Commit 965249c753cb56df48de578ed97a294ab88fb597
1 parent
950b322fb0
Exists in
smarc-n7.1.2_2.0.0-ga
and in
2 other branches
MLK-14945 HAB: Check IVT DCD pointer before authenticating image
To avoid security leak, check the IVT DCD pointer before authenticating the kernel image. If the pointer is not 0, set back it to 0 and give a warning like the log below. Authenticate image from DDR location 0x80800000... Warning, DCD pointer must be 0 Signed-off-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 083daef8d9206d53fb4fa9807f37b8ff5dc319c7)
Showing 1 changed file with 11 additions and 0 deletions Side-by-side Diff
arch/arm/imx-common/hab.c
... | ... | @@ -488,6 +488,17 @@ |
488 | 488 | } |
489 | 489 | } |
490 | 490 | |
491 | + /* Clear the DCD pointer if it is not 0 */ | |
492 | + unsigned char *dcd_ptr = (unsigned char *)(ddr_start + ivt_offset + 0xC); | |
493 | + do { | |
494 | + if (*dcd_ptr) { | |
495 | + puts("Warning, DCD pointer must be 0\n"); | |
496 | + memset((void *)(ddr_start + ivt_offset + 0xC), 0, 4); | |
497 | + break; | |
498 | + } | |
499 | + dcd_ptr++; | |
500 | + } while (dcd_ptr < (unsigned char *)(ddr_start + ivt_offset + 0x10)); | |
501 | + | |
491 | 502 | load_addr = (uint32_t)hab_rvt_authenticate_image( |
492 | 503 | HAB_CID_UBOOT, |
493 | 504 | ivt_offset, (void **)&start, |