Allow disabling authentication dynamically
This patch allows platforms to dynamically disable authentication of images during cold boot. This capability is controlled via the DYN_DISABLE_AUTH build flag and is only meant for development purposes. Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This commit is contained in:
Soby Mathew
parent
1f4d62df6c
commit
209a60cca5
16
Makefile
16
Makefile
|
|
@ -401,6 +401,16 @@ ifeq ($(FAULT_INJECTION_SUPPORT),1)
|
|||
endif
|
||||
endif
|
||||
|
||||
# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 and LOAD_IMAGE_V2=1
|
||||
ifeq ($(DYN_DISABLE_AUTH), 1)
|
||||
ifeq (${TRUSTED_BOARD_BOOT}, 0)
|
||||
$(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.")
|
||||
endif
|
||||
ifeq (${LOAD_IMAGE_V2}, 0)
|
||||
$(error "DYN_DISABLE_AUTH is only supported for LOAD_IMAGE_V2.")
|
||||
endif
|
||||
endif
|
||||
|
||||
################################################################################
|
||||
# Process platform overrideable behaviour
|
||||
################################################################################
|
||||
|
|
@ -517,6 +527,7 @@ $(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS))
|
|||
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
|
||||
$(eval $(call assert_boolean,DEBUG))
|
||||
$(eval $(call assert_boolean,DISABLE_PEDANTIC))
|
||||
$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
|
||||
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
|
||||
$(eval $(call assert_boolean,ENABLE_AMU))
|
||||
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
|
||||
|
|
@ -620,6 +631,11 @@ else
|
|||
$(eval $(call add_define,AARCH64))
|
||||
endif
|
||||
|
||||
# Define the DYN_DISABLE_AUTH flag only if set.
|
||||
ifeq (${DYN_DISABLE_AUTH},1)
|
||||
$(eval $(call add_define,DYN_DISABLE_AUTH))
|
||||
endif
|
||||
|
||||
################################################################################
|
||||
# Build targets
|
||||
################################################################################
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
|
@ -17,6 +17,35 @@
|
|||
#include <utils.h>
|
||||
#include <xlat_tables_defs.h>
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
# ifdef DYN_DISABLE_AUTH
|
||||
static int disable_auth;
|
||||
|
||||
/******************************************************************************
|
||||
* API to dynamically disable authentication. Only meant for development
|
||||
* systems. This is only invoked if DYN_DISABLE_AUTH is defined. This
|
||||
* capability is restricted to LOAD_IMAGE_V2.
|
||||
*****************************************************************************/
|
||||
void dyn_disable_auth(void)
|
||||
{
|
||||
INFO("Disabling authentication of images dynamically\n");
|
||||
disable_auth = 1;
|
||||
}
|
||||
# endif /* DYN_DISABLE_AUTH */
|
||||
|
||||
/******************************************************************************
|
||||
* Function to determine whether the authentication is disabled dynamically.
|
||||
*****************************************************************************/
|
||||
static int dyn_is_auth_disabled(void)
|
||||
{
|
||||
# ifdef DYN_DISABLE_AUTH
|
||||
return disable_auth;
|
||||
# else
|
||||
return 0;
|
||||
# endif
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
uintptr_t page_align(uintptr_t value, unsigned dir)
|
||||
{
|
||||
/* Round up the limit to the next page boundary */
|
||||
|
|
@ -287,14 +316,16 @@ static int load_auth_image_internal(unsigned int image_id,
|
|||
int rc;
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
unsigned int parent_id;
|
||||
if (dyn_is_auth_disabled() == 0) {
|
||||
unsigned int parent_id;
|
||||
|
||||
/* Use recursion to authenticate parent images */
|
||||
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
||||
if (rc == 0) {
|
||||
rc = load_auth_image_internal(parent_id, image_data, 1);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
/* Use recursion to authenticate parent images */
|
||||
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
||||
if (rc == 0) {
|
||||
rc = load_auth_image_internal(parent_id, image_data, 1);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
|
@ -306,17 +337,19 @@ static int load_auth_image_internal(unsigned int image_id,
|
|||
}
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
/* Authenticate it */
|
||||
rc = auth_mod_verify_img(image_id,
|
||||
(void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
if (rc != 0) {
|
||||
/* Authentication error, zero memory and flush it right away. */
|
||||
zero_normalmem((void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
return -EAUTH;
|
||||
if (dyn_is_auth_disabled() == 0) {
|
||||
/* Authenticate it */
|
||||
rc = auth_mod_verify_img(image_id,
|
||||
(void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
if (rc != 0) {
|
||||
/* Authentication error, zero memory and flush it right away. */
|
||||
zero_normalmem((void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
return -EAUTH;
|
||||
}
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
|
|
|
|||
|
|
@ -323,6 +323,11 @@ Common build options
|
|||
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
|
||||
(release) or 1 (debug) as values. 0 is the default.
|
||||
|
||||
- ``DYN_DISABLE_AUTH``: Enables the capability to disable Trusted Board Boot
|
||||
authentication. This option is only meant to be enabled for development
|
||||
platforms. Both TRUSTED_BOARD_BOOT and the LOAD_IMAGE_V2 flags need to be
|
||||
set if this flag has to be enabled. 0 is the default.
|
||||
|
||||
- ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
|
||||
the normal boot flow. It must specify the entry point address of the EL3
|
||||
payload. Please refer to the "Booting an EL3 payload" section for more
|
||||
|
|
|
|||
|
|
@ -233,6 +233,14 @@ void reserve_mem(uintptr_t *free_base, size_t *free_size,
|
|||
|
||||
#endif /* LOAD_IMAGE_V2 */
|
||||
|
||||
#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
|
||||
/*
|
||||
* API to dynamically disable authentication. Only meant for development
|
||||
* systems.
|
||||
*/
|
||||
void dyn_disable_auth(void);
|
||||
#endif
|
||||
|
||||
extern const char build_message[];
|
||||
extern const char version_string[];
|
||||
|
||||
|
|
|
|||
|
|
@ -58,6 +58,10 @@ DEBUG := 0
|
|||
# Build platform
|
||||
DEFAULT_PLAT := fvp
|
||||
|
||||
# Enable capability to disable authentication dynamically. Only meant for
|
||||
# development platforms.
|
||||
DYN_DISABLE_AUTH := 0
|
||||
|
||||
# Flag to enable Performance Measurement Framework
|
||||
ENABLE_PMF := 0
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue