static int load_auth_image_internal(unsigned int image_id, image_info_t *image_data, int is_parent_image) { int rc; #if TRUSTED_BOARD_BOOT if (dyn_is_auth_disabled() == 0) { unsigned int parent_id; /* Use recursion to authenticate parent images */ rc = auth_mod_get_parent_id(image_id, &parent_id); if (rc == 0) { rc = load_auth_image_internal(parent_id, image_data, 1); if (rc != 0) { return rc; } } } #endif /* TRUSTED_BOARD_BOOT */ /* Load the image */ rc = load_image(image_id, image_data); if (rc != 0) { return rc; } #if TRUSTED_BOARD_BOOT if (dyn_is_auth_disabled() == 0) { /* Authenticate it */ rc = auth_mod_verify_img(image_id, (void *)image_data->image_base, image_data->image_size); if (rc != 0) { /* Authentication error, zero memory and flush it right away. */ zero_normalmem((void *)image_data->image_base, image_data->image_size); flush_dcache_range(image_data->image_base, image_data->image_size); return -EAUTH; } } #endif /* TRUSTED_BOARD_BOOT */ /* * Flush the image to main memory so that it can be executed later by * any CPU, regardless of cache and MMU state. If TBB is enabled, then * the file has been successfully loaded and authenticated and flush * only for child images, not for the parents (certificates). */ if (is_parent_image == 0) { flush_dcache_range(image_data->image_base, image_data->image_size); } return 0; }
/******************************************************************************* * Generic function to load and authenticate an image. The image is actually * loaded by calling the 'load_image()' function. Therefore, it returns the * same error codes if the loading operation failed, or -EAUTH if the * authentication failed. In addition, this function uses recursion to * authenticate the parent images up to the root of trust. ******************************************************************************/ int load_auth_image(meminfo_t *mem_layout, unsigned int image_id, uintptr_t image_base, image_info_t *image_data, entry_point_info_t *entry_point_info) { return load_auth_image_internal(mem_layout, image_id, image_base, image_data, entry_point_info, 0); }
static int load_auth_image_internal(meminfo_t *mem_layout, unsigned int image_id, uintptr_t image_base, image_info_t *image_data, entry_point_info_t *entry_point_info, int is_parent_image) { int rc; #if TRUSTED_BOARD_BOOT unsigned int parent_id; /* Use recursion to authenticate parent images */ rc = auth_mod_get_parent_id(image_id, &parent_id); if (rc == 0) { rc = load_auth_image_internal(mem_layout, parent_id, image_base, image_data, NULL, 1); if (rc != 0) { return rc; } } #endif /* TRUSTED_BOARD_BOOT */ /* Load the image */ rc = load_image(mem_layout, image_id, image_base, image_data, entry_point_info); if (rc != 0) { return rc; } #if TRUSTED_BOARD_BOOT /* Authenticate it */ rc = auth_mod_verify_img(image_id, (void *)image_data->image_base, image_data->image_size); if (rc != 0) { /* Authentication error, zero memory and flush it right away. */ zero_normalmem((void *)image_data->image_base, image_data->image_size); flush_dcache_range(image_data->image_base, image_data->image_size); return -EAUTH; } /* * File has been successfully loaded and authenticated. * Flush the image to main memory so that it can be executed later by * any CPU, regardless of cache and MMU state. * Do it only for child images, not for the parents (certificates). */ if (!is_parent_image) { flush_dcache_range(image_data->image_base, image_data->image_size); } #endif /* TRUSTED_BOARD_BOOT */ return 0; }
/******************************************************************************* * Generic function to load and authenticate an image. The image is actually * loaded by calling the 'load_image()' function. Therefore, it returns the * same error codes if the loading operation failed, or -EAUTH if the * authentication failed. In addition, this function uses recursion to * authenticate the parent images up to the root of trust. ******************************************************************************/ int load_auth_image(unsigned int image_id, image_info_t *image_data) { int err; do { err = load_auth_image_internal(image_id, image_data, 0); } while ((err != 0) && (plat_try_next_boot_source() != 0)); return err; }
/******************************************************************************* * Generic function to load and authenticate an image. The image is actually * loaded by calling the 'load_image()' function. Therefore, it returns the * same error codes if the loading operation failed, or -EAUTH if the * authentication failed. In addition, this function uses recursion to * authenticate the parent images up to the root of trust. ******************************************************************************/ int load_auth_image(unsigned int image_id, image_info_t *image_data) { return load_auth_image_internal(image_id, image_data, 0); }