diff options
author | Tamas Ban <tamas.ban@arm.com> | 2020-07-09 13:55:38 +0100 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2020-10-05 13:07:41 +0100 |
commit | 1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4 (patch) | |
tree | ee6c90c511e09f9b2340e83a96e7fe1c7e2cc834 /bl2 | |
parent | 37aedb51b80af13ef03e53fb162c66488ec67bff (diff) | |
download | trusted-firmware-m-1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4.tar.gz |
Boot: Harden critical path against fault attacks
Add fault attack mitigation measures to code which is vital for
the correct validation of images.
Change-Id: Iea12a6eac9c3f516ed8c96a6df44b7a4086dd7f5
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'bl2')
-rw-r--r-- | bl2/ext/mcuboot/CMakeLists.txt | 2 | ||||
-rw-r--r-- | bl2/ext/mcuboot/bl2_main.c | 23 | ||||
-rw-r--r-- | bl2/src/security_cnt.c | 34 |
3 files changed, 28 insertions, 31 deletions
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt index 2e1e082da5..7b056e7e35 100644 --- a/bl2/ext/mcuboot/CMakeLists.txt +++ b/bl2/ext/mcuboot/CMakeLists.txt @@ -34,6 +34,8 @@ target_sources(bl2 ${MCUBOOT_PATH}/boot/bootutil/src/swap_move.c ${MCUBOOT_PATH}/boot/bootutil/src/swap_misc.c ${MCUBOOT_PATH}/boot/bootutil/src/encrypted.c + ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening.c + ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c ) set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG) diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c index d0f1577bc8..ab77052c31 100644 --- a/bl2/ext/mcuboot/bl2_main.c +++ b/bl2/ext/mcuboot/bl2_main.c @@ -25,6 +25,7 @@ #include "bootutil/image.h" #include "bootutil/bootutil.h" #include "bootutil/boot_record.h" +#include "bootutil/fault_injection_hardening.h" #include "flash_map_backend/flash_map_backend.h" #include "boot_hal.h" #include "uart_stdout.h" @@ -83,7 +84,7 @@ static void do_boot(struct boot_rsp *rsp) int main(void) { struct boot_rsp rsp; - int rc; + fih_int fih_rc = FIH_FAILURE; /* Initialise the mbedtls static memory allocator so that mbedtls allocates * memory from the provided static buffer instead of from the heap. @@ -97,24 +98,21 @@ int main(void) /* Perform platform specific initialization */ if (boot_platform_init() != 0) { BOOT_LOG_ERR("Platform init failed"); - while (1) - ; + FIH_PANIC; } BOOT_LOG_INF("Starting bootloader"); - rc = boot_nv_security_counter_init(); - if (rc != 0) { + FIH_CALL(boot_nv_security_counter_init, fih_rc); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { BOOT_LOG_ERR("Error while initializing the security counter"); - while (1) - ; + FIH_PANIC; } - rc = boot_go(&rsp); - if (rc != 0) { + FIH_CALL(boot_go, fih_rc, &rsp); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { BOOT_LOG_ERR("Unable to find bootable image"); - while (1) - ; + FIH_PANIC; } BOOT_LOG_INF("Bootloader chainload address offset: 0x%x", @@ -123,6 +121,5 @@ int main(void) do_boot(&rsp); BOOT_LOG_ERR("Never should get here"); - while (1) - ; + FIH_PANIC; } diff --git a/bl2/src/security_cnt.c b/bl2/src/security_cnt.c index 1359265f6c..7fc6e4c292 100644 --- a/bl2/src/security_cnt.c +++ b/bl2/src/security_cnt.c @@ -8,6 +8,7 @@ #include "bootutil/security_cnt.h" #include "../../platform/include/tfm_plat_nv_counters.h" #include "../../platform/include/tfm_plat_defs.h" +#include "bootutil/fault_injection_hardening.h" #include <stdint.h> #define TFM_BOOT_NV_COUNTER_0 PLAT_NV_COUNTER_3 /* NV counter of Image 0 */ @@ -33,41 +34,38 @@ static enum tfm_nv_counter_t get_nv_counter_from_image_id(uint32_t image_id) return (enum tfm_nv_counter_t)nv_counter; } -int32_t boot_nv_security_counter_init(void) +fih_int boot_nv_security_counter_init(void) { - enum tfm_plat_err_t err; + fih_int fih_rc = FIH_FAILURE; - err = tfm_plat_init_nv_counter(); - if (err != TFM_PLAT_ERR_SUCCESS) { - return -1; - } + fih_rc = fih_int_encode_zero_equality(tfm_plat_init_nv_counter()); - return 0; + FIH_RET(fih_rc); } -int32_t boot_nv_security_counter_get(uint32_t image_id, uint32_t *security_cnt) +fih_int boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt) { enum tfm_nv_counter_t nv_counter; - enum tfm_plat_err_t err; + fih_int fih_rc = FIH_FAILURE; + uint32_t security_cnt_soft; /* Check if it's a null-pointer. */ if (!security_cnt) { - return -1; + FIH_RET(FIH_FAILURE); } nv_counter = get_nv_counter_from_image_id(image_id); if (nv_counter == TFM_BOOT_NV_COUNTER_MAX) { - return -1; + FIH_RET(FIH_FAILURE); } - err = tfm_plat_read_nv_counter(nv_counter, - sizeof(*security_cnt), - (uint8_t *)security_cnt); - if (err != TFM_PLAT_ERR_SUCCESS) { - return -1; - } + fih_rc = fih_int_encode_zero_equality( + tfm_plat_read_nv_counter(nv_counter, + sizeof(security_cnt_soft), + (uint8_t *)&security_cnt_soft)); + *security_cnt = fih_int_encode(security_cnt_soft); - return 0; + FIH_RET(fih_rc); } int32_t boot_nv_security_counter_update(uint32_t image_id, |