diff options
author | Robert Rosengren <robert.rosengren@stericsson.com> | 2010-12-15 09:48:59 +0100 |
---|---|---|
committer | Michael BRANDT <michael.brandt@stericsson.com> | 2011-01-27 16:06:37 +0100 |
commit | bc03d1e9728ab1faa9eebbee3ed90e57bd27c051 (patch) | |
tree | 32733565d203074d952928421c8edb481342e230 /cpu/arm_cortexa9/db8500/itp.c | |
parent | 3f27019fbb4a5c411e80c5c876bfae0a67228da5 (diff) |
db8500: Verify signature of kernel before booting
Verification of the kernel and ITP signature before allowing to boot is
added. This feature is configurable and by default not activated. MeeGo-
built RPM will have this enabled.
ST-Ericsson ID: WP275634, ER275440
Change-Id: Ib888f39dd5dca1bc8b7d6e1b002da83a77908b07
Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/11415
Tested-by: Robert ROSENGREN <robert.rosengren@stericsson.com>
Reviewed-by: Michael BRANDT <michael.brandt@stericsson.com>
Reviewed-by: QATOOLS
Reviewed-by: Jens WIKLANDER <jens.wiklander@stericsson.com>
Diffstat (limited to 'cpu/arm_cortexa9/db8500/itp.c')
-rw-r--r-- | cpu/arm_cortexa9/db8500/itp.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/cpu/arm_cortexa9/db8500/itp.c b/cpu/arm_cortexa9/db8500/itp.c index 03716a571..6e1102444 100644 --- a/cpu/arm_cortexa9/db8500/itp.c +++ b/cpu/arm_cortexa9/db8500/itp.c @@ -55,11 +55,16 @@ static int itp_load_ipl(block_dev_desc_t *block_dev) static int itp_load_toc_entry(block_dev_desc_t *block_dev, const char *partname, + int verify_signature, u32 *loadaddress) { u32 n; u32 offset; u32 size; +#if defined(CONFIG_SECURE_KERNEL_BOOT) + u32 real_loadaddr = 0; + u32 size_in_bytes = 0; +#endif debug("itp_load_toc_entry: Loading %s\n", partname); @@ -69,6 +74,23 @@ static int itp_load_toc_entry(block_dev_desc_t *block_dev, return 1; } +#if defined(CONFIG_SECURE_KERNEL_BOOT) + if (verify_signature) { + size_in_bytes = size; + real_loadaddr = *loadaddress; + /* + * We might need an offset, since ISSW doesn't support + * address 0. + */ + if (*loadaddress == 0) + *loadaddress = *loadaddress + block_dev->blksz; + } +#else + if (verify_signature) { + debug("itp_load_toc_entry: secure boot disabled so verify signature has no effect\n"); + } +#endif + size = (size / block_dev->blksz) + ((size % block_dev->blksz) ? 1 : 0); @@ -82,6 +104,27 @@ static int itp_load_toc_entry(block_dev_desc_t *block_dev, return 1; } +#if defined(CONFIG_SECURE_KERNEL_BOOT) + if (verify_signature) { + debug("itp_load_toc_entry: Verifying image...\n"); + + if (sec_bridge_verify_itp_image(loadaddress)) { + printf("itp_load_toc_entry: Failed to verify image %s!\n", partname); + return 1; + } + + if (real_loadaddr != *loadaddress) { + /* + * Loadaddr is moved, need to move it back to ensure + * binary is not put out of order... + */ + memmove((void *)(real_loadaddr), (void*)*loadaddress, size_in_bytes); + *loadaddress = real_loadaddr; + } + } + +#endif + return 0; } @@ -121,6 +164,7 @@ int itp_load_itp_and_modem(block_dev_desc_t *block_dev) if (cspsa_key & ITP_LOAD_MODEM) { if (itp_load_toc_entry(block_dev, ITP_TOC_MODEM_NAME, + 0, /* verify_signature false */ &loadaddress)) { retval = 1; goto exit; @@ -135,6 +179,7 @@ int itp_load_itp_and_modem(block_dev_desc_t *block_dev) if (cspsa_key & ITP_LOAD_ITP) { if (itp_load_toc_entry(block_dev, ITP_TOC_ITP_NAME, + 1, /* verify_signature true */ &loadaddress)) { retval = 1; goto exit; |