Merge "fix(intel): update fcs functions to check ddr range" into integration
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index beaa720..843ec69 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -247,14 +247,6 @@
int status;
uint32_t load_size;
- fcs_encrypt_payload payload = {
- FCS_ENCRYPTION_DATA_0,
- src_addr,
- src_size,
- dst_addr,
- dst_size };
- load_size = sizeof(payload) / MBOX_WORD_BYTE;
-
if (!is_address_in_ddr_range(src_addr, src_size) ||
!is_address_in_ddr_range(dst_addr, dst_size)) {
return INTEL_SIP_SMC_STATUS_REJECTED;
@@ -264,6 +256,14 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
+ fcs_encrypt_payload payload = {
+ FCS_ENCRYPTION_DATA_0,
+ src_addr,
+ src_size,
+ dst_addr,
+ dst_size };
+ load_size = sizeof(payload) / MBOX_WORD_BYTE;
+
status = mailbox_send_cmd_async(send_id, MBOX_FCS_ENCRYPT_REQ,
(uint32_t *) &payload, load_size,
CMD_INDIRECT);
@@ -283,6 +283,15 @@
uint32_t load_size;
uintptr_t id_offset;
+ if (!is_address_in_ddr_range(src_addr, src_size) ||
+ !is_address_in_ddr_range(dst_addr, dst_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ if (!is_size_4_bytes_aligned(src_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
inv_dcache_range(src_addr, src_size); /* flush cache before mmio read to avoid reading old values */
id_offset = src_addr + FCS_OWNER_ID_OFFSET;
fcs_decrypt_payload payload = {
@@ -295,15 +304,6 @@
dst_size };
load_size = sizeof(payload) / MBOX_WORD_BYTE;
- if (!is_address_in_ddr_range(src_addr, src_size) ||
- !is_address_in_ddr_range(dst_addr, dst_size)) {
- return INTEL_SIP_SMC_STATUS_REJECTED;
- }
-
- if (!is_size_4_bytes_aligned(src_size)) {
- return INTEL_SIP_SMC_STATUS_REJECTED;
- }
-
status = mailbox_send_cmd_async(send_id, MBOX_FCS_DECRYPT_REQ,
(uint32_t *) &payload, load_size,
CMD_INDIRECT);
@@ -2023,6 +2023,10 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
+ if (!is_address_in_ddr_range(dst_addr, *dst_size)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
if (fcs_ecdsa_get_pubkey_param.session_id != session_id ||
fcs_ecdsa_get_pubkey_param.context_id != context_id) {
return INTEL_SIP_SMC_STATUS_REJECTED;
@@ -2234,7 +2238,8 @@
}
if ((!is_8_bytes_aligned(dst_addr)) ||
- (!is_32_bytes_aligned(dst_size))) {
+ (!is_32_bytes_aligned(dst_size)) ||
+ (!is_address_in_ddr_range(dst_addr, dst_size))) {
return INTEL_SIP_SMC_STATUS_REJECTED;
}