Re: [U-Boot] [PATCH v3 7/7] SECURE_BOOT: change error handler for esbc_validate
On 01/22/2016 03:10 AM, Aneesh Bansal wrote: > In case of error while executing esbc_validate command, SNVS > transition and issue of reset is required only for secure-boot. > If boot mode is non-secure, this is not required. > > Similarly, esbc_halt command which puts the core in Spin Loop > is applicable only for Secure Boot. > > Signed-off-by: Aneesh Bansal > --- > Changes in v3: > None > > Changes in v2: > None (Changed the Sign-Off with New E-Mail ID) > > board/freescale/common/cmd_esbc_validate.c | 7 ++- > board/freescale/common/fsl_validate.c | 7 +++ > 2 files changed, 13 insertions(+), 1 deletion(-) > Change subject prefix to "secure_boot:". Applied to u-boot-fsl-qoriq master. Awaiting upstream. Thanks. York ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v3 7/7] SECURE_BOOT: change error handler for esbc_validate
> -Original Message-
> From: Aneesh Bansal [mailto:aneesh.ban...@nxp.com]
> Sent: Friday, January 22, 2016 4:37 PM
> To: u-boot@lists.denx.de
> Cc: york sun ; Ruchika Gupta
> ; Prabhakar Kushwaha
> ; Aneesh Bansal
>
> Subject: [PATCH v3 7/7] SECURE_BOOT: change error handler for
> esbc_validate
>
> In case of error while executing esbc_validate command, SNVS transition and
> issue of reset is required only for secure-boot.
> If boot mode is non-secure, this is not required.
>
> Similarly, esbc_halt command which puts the core in Spin Loop is applicable
> only for Secure Boot.
>
> Signed-off-by: Aneesh Bansal
> ---
> Changes in v3:
> None
>
> Changes in v2:
> None (Changed the Sign-Off with New E-Mail ID)
>
> board/freescale/common/cmd_esbc_validate.c | 7 ++-
> board/freescale/common/fsl_validate.c | 7 +++
> 2 files changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/board/freescale/common/cmd_esbc_validate.c
> b/board/freescale/common/cmd_esbc_validate.c
> index ca7c737..dfa3e21 100644
> --- a/board/freescale/common/cmd_esbc_validate.c
> +++ b/board/freescale/common/cmd_esbc_validate.c
> @@ -11,6 +11,11 @@
> static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[])
> {
> + if (fsl_check_boot_mode_secure() == 0) {
> + printf("Boot Mode is Non-Secure. Not entering spin
> loop.\n");
> + return 0;
> + }
> +
> printf("Core is entering spin loop.\n");
> loop:
> goto loop;
> @@ -64,6 +69,6 @@ U_BOOT_CMD(
>
> U_BOOT_CMD(
> esbc_halt, 1, 0, do_esbc_halt,
> - "Put the core in spin loop ",
> + "Put the core in spin loop (Secure Boot Only)",
> ""
> );
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index de40081..8fd6dd6 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -370,6 +370,13 @@ void fsl_secboot_handle_error(int error)
> printf("ERROR :: %x :: %s\n", error, e->name);
> }
>
> + /* If Boot Mode is secure, transition the SNVS state and issue
> + * reset based on type of failure and ITS setting.
> + * If Boot mode is non-secure, return from this function.
> + */
> + if (fsl_check_boot_mode_secure() == 0)
> + return;
> +
> switch (error) {
> case ERROR_ESBC_CLIENT_HEADER_BARKER:
> case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE:
> --
> 1.8.1.4
Acked-by: Ruchika Gupta
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
[U-Boot] [PATCH v3 7/7] SECURE_BOOT: change error handler for esbc_validate
In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.
Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.
Signed-off-by: Aneesh Bansal
---
Changes in v3:
None
Changes in v2:
None (Changed the Sign-Off with New E-Mail ID)
board/freescale/common/cmd_esbc_validate.c | 7 ++-
board/freescale/common/fsl_validate.c | 7 +++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/board/freescale/common/cmd_esbc_validate.c
b/board/freescale/common/cmd_esbc_validate.c
index ca7c737..dfa3e21 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -11,6 +11,11 @@
static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
+ if (fsl_check_boot_mode_secure() == 0) {
+ printf("Boot Mode is Non-Secure. Not entering spin loop.\n");
+ return 0;
+ }
+
printf("Core is entering spin loop.\n");
loop:
goto loop;
@@ -64,6 +69,6 @@ U_BOOT_CMD(
U_BOOT_CMD(
esbc_halt, 1, 0, do_esbc_halt,
- "Put the core in spin loop ",
+ "Put the core in spin loop (Secure Boot Only)",
""
);
diff --git a/board/freescale/common/fsl_validate.c
b/board/freescale/common/fsl_validate.c
index de40081..8fd6dd6 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -370,6 +370,13 @@ void fsl_secboot_handle_error(int error)
printf("ERROR :: %x :: %s\n", error, e->name);
}
+ /* If Boot Mode is secure, transition the SNVS state and issue
+* reset based on type of failure and ITS setting.
+* If Boot mode is non-secure, return from this function.
+*/
+ if (fsl_check_boot_mode_secure() == 0)
+ return;
+
switch (error) {
case ERROR_ESBC_CLIENT_HEADER_BARKER:
case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE:
--
1.8.1.4
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
