SECURE BOOT: Halt execution when secure boot fail

In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.

Add esbh_halt() after the reset to make sure execution stops.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index dfa3e2100ed..375bc249685 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -8,7 +8,7 @@
 #include <command.h>
 #include <fsl_validate.h>
 
-static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
 				char * const argv[])
 {
 	if (fsl_check_boot_mode_secure() == 0) {
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index c12b9c927e4..95059c771fc 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void)
 
 	printf("Generating reset request\n");
 	do_reset(NULL, 0, 0, NULL);
+	/* If reset doesn't coocur, halt execution */
+	do_esbc_halt(NULL, 0, 0, NULL);
 }
 
 /*
@@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void)
 
 			printf("Generating reset request\n");
 			do_reset(NULL, 0, 0, NULL);
+			/* If reset doesn't coocur, halt execution */
+			do_esbc_halt(NULL, 0, 0, NULL);
+
 		} else {
 			change_sec_mon_state(HPSR_SSM_ST_TRUST,
 					     HPSR_SSM_ST_NON_SECURE);