238,7 @@ struct fsl_secboot_img_priv { struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ uintptr_t ehdrloc; /* ESBC Header location */ - uintptr_t img_addr; /* ESBC Image Location */ + uintptr_t *img_addr_ptr; /* ESBC Image Location */ uint32_t img_size; /* ESBC Image Size */ }; @@ -246,7 +246,7 @@ int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_loc); + uintptr_t *img_addr_ptr); int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, -- 2.7.4