From: Bryan O'Donoghue Date: Fri, 12 Jan 2018 12:40:05 +0000 (+0000) Subject: arm: imx: hab: Only call ROM once headers are verified X-Git-Tag: v2025.01-rc5-pxa1908~5137^2~14 X-Git-Url: http://git.dujemihanovic.xyz/contact?a=commitdiff_plain;h=04099e9ced6421940248d5357786901bb89f4ce4;p=u-boot.git arm: imx: hab: Only call ROM once headers are verified Previous patches added IVT header verification steps. We shouldn't call hab_rvt_entry() until we have done the basic header verification steps. This patch changes the time we make the hab_rvt_entry() call so that it only takes place if we are happy with the IVT header sanity checks. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 39f8f2de59..a8e3e79c3b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_caam_clock_enable(1); - if (hab_rvt_entry() != HAB_SUCCESS) { - puts("hab entry function fail\n"); - goto hab_caam_clock_disable; - } - /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; ivt = (struct ivt *)ivt_addr; @@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } + #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n");