andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge "Refactor load_auth_image_internal()." into integration

This commit is contained in:
Alexei Fedorov 2019-11-18 10:06:53 +00:00 committed by TrustedFirmware Code Review
parent 38f98204c8 9e7d66314a
commit 0d20514ec5
1 changed files with 59 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
common/bl_common.c
View File

@ -143,26 +143,45 @@ exit:
return io_result; return io_result;
} }
static int load_auth_image_internal(unsigned int image_id, /*
* Load an image and flush it out to main memory so that it can be executed
* later by any CPU, regardless of cache and MMU state.
*/
static int load_image_flush(unsigned int image_id,
image_info_t *image_data)
{
int rc;
rc = load_image(image_id, image_data);
if (rc == 0) {
flush_dcache_range(image_data->image_base,
image_data->image_size);
}
return rc;
}
#if TRUSTED_BOARD_BOOT
/*
* This function uses recursion to authenticate the parent images up to the root
* of trust.
*/
static int load_auth_image_recursive(unsigned int image_id,
image_info_t *image_data, image_info_t *image_data,
int is_parent_image) int is_parent_image)
{ {
int rc; int rc;
unsigned int parent_id;
#if TRUSTED_BOARD_BOOT /* Use recursion to authenticate parent images */
if (dyn_is_auth_disabled() == 0) { rc = auth_mod_get_parent_id(image_id, &parent_id);
unsigned int parent_id; if (rc == 0) {
rc = load_auth_image_recursive(parent_id, image_data, 1);
/* Use recursion to authenticate parent images */ if (rc != 0) {
rc = auth_mod_get_parent_id(image_id, &parent_id); return rc;
if (rc == 0) {
rc = load_auth_image_internal(parent_id, image_data, 1);
if (rc != 0) {
return rc;
}
} }
} }
#endif /* TRUSTED_BOARD_BOOT */
/* Load the image */ /* Load the image */
rc = load_image(image_id, image_data); rc = load_image(image_id, image_data);
@ -170,51 +189,58 @@ static int load_auth_image_internal(unsigned int image_id,
return rc; return rc;
} }
#if TRUSTED_BOARD_BOOT /* Authenticate it */
if (dyn_is_auth_disabled() == 0) { rc = auth_mod_verify_img(image_id,
/* Authenticate it */ (void *)image_data->image_base,
rc = auth_mod_verify_img(image_id, image_data->image_size);
(void *)image_data->image_base, if (rc != 0) {
image_data->image_size); /* Authentication error, zero memory and flush it right away. */
if (rc != 0) { zero_normalmem((void *)image_data->image_base,
/* Authentication error, zero memory and flush it right away. */
zero_normalmem((void *)image_data->image_base,
image_data->image_size); image_data->image_size);
flush_dcache_range(image_data->image_base, flush_dcache_range(image_data->image_base,
image_data->image_size); image_data->image_size);
return -EAUTH; return -EAUTH;
}
} }
#endif /* TRUSTED_BOARD_BOOT */
/* /*
* Flush the image to main memory so that it can be executed later by * Flush the image to main memory so that it can be executed later by
* any CPU, regardless of cache and MMU state. If TBB is enabled, then * any CPU, regardless of cache and MMU state. This is only needed for
* the file has been successfully loaded and authenticated and flush * child images, not for the parents (certificates).
* only for child images, not for the parents (certificates).
*/ */
if (is_parent_image == 0) { if (is_parent_image == 0) {
flush_dcache_range(image_data->image_base, flush_dcache_range(image_data->image_base,
image_data->image_size); image_data->image_size);
} }
return 0; return 0;
} }
#endif /* TRUSTED_BOARD_BOOT */
static int load_auth_image_internal(unsigned int image_id,
image_info_t *image_data)
{
#if TRUSTED_BOARD_BOOT
if (dyn_is_auth_disabled() == 0) {
return load_auth_image_recursive(image_id, image_data, 0);
}
#endif
return load_image_flush(image_id, image_data);
}
/******************************************************************************* /*******************************************************************************
* Generic function to load and authenticate an image. The image is actually * Generic function to load and authenticate an image. The image is actually
* loaded by calling the 'load_image()' function. Therefore, it returns the * loaded by calling the 'load_image()' function. Therefore, it returns the
* same error codes if the loading operation failed, or -EAUTH if the * same error codes if the loading operation failed, or -EAUTH if the
* authentication failed. In addition, this function uses recursion to * authentication failed. In addition, this function uses recursion to
* authenticate the parent images up to the root of trust. * authenticate the parent images up to the root of trust (if TBB is enabled).
******************************************************************************/ ******************************************************************************/
int load_auth_image(unsigned int image_id, image_info_t *image_data) int load_auth_image(unsigned int image_id, image_info_t *image_data)
{ {
int err; int err;
do { do {
err = load_auth_image_internal(image_id, image_data, 0); err = load_auth_image_internal(image_id, image_data);
} while ((err != 0) && (plat_try_next_boot_source() != 0)); } while ((err != 0) && (plat_try_next_boot_source() != 0));
return err; return err;