Commit b2ca8907d92434300e081e0f23ec589a2de1be9f
Committed by
Stefano Babic
Stefano Babic
1 parent
d01806a8fc
Exists in
smarc_8mq_lf_v2020.04
and in
11 other branches
imx: hab: Convert non-NULL IVT DCD pointer warning to an error
The following NXP application notes and manual recommend to ensure the IVT DCD pointer is Null prior to calling HAB API authenticate_image() function: - AN12263: HABv4 RVT Guidelines and Recommendations - AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using HABv4 - CST docs: High Assurance Boot Version 4 Application Programming Interface Reference Manual Commit ca89df7dd46f ("imx: hab: Convert DCD non-NULL error to warning") converted DCD non-NULL error to warning due to the lack of documentation at the time of first patch submission. We have warned U-Boot users since v2018.03, and it makes sense now to follow the NXP recommendation to ensure the IVT DCD pointer is Null. DCD commands should only be present in the initial boot image loaded by the SoC ROM. Starting in HAB v4.3.7 the HAB code will generate an error if a DCD pointer is present in an image being authenticated by calling the HAB RVT API. Older versions of HAB will process and run DCD if it is present, and this could lead to an incorrect authentication boot flow. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <festevam@gmail.com>
Showing 1 changed file with 4 additions and 2 deletions Side-by-side Diff
arch/arm/mach-imx/hab.c
| ... | ... | @@ -585,8 +585,10 @@ |
| 585 | 585 | } |
| 586 | 586 | |
| 587 | 587 | /* Verify if IVT DCD pointer is NULL */ |
| 588 | - if (ivt->dcd) | |
| 589 | - puts("Warning: DCD pointer should be NULL\n"); | |
| 588 | + if (ivt->dcd) { | |
| 589 | + puts("Error: DCD pointer must be NULL\n"); | |
| 590 | + goto hab_authentication_exit; | |
| 591 | + } | |
| 590 | 592 | |
| 591 | 593 | start = ddr_start; |
| 592 | 594 | bytes = image_size; |