Refactor load_auth_image_internal().
The pre-processor directives make it hard to read the non-TBB version of this function. Refactor the code to improve readability. No functional change introduced. In particular, introduce a new helper function load_image_flush(), that simply loads an image and flushes it out to main memory. This is the only thing load_auth_image_internal() needs to do when TBB is disabled or when authentication is dynamically disabled. In other cases, we need to recursively authenticate the parent images up to the root of trust. To make this clearer, this code gets moved to a TBB-specific helper function called load_auth_image_recursive(). As a result, load_auth_image_internal() now boils down to calling the right helper function (depending on TBB enablement and dynamic authentication status). Change-Id: I20a39a3b833810b97ecf4219358e7d2cac263890 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This commit is contained in:
Sandrine Bailleux
parent
1d2b41614c
commit
9e7d66314a
|
|
@ -143,26 +143,45 @@ exit:
|
|||
return io_result;
|
||||
}
|
||||
|
||||
static int load_auth_image_internal(unsigned int image_id,
|
||||
/*
|
||||
* Load an image and flush it out to main memory so that it can be executed
|
||||
* later by any CPU, regardless of cache and MMU state.
|
||||
*/
|
||||
static int load_image_flush(unsigned int image_id,
|
||||
image_info_t *image_data)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = load_image(image_id, image_data);
|
||||
if (rc == 0) {
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
/*
|
||||
* This function uses recursion to authenticate the parent images up to the root
|
||||
* of trust.
|
||||
*/
|
||||
static int load_auth_image_recursive(unsigned int image_id,
|
||||
image_info_t *image_data,
|
||||
int is_parent_image)
|
||||
{
|
||||
int rc;
|
||||
unsigned int parent_id;
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
if (dyn_is_auth_disabled() == 0) {
|
||||
unsigned int parent_id;
|
||||
|
||||
/* Use recursion to authenticate parent images */
|
||||
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
||||
if (rc == 0) {
|
||||
rc = load_auth_image_internal(parent_id, image_data, 1);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
}
|
||||
/* Use recursion to authenticate parent images */
|
||||
rc = auth_mod_get_parent_id(image_id, &parent_id);
|
||||
if (rc == 0) {
|
||||
rc = load_auth_image_recursive(parent_id, image_data, 1);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
/* Load the image */
|
||||
rc = load_image(image_id, image_data);
|
||||
|
|
@ -170,51 +189,58 @@ static int load_auth_image_internal(unsigned int image_id,
|
|||
return rc;
|
||||
}
|
||||
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
if (dyn_is_auth_disabled() == 0) {
|
||||
/* Authenticate it */
|
||||
rc = auth_mod_verify_img(image_id,
|
||||
(void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
if (rc != 0) {
|
||||
/* Authentication error, zero memory and flush it right away. */
|
||||
zero_normalmem((void *)image_data->image_base,
|
||||
/* Authenticate it */
|
||||
rc = auth_mod_verify_img(image_id,
|
||||
(void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
if (rc != 0) {
|
||||
/* Authentication error, zero memory and flush it right away. */
|
||||
zero_normalmem((void *)image_data->image_base,
|
||||
image_data->image_size);
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
return -EAUTH;
|
||||
}
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
return -EAUTH;
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
/*
|
||||
* Flush the image to main memory so that it can be executed later by
|
||||
* any CPU, regardless of cache and MMU state. If TBB is enabled, then
|
||||
* the file has been successfully loaded and authenticated and flush
|
||||
* only for child images, not for the parents (certificates).
|
||||
* any CPU, regardless of cache and MMU state. This is only needed for
|
||||
* child images, not for the parents (certificates).
|
||||
*/
|
||||
if (is_parent_image == 0) {
|
||||
flush_dcache_range(image_data->image_base,
|
||||
image_data->image_size);
|
||||
}
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* TRUSTED_BOARD_BOOT */
|
||||
|
||||
static int load_auth_image_internal(unsigned int image_id,
|
||||
image_info_t *image_data)
|
||||
{
|
||||
#if TRUSTED_BOARD_BOOT
|
||||
if (dyn_is_auth_disabled() == 0) {
|
||||
return load_auth_image_recursive(image_id, image_data, 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
return load_image_flush(image_id, image_data);
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
* Generic function to load and authenticate an image. The image is actually
|
||||
* loaded by calling the 'load_image()' function. Therefore, it returns the
|
||||
* same error codes if the loading operation failed, or -EAUTH if the
|
||||
* authentication failed. In addition, this function uses recursion to
|
||||
* authenticate the parent images up to the root of trust.
|
||||
* authenticate the parent images up to the root of trust (if TBB is enabled).
|
||||
******************************************************************************/
|
||||
int load_auth_image(unsigned int image_id, image_info_t *image_data)
|
||||
{
|
||||
int err;
|
||||
|
||||
do {
|
||||
err = load_auth_image_internal(image_id, image_data, 0);
|
||||
err = load_auth_image_internal(image_id, image_data);
|
||||
} while ((err != 0) && (plat_try_next_boot_source() != 0));
|
||||
|
||||
return err;
|
||||
|
|
|
|||
Loading…
Reference in New Issue