Allow disabling authentication dynamically
This patch allows platforms to dynamically disable authentication of images during cold boot. This capability is controlled via the DYN_DISABLE_AUTH build flag and is only meant for development purposes. Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This commit is contained in:
parent
1f4d62df6c
commit
209a60cca5
16
Makefile
16
Makefile
|
@ -401,6 +401,16 @@ ifeq ($(FAULT_INJECTION_SUPPORT),1)
|
||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 and LOAD_IMAGE_V2=1
|
||||||
|
ifeq ($(DYN_DISABLE_AUTH), 1)
|
||||||
|
ifeq (${TRUSTED_BOARD_BOOT}, 0)
|
||||||
|
$(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.")
|
||||||
|
endif
|
||||||
|
ifeq (${LOAD_IMAGE_V2}, 0)
|
||||||
|
$(error "DYN_DISABLE_AUTH is only supported for LOAD_IMAGE_V2.")
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Process platform overrideable behaviour
|
# Process platform overrideable behaviour
|
||||||
################################################################################
|
################################################################################
|
||||||
|
@ -517,6 +527,7 @@ $(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS))
|
||||||
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
|
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
|
||||||
$(eval $(call assert_boolean,DEBUG))
|
$(eval $(call assert_boolean,DEBUG))
|
||||||
$(eval $(call assert_boolean,DISABLE_PEDANTIC))
|
$(eval $(call assert_boolean,DISABLE_PEDANTIC))
|
||||||
|
$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
|
||||||
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
|
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
|
||||||
$(eval $(call assert_boolean,ENABLE_AMU))
|
$(eval $(call assert_boolean,ENABLE_AMU))
|
||||||
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
|
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
|
||||||
|
@ -620,6 +631,11 @@ else
|
||||||
$(eval $(call add_define,AARCH64))
|
$(eval $(call add_define,AARCH64))
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# Define the DYN_DISABLE_AUTH flag only if set.
|
||||||
|
ifeq (${DYN_DISABLE_AUTH},1)
|
||||||
|
$(eval $(call add_define,DYN_DISABLE_AUTH))
|
||||||
|
endif
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Build targets
|
# Build targets
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -17,6 +17,35 @@
|
||||||
#include <utils.h>
|
#include <utils.h>
|
||||||
#include <xlat_tables_defs.h>
|
#include <xlat_tables_defs.h>
|
||||||
|
|
||||||
|
#if TRUSTED_BOARD_BOOT
|
||||||
|
# ifdef DYN_DISABLE_AUTH
|
||||||
|
static int disable_auth;
|
||||||
|
|
||||||
|
/******************************************************************************
|
||||||
|
* API to dynamically disable authentication. Only meant for development
|
||||||
|
* systems. This is only invoked if DYN_DISABLE_AUTH is defined. This
|
||||||
|
* capability is restricted to LOAD_IMAGE_V2.
|
||||||
|
*****************************************************************************/
|
||||||
|
void dyn_disable_auth(void)
|
||||||
|
{
|
||||||
|
INFO("Disabling authentication of images dynamically\n");
|
||||||
|
disable_auth = 1;
|
||||||
|
}
|
||||||
|
# endif /* DYN_DISABLE_AUTH */
|
||||||
|
|
||||||
|
/******************************************************************************
|
||||||
|
* Function to determine whether the authentication is disabled dynamically.
