Re: [U-Boot] [PATCH v4 13/14] SECURE BOOT: Halt execution when secure boot fail after reset request

2016-03-19 Thread york sun 
On 02/08/2016 09:27 PM, Saksham Jain wrote:
> In case of fatal failure during secure boot execution (e.g. header not found)
> it is needed that the execution stops.
> Earlier, we were asserting reset request in case in case of failure. But if
> the RESET_REQ is not tied off to HRESET, this allows the execution to 
> continue.
> 
> This can either be taken care in bootscript (Execute esbc_halt command in 
> case of
> image verification process) or it can be taken care in Uboot Code.
> 
> Doing the latter via a esbc_halt.
> 

Please keep the line wrap under 72 characters and consistent.

York

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH v4 13/14] SECURE BOOT: Halt execution when secure boot fail after reset request

2016-02-08 Thread Saksham Jain 
In case of fatal failure during secure boot execution (e.g. header not found)
it is needed that the execution stops.
Earlier, we were asserting reset request in case in case of failure. But if
the RESET_REQ is not tied off to HRESET, this allows the execution to continue.

This can either be taken care in bootscript (Execute esbc_halt command in case 
of
image verification process) or it can be taken care in Uboot Code.

Doing the latter via a esbc_halt.

Signed-off-by: Aneesh Bansal 
Signed-off-by: Saksham Jain 
---
Changes for v2:
- No changes
Changes for v3:
- No changes
Chnages for v4:
- Cleaned up commit message

 board/freescale/common/cmd_esbc_validate.c | 2 +-
 board/freescale/common/fsl_validate.c  | 5 +
 include/fsl_validate.h | 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/board/freescale/common/cmd_esbc_validate.c 
b/board/freescale/common/cmd_esbc_validate.c
index dfa3e21..375bc24 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -8,7 +8,7 @@
 #include 
 #include 
 
-static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
 {
if (fsl_check_boot_mode_secure() == 0) {
diff --git a/board/freescale/common/fsl_validate.c 
b/board/freescale/common/fsl_validate.c
index c12b9c9..95059c7 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void)
 
printf("Generating reset request\n");
do_reset(NULL, 0, 0, NULL);
+   /* If reset doesn't coocur, halt execution */
+   do_esbc_halt(NULL, 0, 0, NULL);
 }
 
 /*
@@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void)
 
printf("Generating reset request\n");
do_reset(NULL, 0, 0, NULL);
+   /* If reset doesn't coocur, halt execution */
+   do_esbc_halt(NULL, 0, 0, NULL);
+
} else {
change_sec_mon_state(HPSR_SSM_ST_TRUST,
 HPSR_SSM_ST_NON_SECURE);
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index f812c1a..ff6f6b7 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -242,6 +242,9 @@ struct fsl_secboot_img_priv {
uint32_t img_size;  /* ESBC Image Size */
 };
 
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+   char * const argv[]);
+
 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
uintptr_t img_loc);
 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
-- 
1.8.1.4

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot