From 355e0967154919fb46bb8f48ab4b756b8492baa1 Mon Sep 17 00:00:00 2001 From: John Tsichritzis Date: Fri, 15 Jun 2018 11:43:02 +0100 Subject: [PATCH] Panic in BL1 when TB_FW_CONFIG is invalid In Arm platforms, when using dynamic configuration, the necessary parameters are made available as a DTB. The DTB is loaded by BL1 and, later on, is parsed by BL1, BL2 or even both, depending on when information from the DTB is needed. When the DTB is going to be parsed, it must be validated first, to ensure that it is properly structured. If an invalid DTB is detected then: - BL1 prints a diagnostic but allows execution to continue, - BL2 prints a diagnostic and panics. Now the behaviour of BL1 is changed so for it also to panic. Thus, the behaviour of BL1 and BL2 is now similar. Keep in mind that if BL1 only loads the DTB but it doesn't need to read/write it, then it doesn't validate it. The validation is done only when the DTB is actually going to be accessed. Change-Id: Idcae6092e6dbeab7248dd5e041d6cbb7784fe410 Signed-off-by: John Tsichritzis --- plat/arm/common/arm_dyn_cfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index 32a515b56..118bd2628 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -61,8 +61,8 @@ void arm_load_tb_fw_config(void) err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node); if (err < 0) { - WARN("Invalid TB_FW_CONFIG loaded\n"); - return; + ERROR("Invalid TB_FW_CONFIG loaded\n"); + panic(); } err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth); -- GitLab