Merge pull request #368 from jcastillo-arm/jc/genfw/1126
TBB: abort boot if BL3-2 cannot be authenticated
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 4c19002..71940a6 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -238,8 +238,14 @@
}
e = load_bl32(bl2_to_bl31_params);
- if (e)
- WARN("Failed to load BL3-2 (%i)\n", e);
+ if (e) {
+ if (e == LOAD_AUTH_ERR) {
+ ERROR("Failed to authenticate BL3-2\n");
+ panic();
+ } else {
+ WARN("Failed to load BL3-2 (%i)\n", e);
+ }
+ }
e = load_bl33(bl2_to_bl31_params);
if (e) {
diff --git a/common/bl_common.c b/common/bl_common.c
index b8558a6..3088cb0 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -37,6 +37,7 @@
#include <errno.h>
#include <io_storage.h>
#include <platform.h>
+#include <string.h>
unsigned long page_align(unsigned long value, unsigned dir)
{
@@ -331,7 +332,7 @@
if (rc == 0) {
rc = load_auth_image(mem_layout, parent_id, image_base,
image_data, NULL);
- if (rc != IO_SUCCESS) {
+ if (rc != LOAD_SUCCESS) {
return rc;
}
}
@@ -341,7 +342,7 @@
rc = load_image(mem_layout, image_id, image_base, image_data,
entry_point_info);
if (rc != IO_SUCCESS) {
- return rc;
+ return LOAD_ERR;
}
#if TRUSTED_BOARD_BOOT
@@ -350,7 +351,11 @@
(void *)image_data->image_base,
image_data->image_size);
if (rc != 0) {
- return IO_FAIL;
+ memset((void *)image_data->image_base, 0x00,
+ image_data->image_size);
+ flush_dcache_range(image_data->image_base,
+ image_data->image_size);
+ return LOAD_AUTH_ERR;
}
/* After working with data, invalidate the data cache */
@@ -358,5 +363,5 @@
(size_t)image_data->image_size);
#endif /* TRUSTED_BOARD_BOOT */
- return IO_SUCCESS;
+ return LOAD_SUCCESS;
}
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index b1a9c8f..66244ca 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -202,6 +202,15 @@
image_info_t *bl33_image_info;
} bl31_params_t;
+/*
+ * load_auth_image() return values
+ */
+enum {
+ LOAD_SUCCESS, /* Load + authentication success */
+ LOAD_ERR, /* Load error */
+ LOAD_AUTH_ERR /* Authentication error */
+};
+
/*
* Compile time assertions related to the 'entry_point_info' structure to