Skip to content

GitLab

Commit 7ffd088f authored by danh-arm's avatar danh-arm Committed by GitHub
Browse files

Merge pull request #767 from antonio-nino-diaz-arm/an/cache-flush 

Optimize cache flush when authenticating images
parents 413a1a30 0f325c67
Hide whitespace changes
Inline Side-by-side
common/bl_common.c
View file @ 7ffd088f
...@@ -315,14 +315,9 @@ exit: ...@@ -315,14 +315,9 @@ exit:
return io_result; return io_result;
} }
/******************************************************************************* static int load_auth_image_internal(unsigned int image_id,
* Generic function to load and authenticate an image. The image is actually image_info_t *image_data,
* loaded by calling the 'load_image()' function. Therefore, it returns the int is_parent_image)
* same error codes if the loading operation failed, or -EAUTH if the
* authentication failed. In addition, this function uses recursion to
* authenticate the parent images up to the root of trust.
******************************************************************************/
int load_auth_image(unsigned int image_id, image_info_t *image_data)
{ {
int rc; int rc;
...@@ -332,7 +327,7 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data) ...@@ -332,7 +327,7 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data)
/* Use recursion to authenticate parent images */ /* Use recursion to authenticate parent images */
rc = auth_mod_get_parent_id(image_id, &parent_id); rc = auth_mod_get_parent_id(image_id, &parent_id);
if (rc == 0) { if (rc == 0) {
rc = load_auth_image(parent_id, image_data); rc = load_auth_image_internal(parent_id, image_data, 1);
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }
...@@ -351,6 +346,7 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data) ...@@ -351,6 +346,7 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data)
(void *)image_data->image_base, (void *)image_data->image_base,
image_data->image_size); image_data->image_size);
if (rc != 0) { if (rc != 0) {
/* Authentication error, zero memory and flush it right away. */
memset((void *)image_data->image_base, 0x00, memset((void *)image_data->image_base, 0x00,
image_data->image_size); image_data->image_size);
flush_dcache_range(image_data->image_base, flush_dcache_range(image_data->image_base,
...@@ -362,13 +358,29 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data) ...@@ -362,13 +358,29 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data)
* File has been successfully loaded and authenticated. * File has been successfully loaded and authenticated.
* Flush the image to main memory so that it can be executed later by * Flush the image to main memory so that it can be executed later by
* any CPU, regardless of cache and MMU state. * any CPU, regardless of cache and MMU state.
* Do it only for child images, not for the parents (certificates).
*/ */
flush_dcache_range(image_data->image_base, image_data->image_size); if (!is_parent_image) {
flush_dcache_range(image_data->image_base,
image_data->image_size);
}
#endif /* TRUSTED_BOARD_BOOT */ #endif /* TRUSTED_BOARD_BOOT */
return 0; return 0;
} }
/*******************************************************************************
* Generic function to load and authenticate an image. The image is actually
* loaded by calling the 'load_image()' function. Therefore, it returns the
* same error codes if the loading operation failed, or -EAUTH if the
* authentication failed. In addition, this function uses recursion to
* authenticate the parent images up to the root of trust.
******************************************************************************/
int load_auth_image(unsigned int image_id, image_info_t *image_data)
{
return load_auth_image_internal(image_id, image_data, 0);
}
#else /* LOAD_IMAGE_V2 */ #else /* LOAD_IMAGE_V2 */
/******************************************************************************* /*******************************************************************************
...@@ -494,18 +506,12 @@ exit: ...@@ -494,18 +506,12 @@ exit:
return io_result; return io_result;
} }
/******************************************************************************* static int load_auth_image_internal(meminfo_t *mem_layout,
* Generic function to load and authenticate an image. The image is actually unsigned int image_id,
* loaded by calling the 'load_image()' function. Therefore, it returns the uintptr_t image_base,
* same error codes if the loading operation failed, or -EAUTH if the image_info_t *image_data,
* authentication failed. In addition, this function uses recursion to entry_point_info_t *entry_point_info,
* authenticate the parent images up to the root of trust. int is_parent_image)
******************************************************************************/
int load_auth_image(meminfo_t *mem_layout,
unsigned int image_id,
uintptr_t image_base,
image_info_t *image_data,
entry_point_info_t *entry_point_info)
{ {
int rc; int rc;
...@@ -515,8 +521,8 @@ int load_auth_image(meminfo_t *mem_layout, ...@@ -515,8 +521,8 @@ int load_auth_image(meminfo_t *mem_layout,
/* Use recursion to authenticate parent images */ /* Use recursion to authenticate parent images */
rc = auth_mod_get_parent_id(image_id, &parent_id); rc = auth_mod_get_parent_id(image_id, &parent_id);
if (rc == 0) { if (rc == 0) {
rc = load_auth_image(mem_layout, parent_id, image_base, rc = load_auth_image_internal(mem_layout, parent_id, image_base,
image_data, NULL); image_data, NULL, 1);
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }
...@@ -536,6 +542,7 @@ int load_auth_image(meminfo_t *mem_layout, ...@@ -536,6 +542,7 @@ int load_auth_image(meminfo_t *mem_layout,
(void *)image_data->image_base, (void *)image_data->image_base,
image_data->image_size); image_data->image_size);
if (rc != 0) { if (rc != 0) {
/* Authentication error, zero memory and flush it right away. */
memset((void *)image_data->image_base, 0x00, memset((void *)image_data->image_base, 0x00,
image_data->image_size); image_data->image_size);
flush_dcache_range(image_data->image_base, flush_dcache_range(image_data->image_base,
...@@ -546,13 +553,34 @@ int load_auth_image(meminfo_t *mem_layout, ...@@ -546,13 +553,34 @@ int load_auth_image(meminfo_t *mem_layout,
* File has been successfully loaded and authenticated. * File has been successfully loaded and authenticated.
* Flush the image to main memory so that it can be executed later by * Flush the image to main memory so that it can be executed later by
* any CPU, regardless of cache and MMU state. * any CPU, regardless of cache and MMU state.
* Do it only for child images, not for the parents (certificates).
*/ */
flush_dcache_range(image_data->image_base, image_data->image_size); if (!is_parent_image) {
flush_dcache_range(image_data->image_base,
image_data->image_size);
}
#endif /* TRUSTED_BOARD_BOOT */ #endif /* TRUSTED_BOARD_BOOT */
return 0; return 0;
} }
/*******************************************************************************
* Generic function to load and authenticate an image. The image is actually
* loaded by calling the 'load_image()' function. Therefore, it returns the
* same error codes if the loading operation failed, or -EAUTH if the
* authentication failed. In addition, this function uses recursion to
* authenticate the parent images up to the root of trust.
******************************************************************************/
int load_auth_image(meminfo_t *mem_layout,
unsigned int image_id,
uintptr_t image_base,
image_info_t *image_data,
entry_point_info_t *entry_point_info)
{
return load_auth_image_internal(mem_layout, image_id, image_base,
image_data, entry_point_info, 0);
}
#endif /* LOAD_IMAGE_V2 */ #endif /* LOAD_IMAGE_V2 */
/******************************************************************************* /*******************************************************************************
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment