MA-20303-1 Support rollback index check for single bootloader

Add support to check the rollback index of next stage images (ATF,
TEE, u-boot proper) in SPL to harden the security. And because there
is no backup bootloader image to fall back to so the board would hang
in SPL if rollback index is rejected.

Change-Id: I4c7d1f084dd5b3d37899a9e4c4755c03145542c7
Signed-off-by: Ji Luo <ji.luo@nxp.com>

2 files changed, 7 insertions, 3 deletions

diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c
index 503d2cf796..334fe3b12e 100644
--- a/arch/arm/mach-imx/parse-container.c
+++ b/arch/arm/mach-imx/parse-container.c
@@ -139,8 +139,7 @@ static int read_auth_container(struct spl_image_info *spl_image,
 		}
 	}
 
-#if defined(CONFIG_SPL_BUILD) && \
-	defined(CONFIG_DUAL_BOOTLOADER) && defined(CONFIG_IMX_TRUSTY_OS)
+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX_TRUSTY_OS)
 	/* Everything checks out, get the sw_version now. */
 	spl_image->rbindex = (uint64_t)container->sw_version;
 #endif
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 2995ba4281..ea709d15a5 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -458,10 +458,15 @@ void board_spl_fit_post_load(const void *fit, struct spl_image_info *spl_image)
 }
 
 #ifdef CONFIG_IMX_TRUSTY_OS
+int check_rollback_index(struct spl_image_info *spl_image, struct mmc *mmc);
 int check_rpmb_blob(struct mmc *mmc);
 
-int mmc_image_load_late(struct mmc *mmc)
+int mmc_image_load_late(struct spl_image_info *spl_image, struct mmc *mmc)
 {
+	/* Check the rollback index of next stage image */
+	if (check_rollback_index(spl_image, mmc) < 0)
+		return -1;
+
 	/* Check the rpmb key blob for trusty enabled platfrom. */
 	return check_rpmb_blob(mmc);
 }