From c4666cf6954a28ade5a8550505d5bc25dc7f92d7 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:44 +0530 Subject: SECURE BOOT: Halt execution when secure boot fail In case of fatal failure during secure boot execution (e.g. header not found), reset is asserted to stop execution. If the RESET_REQ is not tied to HRESET, this allows the execution to continue. Add esbh_halt() after the reset to make sure execution stops. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun --- board/freescale/common/cmd_esbc_validate.c | 2 +- board/freescale/common/fsl_validate.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'board/freescale/common') diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index dfa3e21..375bc24 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -8,7 +8,7 @@ #include #include -static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (fsl_check_boot_mode_secure() == 0) { diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index c12b9c9..95059c7 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); } /* @@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); + } else { change_sec_mon_state(HPSR_SSM_ST_TRUST, HPSR_SSM_ST_NON_SECURE); -- cgit v1.1