summaryrefslogtreecommitdiff
path: root/board/freescale
diff options
context:
space:
mode:
authorSaksham Jain <saksham.jain@nxp.com>2016-03-23 16:24:44 +0530
committerYork Sun <york.sun@nxp.com>2016-03-29 08:46:23 -0700
commitc4666cf6954a28ade5a8550505d5bc25dc7f92d7 (patch)
tree5184777122a49b548bc89ca143f7a8a9df976d41 /board/freescale
parent2bfe4890856c94d939e193999dccdc75afc5c5bd (diff)
downloadu-boot-imx-c4666cf6954a28ade5a8550505d5bc25dc7f92d7.zip
u-boot-imx-c4666cf6954a28ade5a8550505d5bc25dc7f92d7.tar.gz
u-boot-imx-c4666cf6954a28ade5a8550505d5bc25dc7f92d7.tar.bz2
SECURE BOOT: Halt execution when secure boot fail
In case of fatal failure during secure boot execution (e.g. header not found), reset is asserted to stop execution. If the RESET_REQ is not tied to HRESET, this allows the execution to continue. Add esbh_halt() after the reset to make sure execution stops. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'board/freescale')
-rw-r--r--board/freescale/common/cmd_esbc_validate.c2
-rw-r--r--board/freescale/common/fsl_validate.c5
2 files changed, 6 insertions, 1 deletions
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index dfa3e21..375bc24 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -8,7 +8,7 @@
#include <command.h>
#include <fsl_validate.h>
-static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
if (fsl_check_boot_mode_secure() == 0) {
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index c12b9c9..95059c7 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void)
printf("Generating reset request\n");
do_reset(NULL, 0, 0, NULL);
+ /* If reset doesn't coocur, halt execution */
+ do_esbc_halt(NULL, 0, 0, NULL);
}
/*
@@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void)
printf("Generating reset request\n");
do_reset(NULL, 0, 0, NULL);
+ /* If reset doesn't coocur, halt execution */
+ do_esbc_halt(NULL, 0, 0, NULL);
+
} else {
change_sec_mon_state(HPSR_SSM_ST_TRUST,
HPSR_SSM_ST_NON_SECURE);