From 0088d127ab47a3725f2c8eecd008280f375ffd0b Mon Sep 17 00:00:00 2001 From: Utkarsh Gupta Date: Fri, 17 Nov 2017 19:23:08 -0600 Subject: MLK-14945 HAB: Check if IVT valid before authenticating image For proper authentication users must check the IVT before authenticating the kernel image. If the IVT DCD pointer is not 0, display an error as shown below and return a boot failure. Authenticate image from DDR location 0x12000000... Error: DCD pointer must be 0 Authenticate zImage Fail, Please check Signed-off-by: Utkarsh Gupta --- arch/arm/imx-common/hab.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/arm/imx-common/hab.c b/arch/arm/imx-common/hab.c index 0747e499b1..62c51c37f8 100644 --- a/arch/arm/imx-common/hab.c +++ b/arch/arm/imx-common/hab.c @@ -671,6 +671,18 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) } } #endif + + /* Report boot failure if DCD pointer is found in IVT */ + unsigned char *dcd_ptr = (unsigned char *)(ddr_start + ivt_offset + 0xC); + + do { + if (*dcd_ptr) { + puts("Error: DCD pointer must be 0\n"); + return result; + } + dcd_ptr++; + } while (dcd_ptr < (unsigned char *)(ddr_start + ivt_offset + 0x10)); + load_addr = (ulong)hab_rvt_authenticate_image( HAB_CID_UBOOT, ivt_offset, (void **)&start, -- cgit v1.2.3