|
||||||
|
*****************************************************************************/
|
||||||
|
static int dyn_is_auth_disabled(void)
|
||||||
|
{
|
||||||
|
# ifdef DYN_DISABLE_AUTH
|
||||||
|
return disable_auth;
|
||||||
|
# else
|
||||||
|
return 0;
|
||||||
|
# endif
|
||||||
|
}
|
||||||
|
#endif /* TRUSTED_BOARD_BOOT */
|
||||||
|
|
||||||
uintptr_t page_align(uintptr_t value, unsigned dir)
|
uintptr_t page_align(uintptr_t value, unsigned dir)
|
||||||
{
|
{
|
||||||
/* Round up the limit to the next page boundary */
|
/* Round up the limit to the next page boundary */
|
||||||
|
@ -287,14 +316,16 @@ static int load_auth_image_internal(unsigned int image_id,
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
#if TRUSTED_BOARD_BOOT
|
#if TRUSTED_BOARD_BOOT
|
||||||
unsigned int parent_id;
|
if (dyn_is_auth_disabled() == 0) {
|
||||||
|
unsigned int parent_id;
|
||||||
|
|
||||||
/* Use recursion to authenticate parent images */
|
/* Use recursion to authenticate parent images */
|
||||||
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
||||||
if (rc == 0) {
|
if (rc == 0) {
|
||||||
rc = load_auth_image_internal(parent_id, image_data, 1);
|
rc = load_auth_image_internal(parent_id, image_data, 1);
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
return rc;
|
return rc;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* TRUSTED_BOARD_BOOT */
|
#endif /* TRUSTED_BOARD_BOOT */
|
||||||
|
@ -306,17 +337,19 @@ static int load_auth_image_internal(unsigned int image_id,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if TRUSTED_BOARD_BOOT
|
#if TRUSTED_BOARD_BOOT
|
||||||
/* Authenticate it */
|
if (dyn_is_auth_disabled() == 0) {
|
||||||
rc = auth_mod_verify_img(image_id,
|
/* Authenticate it */
|
||||||
(void *)image_data->image_base,
|
rc = auth_mod_verify_img(image_id,
|
||||||
image_data->image_size);
|
(void *)image_data->image_base,
|
||||||
if (rc != 0) {
|
image_data->image_size);
|
||||||
/* Authentication error, zero memory and flush it right away. */
|
if (rc != 0) {
|
||||||
zero_normalmem((void *)image_data->image_base,
|
/* Authentication error, zero memory and flush it right away. */
|
||||||
image_data->image_size);
|
zero_normalmem((void *)image_data->image_base,
|
||||||
flush_dcache_range(image_data->image_base,
|
image_data->image_size);
|
||||||
image_data->image_size);
|
flush_dcache_range(image_data->image_base,
|
||||||
return -EAUTH;
|
image_data->image_size);
|
||||||
|
return -EAUTH;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* TRUSTED_BOARD_BOOT */
|
#endif /* TRUSTED_BOARD_BOOT */
|
||||||
|
|
||||||
|
|
|
@ -323,6 +323,11 @@ Common build options
|
||||||
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
|
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
|
||||||
(release) or 1 (debug) as values. 0 is the default.
|
(release) or 1 (debug) as values. 0 is the default.
|
||||||
|
|
||||||
|
- ``DYN_DISABLE_AUTH``: Enables the capability to disable Trusted Board Boot
|
||||||
|
authentication. This option is only meant to be enabled for development
|
||||||
|
platforms. Both TRUSTED_BOARD_BOOT and the LOAD_IMAGE_V2 flags need to be
|
||||||
|
set if this flag has to be enabled. 0 is the default.
|
||||||
|
|
||||||
- ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
|
- ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
|
||||||
the normal boot flow. It must specify the entry point address of the EL3
|
the normal boot flow. It must specify the entry point address of the EL3
|
||||||
payload. Please refer to the "Booting an EL3 payload" section for more
|
payload. Please refer to the "Booting an EL3 payload" section for more
|
||||||
|
|
|
@ -233,6 +233,14 @@ void reserve_mem(uintptr_t *free_base, size_t *free_size,
|
||||||
|
|
||||||
#endif /* LOAD_IMAGE_V2 */
|
#endif /* LOAD_IMAGE_V2 */
|
||||||
|
|
||||||
|
#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
|
||||||
|
/*
|
||||||
|
* API to dynamically disable authentication. Only meant for development
|
||||||
|
* systems.
|
||||||
|
*/
|
||||||
|
void dyn_disable_auth(void);
|
||||||
|
#endif
|
||||||
|
|
||||||
extern const char build_message[];
|
extern const char build_message[];
|
||||||
extern const char version_string[];
|
extern const char version_string[];
|
||||||
|
|
||||||
|
|
|
@ -58,6 +58,10 @@ DEBUG := 0
|
||||||
# Build platform
|
# Build platform
|
||||||
DEFAULT_PLAT := fvp
|
DEFAULT_PLAT := fvp
|
||||||
|
|
||||||
|
# Enable capability to disable authentication dynamically. Only meant for
|
||||||
|
# development platforms.
|
||||||
|
DYN_DISABLE_AUTH := 0
|
||||||
|
|
||||||
# Flag to enable Performance Measurement Framework
|
# Flag to enable Performance Measurement Framework
|
||||||
ENABLE_PMF := 0
|
ENABLE_PMF := 0
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue