2 files changed, 53 insertions, 62 deletions
diff --git a/common/auth.c b/common/auth.c
deleted file mode 100644
index 37234b8e..00000000
--- a/common/auth.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of ARM nor the names of its contributors may be used
- * to endorse or promote products derived from this software without specific
- * prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <assert.h>
-#include <auth.h>
-#include <debug.h>
-
-/*
- * Initialize the authentication module
- */
-void auth_init(void)
-{
-	assert(auth_mod.name);
-	assert(auth_mod.init);
-	assert(auth_mod.verify);
-
-	INFO("Using authentication module '%s'\n", auth_mod.name);
-	if (auth_mod.init() != 0)
-		assert(0);
-}
-
-/*
- * Authenticate a certificate/image
- *
- * Return: 0 = success, Otherwise = error
- */
-int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len)
-{
-	assert(obj_id < AUTH_NUM_OBJ);
-	assert(obj_buf != 0);
-	assert(auth_mod.verify);
-
-	return auth_mod.verify(obj_id, obj_buf, len);
-}
diff --git a/common/bl_common.c b/common/bl_common.c
index c8ec4e82..b8558a69 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -31,6 +31,7 @@
 #include <arch.h>
 #include <arch_helpers.h>
 #include <assert.h>
+#include <auth_mod.h>
 #include <bl_common.h>
 #include <debug.h>
 #include <errno.h>
@@ -209,7 +210,7 @@ unsigned long image_size(unsigned int image_id)
  ******************************************************************************/
 int load_image(meminfo_t *mem_layout,
 	       unsigned int image_id,
-	       uint64_t image_base,
+	       uintptr_t image_base,
 	       image_info_t *image_data,
 	       entry_point_info_t *entry_point_info)
 {
@@ -308,3 +309,54 @@ exit:
 
 	return io_result;
 }
+
+/*******************************************************************************
+ * Generic function to load and authenticate an image. The image is actually
+ * loaded by calling the 'load_image()' function. In addition, this function
+ * uses recursion to authenticate the parent images up to the root of trust.
+ ******************************************************************************/
+int load_auth_image(meminfo_t *mem_layout,
+		    unsigned int image_id,
+		    uintptr_t image_base,
+		    image_info_t *image_data,
+		    entry_point_info_t *entry_point_info)
+{
+	int rc;
+
+#if TRUSTED_BOARD_BOOT
+	unsigned int parent_id;
+
+	/* Use recursion to authenticate parent images */
+	rc = auth_mod_get_parent_id(image_id, &parent_id);
+	if (rc == 0) {
+		rc = load_auth_image(mem_layout, parent_id, image_base,
+				     image_data, NULL);
+		if (rc != IO_SUCCESS) {
+			return rc;
+		}
+	}
+#endif /* TRUSTED_BOARD_BOOT */
+
+	/* Load the image */
+	rc = load_image(mem_layout, image_id, image_base, image_data,
+			entry_point_info);
+	if (rc != IO_SUCCESS) {
+		return rc;
+	}
+
+#if TRUSTED_BOARD_BOOT
+	/* Authenticate it */
+	rc = auth_mod_verify_img(image_id,
+				 (void *)image_data->image_base,
+				 image_data->image_size);
+	if (rc != 0) {
+		return IO_FAIL;
+	}
+
+	/* After working with data, invalidate the data cache */
+	inv_dcache_range(image_data->image_base,
+			(size_t)image_data->image_size);
+#endif /* TRUSTED_BOARD_BOOT */
+
+	return IO_SUCCESS;
+}