fix(intel): reject non 4-byte align request size for FPGA Crypto Service (FCS)
This patch is to add size checking to make sure that each certificate and encryption/decryption request are 4-byte align as this driver is expecting. Unaligned size may indicate invalid/corrupted request hence will be rejected. Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com> Change-Id: Ib6f97849ec470e45679c5adc4fbfa3afd10eda90
This commit is contained in:
parent
894c635b83
commit
52ed157fd6
|
@ -11,6 +11,15 @@
|
||||||
#include "socfpga_mailbox.h"
|
#include "socfpga_mailbox.h"
|
||||||
#include "socfpga_sip_svc.h"
|
#include "socfpga_sip_svc.h"
|
||||||
|
|
||||||
|
static bool is_size_4_bytes_aligned(uint32_t size)
|
||||||
|
{
|
||||||
|
if ((size % MBOX_WORD_BYTE) != 0U) {
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
uint32_t intel_fcs_random_number_gen(uint64_t addr, uint64_t *ret_size,
|
uint32_t intel_fcs_random_number_gen(uint64_t addr, uint64_t *ret_size,
|
||||||
uint32_t *mbox_error)
|
uint32_t *mbox_error)
|
||||||
{
|
{
|
||||||
|
@ -57,6 +66,10 @@ uint32_t intel_fcs_send_cert(uint64_t addr, uint64_t size,
|
||||||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!is_size_4_bytes_aligned(size)) {
|
||||||
|
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||||
|
}
|
||||||
|
|
||||||
status = mailbox_send_cmd_async(send_id, MBOX_CMD_VAB_SRC_CERT,
|
status = mailbox_send_cmd_async(send_id, MBOX_CMD_VAB_SRC_CERT,
|
||||||
(uint32_t *)addr, size / MBOX_WORD_BYTE,
|
(uint32_t *)addr, size / MBOX_WORD_BYTE,
|
||||||
CMD_DIRECT);
|
CMD_DIRECT);
|
||||||
|
@ -89,11 +102,6 @@ uint32_t intel_fcs_cryption(uint32_t mode, uint32_t src_addr,
|
||||||
int status;
|
int status;
|
||||||
uint32_t cmd;
|
uint32_t cmd;
|
||||||
|
|
||||||
if (!is_address_in_ddr_range(src_addr, src_size) ||
|
|
||||||
!is_address_in_ddr_range(dst_addr, dst_size)) {
|
|
||||||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
fcs_crypt_payload payload = {
|
fcs_crypt_payload payload = {
|
||||||
FCS_CRYPTION_DATA_0,
|
FCS_CRYPTION_DATA_0,
|
||||||
src_addr,
|
src_addr,
|
||||||
|
@ -101,6 +109,15 @@ uint32_t intel_fcs_cryption(uint32_t mode, uint32_t src_addr,
|
||||||
dst_addr,
|
dst_addr,
|
||||||
dst_size };
|
dst_size };
|
||||||
|
|
||||||
|
if (!is_address_in_ddr_range(src_addr, src_size) ||
|
||||||
|
!is_address_in_ddr_range(dst_addr, dst_size)) {
|
||||||
|
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!is_size_4_bytes_aligned(sizeof(fcs_crypt_payload))) {
|
||||||
|
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||||
|
}
|
||||||
|
|
||||||
if (mode != 0U) {
|
if (mode != 0U) {
|
||||||
cmd = MBOX_FCS_ENCRYPT_REQ;
|
cmd = MBOX_FCS_ENCRYPT_REQ;
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue