arm: imx: hab: Only call ROM once headers are verified
authorBryan O'Donoghue <bryan.odonoghue@linaro.org>
Fri, 12 Jan 2018 12:40:05 +0000 (12:40 +0000)
committerStefano Babic <sbabic@denx.de>
Sun, 14 Jan 2018 16:26:30 +0000 (17:26 +0100)
Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
arch/arm/mach-imx/hab.c

index 39f8f2de59107ed70ed1fe2d0cf1f3f06732e2b1..a8e3e79c3bea07a1177763567b7de061a7ce3662 100644 (file)
@@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
        hab_caam_clock_enable(1);
 
-       if (hab_rvt_entry() != HAB_SUCCESS) {
-               puts("hab entry function fail\n");
-               goto hab_caam_clock_disable;
-       }
-
        /* Calculate IVT address header */
        ivt_addr = ddr_start + ivt_offset;
        ivt = (struct ivt *)ivt_addr;
@@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
        start = ddr_start;
        bytes = image_size;
+
+       if (hab_rvt_entry() != HAB_SUCCESS) {
+               puts("hab entry function fail\n");
+               goto hab_caam_clock_disable;
+       }
+
 #ifdef DEBUG
        printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
        puts("Dumping IVT\n");