aboutsummaryrefslogtreecommitdiff
path: root/bl2
diff options
context:
space:
mode:
authorTamas Ban <tamas.ban@arm.com>2020-07-09 13:55:38 +0100
committerTamas Ban <tamas.ban@arm.com>2020-10-05 13:07:41 +0100
commit1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4 (patch)
treeee6c90c511e09f9b2340e83a96e7fe1c7e2cc834 /bl2
parent37aedb51b80af13ef03e53fb162c66488ec67bff (diff)
downloadtrusted-firmware-m-1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4.tar.gz
Boot: Harden critical path against fault attacks
Add fault attack mitigation measures to code which is vital for the correct validation of images. Change-Id: Iea12a6eac9c3f516ed8c96a6df44b7a4086dd7f5 Signed-off-by: Raef Coles <raef.coles@arm.com> Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'bl2')
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt2
-rw-r--r--bl2/ext/mcuboot/bl2_main.c23
-rw-r--r--bl2/src/security_cnt.c34
3 files changed, 28 insertions, 31 deletions
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 2e1e082da5..7b056e7e35 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -34,6 +34,8 @@ target_sources(bl2
${MCUBOOT_PATH}/boot/bootutil/src/swap_move.c
${MCUBOOT_PATH}/boot/bootutil/src/swap_misc.c
${MCUBOOT_PATH}/boot/bootutil/src/encrypted.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c
)
set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index d0f1577bc8..ab77052c31 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c
@@ -25,6 +25,7 @@
#include "bootutil/image.h"
#include "bootutil/bootutil.h"
#include "bootutil/boot_record.h"
+#include "bootutil/fault_injection_hardening.h"
#include "flash_map_backend/flash_map_backend.h"
#include "boot_hal.h"
#include "uart_stdout.h"
@@ -83,7 +84,7 @@ static void do_boot(struct boot_rsp *rsp)
int main(void)
{
struct boot_rsp rsp;
- int rc;
+ fih_int fih_rc = FIH_FAILURE;
/* Initialise the mbedtls static memory allocator so that mbedtls allocates
* memory from the provided static buffer instead of from the heap.
@@ -97,24 +98,21 @@ int main(void)
/* Perform platform specific initialization */
if (boot_platform_init() != 0) {
BOOT_LOG_ERR("Platform init failed");
- while (1)
- ;
+ FIH_PANIC;
}
BOOT_LOG_INF("Starting bootloader");
- rc = boot_nv_security_counter_init();
- if (rc != 0) {
+ FIH_CALL(boot_nv_security_counter_init, fih_rc);
+ if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
BOOT_LOG_ERR("Error while initializing the security counter");
- while (1)
- ;
+ FIH_PANIC;
}
- rc = boot_go(&rsp);
- if (rc != 0) {
+ FIH_CALL(boot_go, fih_rc, &rsp);
+ if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
BOOT_LOG_ERR("Unable to find bootable image");
- while (1)
- ;
+ FIH_PANIC;
}
BOOT_LOG_INF("Bootloader chainload address offset: 0x%x",
@@ -123,6 +121,5 @@ int main(void)
do_boot(&rsp);
BOOT_LOG_ERR("Never should get here");
- while (1)
- ;
+ FIH_PANIC;
}
diff --git a/bl2/src/security_cnt.c b/bl2/src/security_cnt.c
index 1359265f6c..7fc6e4c292 100644
--- a/bl2/src/security_cnt.c
+++ b/bl2/src/security_cnt.c
@@ -8,6 +8,7 @@
#include "bootutil/security_cnt.h"
#include "../../platform/include/tfm_plat_nv_counters.h"
#include "../../platform/include/tfm_plat_defs.h"
+#include "bootutil/fault_injection_hardening.h"
#include <stdint.h>
#define TFM_BOOT_NV_COUNTER_0 PLAT_NV_COUNTER_3 /* NV counter of Image 0 */
@@ -33,41 +34,38 @@ static enum tfm_nv_counter_t get_nv_counter_from_image_id(uint32_t image_id)
return (enum tfm_nv_counter_t)nv_counter;
}
-int32_t boot_nv_security_counter_init(void)
+fih_int boot_nv_security_counter_init(void)
{
- enum tfm_plat_err_t err;
+ fih_int fih_rc = FIH_FAILURE;
- err = tfm_plat_init_nv_counter();
- if (err != TFM_PLAT_ERR_SUCCESS) {
- return -1;
- }
+ fih_rc = fih_int_encode_zero_equality(tfm_plat_init_nv_counter());
- return 0;
+ FIH_RET(fih_rc);
}
-int32_t boot_nv_security_counter_get(uint32_t image_id, uint32_t *security_cnt)
+fih_int boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt)
{
enum tfm_nv_counter_t nv_counter;
- enum tfm_plat_err_t err;
+ fih_int fih_rc = FIH_FAILURE;
+ uint32_t security_cnt_soft;
/* Check if it's a null-pointer. */
if (!security_cnt) {
- return -1;
+ FIH_RET(FIH_FAILURE);
}
nv_counter = get_nv_counter_from_image_id(image_id);
if (nv_counter == TFM_BOOT_NV_COUNTER_MAX) {
- return -1;
+ FIH_RET(FIH_FAILURE);
}
- err = tfm_plat_read_nv_counter(nv_counter,
- sizeof(*security_cnt),
- (uint8_t *)security_cnt);
- if (err != TFM_PLAT_ERR_SUCCESS) {
- return -1;
- }
+ fih_rc = fih_int_encode_zero_equality(
+ tfm_plat_read_nv_counter(nv_counter,
+ sizeof(security_cnt_soft),
+ (uint8_t *)&security_cnt_soft));
+ *security_cnt = fih_int_encode(security_cnt_soft);
- return 0;
+ FIH_RET(fih_rc);
}
int32_t boot_nv_security_counter_update(uint32_t image_id,