mirror/u-boot-2016
1
0
Fork 0
mirror of https://git.codelinaro.org/clo/qsdk/oss/boot/u-boot-2016.git synced 2026-03-08 10:17:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

ipq: Clear kernel & rootfs headers after authentication

Browse source 
After secure sysupgrade, uboot/TZ successfully authenticates
rootfs even if the signature & certificates are not appended
to kernel image. This is because the header and certificates
copied to DDR memory before sysupgrade is retained. Updated
the code to clear this DDR memory after authentication.

Change-Id: Ic2331326baefc945c217a507d4379951dba821ab
Signed-off-by: Anusha Rao <quic_anusha@quicinc.com>
Signed-off-by: Timple Raj M <quic_timple@quicinc.com>
This commit is contained in:
Anusha Rao 2022-01-04 16:26:33 +05:30
parent cdc16476d9
commit 92575b1451
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
board/qca/arm/common/cmd_bootqca.c
View file

@ -307,9 +307,9 @@ static int parse_elf_image_phdr(image_info *img_info, unsigned int addr)
#ifdef CONFIG_IPQ_ROOTFS_AUTH
static int copy_rootfs(unsigned int request, uint32_t size)
{
int ret;
char runcmd[256];
#ifdef CONFIG_QCA_MMC
int ret;
block_dev_desc_t *blk_dev;
disk_partition_t disk_info;
unsigned int active_part = 0;
@ -401,6 +401,11 @@ static int authenticate_rootfs(unsigned int kernel_addr)
rootfs_img_info.size = sizeof(mbn_header_t) + mbn_ptr->image_size;
ret = qca_scm_secure_authenticate(&rootfs_img_info, sizeof(rootfs_img_info));
memset((void *)kernel_img_info.kernel_load_addr, 0, sizeof(mbn_header_t));
memset(mbn_ptr, 0,
(sizeof(mbn_header_t) + mbn_ptr->signature_size + mbn_ptr->cert_chain_size));
if (ret)
return CMD_RET_FAILURE;
@ -435,6 +440,7 @@ static int authenticate_rootfs_elf(unsigned int rootfs_hdr)
rootfs_img_info.size = img_info.img_offset + img_info.img_size;
ret = qca_scm_secure_authenticate(&rootfs_img_info, sizeof(rootfs_img_info));
memset((void *)rootfs_hdr, 0, img_info.img_offset);
if (ret)
return CMD_RET_FAILURE;
@ -635,6 +641,7 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a
setenv("mtdids", mtdids);
#ifndef CONFIG_IPQ_ELF_AUTH
mbn_header_t * mbn_ptr = (mbn_header_t *) request;
request += sizeof(mbn_header_t);
#else
kernel_img_info.kernel_load_addr = request;
@ -649,6 +656,11 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a
ret = qca_scm_auth_kernel(&kernel_img_info,
sizeof(kernel_img_info));
#ifndef CONFIG_IPQ_ELF_AUTH
memset((void *)mbn_ptr->signature_ptr, 0,(mbn_ptr->signature_size + mbn_ptr->cert_chain_size));
#else
memset((void *)kernel_img_info.kernel_load_addr, 0, img_info.img_offset);
#endif
if (ret) {
printf("Kernel image authentication failed \n");
BUG();