From d8e63506033c86ad409b91139e0477d1be3a6d6b Mon Sep 17 00:00:00 2001 From: Kathiravan T Date: Tue, 5 Apr 2022 12:12:14 +0530 Subject: [PATCH] bootqca: clear the MBN header information only if authentication is successful During secure boot, after the kernel image authentication, before knowing the authentication status, we are clearing out the MBN information in the DDR. When we try to boot the unsigned kernel image on secure board, since there is no MBN header available, we try to access the invalid memory region (or) size which leads to data abort (or) system reset without any failure message. So clear the MBN information only if the image authentication is successful. If the image authentication is failed, corresponding failure message will be printed and system will go for reset. Change-Id: I2cf8e098cdb7e0fc11d0b563d4a0d6a5f0d44ee8 Signed-off-by: Kathiravan T --- board/qca/arm/common/cmd_bootqca.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/board/qca/arm/common/cmd_bootqca.c b/board/qca/arm/common/cmd_bootqca.c index ed289060db..708861ec46 100644 --- a/board/qca/arm/common/cmd_bootqca.c +++ b/board/qca/arm/common/cmd_bootqca.c @@ -656,15 +656,15 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a ret = qca_scm_auth_kernel(&kernel_img_info, sizeof(kernel_img_info)); + if (ret) { + printf("Kernel image authentication failed \n"); + BUG(); + } #ifndef CONFIG_IPQ_ELF_AUTH memset((void *)mbn_ptr->signature_ptr, 0,(mbn_ptr->signature_size + mbn_ptr->cert_chain_size)); #else memset((void *)kernel_img_info.kernel_load_addr, 0, img_info.img_offset); #endif - if (ret) { - printf("Kernel image authentication failed \n"); - BUG(); - } #ifdef CONFIG_IPQ_ROOTFS_AUTH #ifdef CONFIG_IPQ_ELF_AUTH if (authenticate_rootfs_elf(img_info.img_load_addr +