diff options
author | David Vincze <david.vincze@arm.com> | 2019-10-25 13:18:54 +0200 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2019-12-16 13:39:25 +0000 |
commit | c256612e0e773c76ae07dc8de7f776e3c029d7b0 (patch) | |
tree | 4376d274cbbeae356bc815a1c65509b6718faf58 /bl2/src | |
parent | cea8b590ae9ac656a6c8273c53986ff017152673 (diff) | |
download | trusted-firmware-m-c256612e0e773c76ae07dc8de7f776e3c029d7b0.tar.gz |
Boot: Re-apply modifications after code sync
-Some of the security-related modifications were lost during code
synchronization (change-id: Ibe948792b306e96282fb82447bb3f05a0c6389ef).
Re-apply the usage of constant time memory equality functions and
overflow checks in the corresponding parts of the code.
-Use new boot_find_tlv_offs() function that came from mainstream MCUBoot
with the code synchronization.
Change-Id: I3d32dc128d4fc826ac09d752cb1484d189acfb4f
Signed-off-by: David Vincze <david.vincze@arm.com>
Diffstat (limited to 'bl2/src')
-rw-r--r-- | bl2/src/boot_record.c | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/bl2/src/boot_record.c b/bl2/src/boot_record.c index 35a8c7cbd0..f7b2539fd0 100644 --- a/bl2/src/boot_record.c +++ b/bl2/src/boot_record.c @@ -90,7 +90,6 @@ boot_save_sw_measurements(uint8_t sw_module, const struct image_header *hdr, const struct flash_area *fap) { - struct image_tlv_info tlv_header; struct image_tlv tlv_entry; uintptr_t tlv_end, offset; uint8_t buf[32]; @@ -107,17 +106,10 @@ boot_save_sw_measurements(uint8_t sw_module, /* Manifest data is concatenated to the end of the image. It is encoded in * TLV format. */ - offset = hdr->ih_img_size + hdr->ih_hdr_size; - - res = LOAD_IMAGE_DATA(fap, offset, &tlv_header, sizeof(tlv_header)); + res = boot_find_tlv_offs(hdr, fap, &offset, &tlv_end); if (res) { return BOOT_STATUS_ERROR; } - if (tlv_header.it_magic != IMAGE_TLV_INFO_MAGIC) { - return BOOT_STATUS_ERROR; - } - tlv_end = offset + tlv_header.it_tlv_tot; - offset += sizeof(tlv_header); /* Iterates over the manifest data and copy the relevant attributes to the * shared data area: @@ -395,9 +387,8 @@ boot_save_boot_status(uint8_t sw_module, #else /* MCUBOOT_INDIVIDUAL_CLAIMS */ - struct image_tlv_info tlv_header; struct image_tlv tlv_entry; - uintptr_t tlv_end, offset; + uint32_t tlv_end, offset; size_t record_len = 0; uint8_t image_hash[32]; /* SHA256 - 32 Bytes */ uint8_t buf[MAX_BOOT_RECORD_SZ]; @@ -410,18 +401,11 @@ boot_save_boot_status(uint8_t sw_module, /* Manifest data is concatenated to the end of the image. * It is encoded in TLV format. */ - offset = hdr->ih_hdr_size + hdr->ih_img_size; - /* The TLV area always starts with an image_tlv_info structure. */ - res = LOAD_IMAGE_DATA(fap, offset, &tlv_header, sizeof(tlv_header)); + res = boot_find_tlv_offs(hdr, fap, &offset, &tlv_end); if (res) { return BOOT_STATUS_ERROR; } - if (tlv_header.it_magic != IMAGE_TLV_INFO_MAGIC) { - return BOOT_STATUS_ERROR; - } - tlv_end = offset + (uintptr_t)tlv_header.it_tlv_tot; - offset += sizeof(tlv_header); /* Traverse through the TLV area to find the boot record * and image hash TLVs. |