Merge "Refactor load_auth_image_internal()." into integration
This commit is contained in:
commit
0d20514ec5
|
@ -143,26 +143,45 @@ exit:
|
||||||
return io_result;
|
return io_result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int load_auth_image_internal(unsigned int image_id,
|
/*
|
||||||
|
* Load an image and flush it out to main memory so that it can be executed
|
||||||
|
* later by any CPU, regardless of cache and MMU state.
|
||||||
|
*/
|
||||||
|
static int load_image_flush(unsigned int image_id,
|
||||||
|
image_info_t *image_data)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
rc = load_image(image_id, image_data);
|
||||||
|
if (rc == 0) {
|
||||||
|
flush_dcache_range(image_data->image_base,
|
||||||
|
image_data->image_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#if TRUSTED_BOARD_BOOT
|
||||||
|
/*
|
||||||
|
* This function uses recursion to authenticate the parent images up to the root
|
||||||
|
* of trust.
|
||||||
|
*/
|
||||||
|
static int load_auth_image_recursive(unsigned int image_id,
|
||||||
image_info_t *image_data,
|
image_info_t *image_data,
|
||||||
int is_parent_image)
|
int is_parent_image)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
unsigned int parent_id;
|
||||||
|
|
||||||
#if TRUSTED_BOARD_BOOT
|
/* Use recursion to authenticate parent images */
|
||||||
if (dyn_is_auth_disabled() == 0) {
|
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
||||||
unsigned int parent_id;
|
if (rc == 0) {
|
||||||
|
rc = load_auth_image_recursive(parent_id, image_data, 1);
|
||||||
/* Use recursion to authenticate parent images */
|
if (rc != 0) {
|
||||||
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
return rc;
|
||||||
if (rc == 0) {
|
|
||||||
rc = load_auth_image_internal(parent_id, image_data, 1);
|
|
||||||
if (rc != 0) {
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* TRUSTED_BOARD_BOOT */
|
|
||||||
|
|
||||||
/* Load the image */
|
/* Load the image */
|
||||||
rc = load_image(image_id, image_data);
|
rc = load_image(image_id, image_data);
|
||||||
|
@ -170,51 +189,58 @@ static int load_auth_image_internal(unsigned int image_id,
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if TRUSTED_BOARD_BOOT
|
/* Authenticate it */
|
||||||
if (dyn_is_auth_disabled() == 0) {
|
rc = auth_mod_verify_img(image_id,
|
||||||
/* Authenticate it */
|
(void *)image_data->image_base,
|
||||||
rc = auth_mod_verify_img(image_id,
|
image_data->image_size);
|
||||||
(void *)image_data->image_base,
|
if (rc != 0) {
|
||||||
image_data->image_size);
|
/* Authentication error, zero memory and flush it right away. */
|
||||||
if (rc != 0) {
|
zero_normalmem((void *)image_data->image_base,
|
||||||
/* Authentication error, zero memory and flush it right away. */
|
|
||||||
zero_normalmem((void *)image_data->image_base,
|
|
||||||
image_data->image_size);
|
image_data->image_size);
|
||||||
flush_dcache_range(image_data->image_base,
|
flush_dcache_range(image_data->image_base,
|
||||||
image_data->image_size);
|
image_data->image_size);
|
||||||
return -EAUTH;
|
return -EAUTH;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif /* TRUSTED_BOARD_BOOT */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Flush the image to main memory so that it can be executed later by
|
* Flush the image to main memory so that it can be executed later by
|
||||||
* any CPU, regardless of cache and MMU state. If TBB is enabled, then
|
* any CPU, regardless of cache and MMU state. This is only needed for
|
||||||
* the file has been successfully loaded and authenticated and flush
|
* child images, not for the parents (certificates).
|
||||||
* only for child images, not for the parents (certificates).
|
|
||||||
*/
|
*/
|
||||||
if (is_parent_image == 0) {
|
if (is_parent_image == 0) {
|
||||||
flush_dcache_range(image_data->image_base,
|
flush_dcache_range(image_data->image_base,
|
||||||
image_data->image_size);
|
image_data->image_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif /* TRUSTED_BOARD_BOOT */
|
||||||
|
|
||||||
|
static int load_auth_image_internal(unsigned int image_id,
|
||||||
|
image_info_t *image_data)
|
||||||
|
{
|
||||||
|
#if TRUSTED_BOARD_BOOT
|
||||||
|
if (dyn_is_auth_disabled() == 0) {
|
||||||
|
return load_auth_image_recursive(image_id, image_data, 0);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return load_image_flush(image_id, image_data);
|
||||||
|
}
|
||||||
|
|
||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
* Generic function to load and authenticate an image. The image is actually
|
* Generic function to load and authenticate an image. The image is actually
|
||||||
* loaded by calling the 'load_image()' function. Therefore, it returns the
|
* loaded by calling the 'load_image()' function. Therefore, it returns the
|
||||||
* same error codes if the loading operation failed, or -EAUTH if the
|
* same error codes if the loading operation failed, or -EAUTH if the
|
||||||
* authentication failed. In addition, this function uses recursion to
|
* authentication failed. In addition, this function uses recursion to
|
||||||
* authenticate the parent images up to the root of trust.
|
* authenticate the parent images up to the root of trust (if TBB is enabled).
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
int load_auth_image(unsigned int image_id, image_info_t *image_data)
|
int load_auth_image(unsigned int image_id, image_info_t *image_data)
|
||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
err = load_auth_image_internal(image_id, image_data, 0);
|
err = load_auth_image_internal(image_id, image_data);
|
||||||
} while ((err != 0) && (plat_try_next_boot_source() != 0));
|
} while ((err != 0) && (plat_try_next_boot_source() != 0));
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
|
|
Loading…
Reference in New Issue