diff options
Diffstat (limited to 'common')
-rw-r--r-- | common/auth.c | 61 | ||||
-rw-r--r-- | common/bl_common.c | 54 |
2 files changed, 53 insertions, 62 deletions
diff --git a/common/auth.c b/common/auth.c deleted file mode 100644 index 37234b8e..00000000 --- a/common/auth.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of ARM nor the names of its contributors may be used - * to endorse or promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include <assert.h> -#include <auth.h> -#include <debug.h> - -/* - * Initialize the authentication module - */ -void auth_init(void) -{ - assert(auth_mod.name); - assert(auth_mod.init); - assert(auth_mod.verify); - - INFO("Using authentication module '%s'\n", auth_mod.name); - if (auth_mod.init() != 0) - assert(0); -} - -/* - * Authenticate a certificate/image - * - * Return: 0 = success, Otherwise = error - */ -int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len) -{ - assert(obj_id < AUTH_NUM_OBJ); - assert(obj_buf != 0); - assert(auth_mod.verify); - - return auth_mod.verify(obj_id, obj_buf, len); -} diff --git a/common/bl_common.c b/common/bl_common.c index c8ec4e82..b8558a69 100644 --- a/common/bl_common.c +++ b/common/bl_common.c @@ -31,6 +31,7 @@ #include <arch.h> #include <arch_helpers.h> #include <assert.h> +#include <auth_mod.h> #include <bl_common.h> #include <debug.h> #include <errno.h> @@ -209,7 +210,7 @@ unsigned long image_size(unsigned int image_id) ******************************************************************************/ int load_image(meminfo_t *mem_layout, unsigned int image_id, - uint64_t image_base, + uintptr_t image_base, image_info_t *image_data, entry_point_info_t *entry_point_info) { @@ -308,3 +309,54 @@ exit: return io_result; } + +/******************************************************************************* + * Generic function to load and authenticate an image. The image is actually + * loaded by calling the 'load_image()' function. In addition, this function + * uses recursion to authenticate the parent images up to the root of trust. + ******************************************************************************/ +int load_auth_image(meminfo_t *mem_layout, + unsigned int image_id, + uintptr_t image_base, + image_info_t *image_data, + entry_point_info_t *entry_point_info) +{ + int rc; + +#if TRUSTED_BOARD_BOOT + unsigned int parent_id; + + /* Use recursion to authenticate parent images */ + rc = auth_mod_get_parent_id(image_id, &parent_id); + if (rc == 0) { + rc = load_auth_image(mem_layout, parent_id, image_base, + image_data, NULL); + if (rc != IO_SUCCESS) { + return rc; + } + } +#endif /* TRUSTED_BOARD_BOOT */ + + /* Load the image */ + rc = load_image(mem_layout, image_id, image_base, image_data, + entry_point_info); + if (rc != IO_SUCCESS) { + return rc; + } + +#if TRUSTED_BOARD_BOOT + /* Authenticate it */ + rc = auth_mod_verify_img(image_id, + (void *)image_data->image_base, + image_data->image_size); + if (rc != 0) { + return IO_FAIL; + } + + /* After working with data, invalidate the data cache */ + inv_dcache_range(image_data->image_base, + (size_t)image_data->image_size); +#endif /* TRUSTED_BOARD_BOOT */ + + return IO_SUCCESS; +} |