Merge pull request #368 from jcastillo-arm/jc/genfw/1126

TBB: abort boot if BL3-2 cannot be authenticated

Merge pull request #368 from jcastillo-arm/jc/genfw/1126
TBB: abort boot if BL3-2 cannot be authenticated
468f808c · danh-arm · 42ed52d2 · fedbc049 · 468f808c · 468f808c
Commit 468f808c authored Aug 21, 2015 by danh-arm
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -238,8 +238,14 @@ void bl2_main(void)
 	}

 	e = load_bl32(bl2_to_bl31_params);
-	if (e)
-		WARN("Failed to load BL3-2 (%i)\n", e);
+	if (e) {
+		if (e == LOAD_AUTH_ERR) {
+			ERROR("Failed to authenticate BL3-2\n");
+			panic();
+		} else {
+			WARN("Failed to load BL3-2 (%i)\n", e);
+		}
+	}

 	e = load_bl33(bl2_to_bl31_params);
 	if (e) {

--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -37,6 +37,7 @@
 #include <errno.h>
 #include <io_storage.h>
 #include <platform.h>
+#include <string.h>

 unsigned long page_align(unsigned long value, unsigned dir)
 {
@@ -331,7 +332,7 @@ int load_auth_image(meminfo_t *mem_layout,
 	if (rc == 0) {
 		rc = load_auth_image(mem_layout, parent_id, image_base,
 				     image_data, NULL);
-		if (rc != IO_SUCCESS) {
+		if (rc != LOAD_SUCCESS) {
 			return rc;
 		}
 	}
@@ -341,7 +342,7 @@ int load_auth_image(meminfo_t *mem_layout,
 	rc = load_image(mem_layout, image_id, image_base, image_data,
 			entry_point_info);
 	if (rc != IO_SUCCESS) {
-		return rc;
+		return LOAD_ERR;
 	}

 #if TRUSTED_BOARD_BOOT
@@ -350,7 +351,11 @@ int load_auth_image(meminfo_t *mem_layout,
 				 (void *)image_data->image_base,
 				 image_data->image_size);
 	if (rc != 0) {
-		return IO_FAIL;
+		memset((void *)image_data->image_base, 0x00,
+		       image_data->image_size);
+		flush_dcache_range(image_data->image_base,
+				   image_data->image_size);
+		return LOAD_AUTH_ERR;
 	}

 	/* After working with data, invalidate the data cache */
@@ -358,5 +363,5 @@ int load_auth_image(meminfo_t *mem_layout,
 			(size_t)image_data->image_size);
 #endif /* TRUSTED_BOARD_BOOT */

-	return IO_SUCCESS;
+	return LOAD_SUCCESS;
 }
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -202,6 +202,15 @@ typedef struct bl31_params {
 	image_info_t *bl33_image_info;
 } bl31_params_t;

+/*
+ * load_auth_image() return values
+ */
+enum {
+	LOAD_SUCCESS,		/* Load + authentication success */
+	LOAD_ERR,		/* Load error */
+	LOAD_AUTH_ERR		/* Authentication error */
+};
+

 /*
 * Compile time assertions related to the 'entry_point_info' structure to