diff options
author | David Vincze <david.vincze@arm.com> | 2019-10-25 14:15:05 +0200 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2019-12-16 13:39:25 +0000 |
commit | 66a56fc43bf9111425a08f0f96cea8fe6d108b80 (patch) | |
tree | 30c7f810e03b3f8db91a4b33ab54bd7095a4478d /bl2 | |
parent | 07706a4626cfbcee9d38fe357a158c0e2cd90917 (diff) | |
download | trusted-firmware-m-66a56fc43bf9111425a08f0f96cea8fe6d108b80.tar.gz |
Boot: Use TLV iterator everywhere
With a partial code synchronization the TLV iterator API was introduced
(change-id: I817b199f4923433010253c4a201ada250f743aa8). This patch
extends its usage everywhere the bootloader searches TLVs in the image
manifest, thus the boot_find_tlv_offs() function can finally be removed.
Change-Id: Iff5b3e596199b6593958816694555aef50c19aef
Signed-off-by: David Vincze <david.vincze@arm.com>
Diffstat (limited to 'bl2')
-rw-r--r-- | bl2/ext/mcuboot/bootutil/src/bootutil_priv.h | 3 | ||||
-rw-r--r-- | bl2/ext/mcuboot/bootutil/src/image_validate.c | 53 | ||||
-rw-r--r-- | bl2/ext/mcuboot/bootutil/src/loader.c | 37 | ||||
-rw-r--r-- | bl2/src/boot_record.c | 83 |
4 files changed, 58 insertions, 118 deletions
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h index 72efd1b569..b577e41b60 100644 --- a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h +++ b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h @@ -233,9 +233,6 @@ int boot_write_swap_info(const struct flash_area *fap, uint8_t swap_type, uint8_t image_num); int boot_write_swap_size(const struct flash_area *fap, uint32_t swap_size); int boot_read_swap_size(int image_index, uint32_t *swap_size); -int boot_find_tlv_offs(const struct image_header *hdr, - const struct flash_area *fap, - uint32_t *off, uint32_t *end); bool boot_add_uint32_overflow_check(uint32_t a, uint32_t b); bool boot_add_uint16_overflow_check(uint16_t a, uint16_t b); diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c index 8c554ee1b4..83bf50ef63 100644 --- a/bl2/ext/mcuboot/bootutil/src/image_validate.c +++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c @@ -194,9 +194,9 @@ bootutil_get_img_security_cnt(struct image_header *hdr, const struct flash_area *fap, uint32_t *img_security_cnt) { - struct image_tlv tlv; + struct image_tlv_iter it; uint32_t off; - uint32_t end; + uint16_t len; uint32_t found = 0; int32_t rc; @@ -212,50 +212,35 @@ bootutil_get_img_security_cnt(struct image_header *hdr, return BOOT_EBADIMAGE; } - rc = boot_find_tlv_offs(hdr, fap, &off, &end); + rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SEC_CNT, true); if (rc) { return rc; } - /* Calculate the end of the protected TLV area. */ - end = off - sizeof(struct image_tlv_info) + - (uint32_t)hdr->ih_protect_tlv_size; - /* Traverse through the protected TLV area to find * the security counter TLV. */ - while (off < end) { - rc = LOAD_IMAGE_DATA(hdr, fap, off, &tlv, sizeof(tlv)); - if (rc != 0) { - return BOOT_EFLASH; + while (true) { + rc = bootutil_tlv_iter_next(&it, &off, &len, NULL); + if (rc < 0) { + return -1; + } else if (rc > 0) { + break; } - if (tlv.it_type == IMAGE_TLV_SEC_CNT) { - - if (tlv.it_len != sizeof(*img_security_cnt)) { - /* Security counter is not valid. */ - break; - } - - rc = LOAD_IMAGE_DATA(hdr, fap, off + sizeof(tlv), - img_security_cnt, tlv.it_len); - if (rc != 0) { - return BOOT_EFLASH; - } - - /* Security counter has been found. */ - found = 1; - break; + if (len != sizeof(*img_security_cnt)) { + /* Security counter is not valid. */ + return BOOT_EBADIMAGE; } - /* Avoid integer overflow. */ - if (boot_add_uint32_overflow_check(off, (sizeof(tlv) + tlv.it_len))) - { - /* Potential overflow. */ - break; - } else { - off += sizeof(tlv) + tlv.it_len; + rc = LOAD_IMAGE_DATA(hdr, fap, off, img_security_cnt, len); + if (rc != 0) { + return BOOT_EFLASH; } + + /* Security counter has been found. */ + found = 1; + break; } if (found) { diff --git a/bl2/ext/mcuboot/bootutil/src/loader.c b/bl2/ext/mcuboot/bootutil/src/loader.c index 9b5b93589f..c2b1b5fa56 100644 --- a/bl2/ext/mcuboot/bootutil/src/loader.c +++ b/bl2/ext/mcuboot/bootutil/src/loader.c @@ -159,43 +159,6 @@ static const struct boot_status_table boot_status_tables[] = { #endif /* !MCUBOOT_NO_SWAP && !MCUBOOT_RAM_LOADING */ /* - * Locate the TLVs in an image. - * - * @param hdr The image_header struct of the image being checked - * @param fap flash_area struct of the slot storing the image being checked - * @param off Address of the first TLV (after TLV info) - * @param end Address where TLV area ends - * - * Returns 0 on success. - */ -int -boot_find_tlv_offs(const struct image_header *hdr, const struct flash_area *fap, - uint32_t *off, uint32_t *end) -{ - struct image_tlv_info info; - uint32_t off_; - - off_ = BOOT_TLV_OFF(hdr); - - if (LOAD_IMAGE_DATA(hdr, fap, off_, &info, sizeof(info))) { - return BOOT_EFLASH; - } - - if (info.it_magic != IMAGE_TLV_INFO_MAGIC) { - return BOOT_EBADIMAGE; - } - - if (boot_add_uint32_overflow_check(off_, info.it_tlv_tot)) - { - return -1; - } - - *end = off_ + info.it_tlv_tot; - *off = off_ + sizeof(info); - return 0; -} - -/* * \brief Verifies the image header: magic value, flags, integer overflow. * * \retval 0 diff --git a/bl2/src/boot_record.c b/bl2/src/boot_record.c index ba98ebaab8..63c618182d 100644 --- a/bl2/src/boot_record.c +++ b/bl2/src/boot_record.c @@ -90,8 +90,10 @@ boot_save_sw_measurements(uint8_t sw_module, const struct image_header *hdr, const struct flash_area *fap) { - struct image_tlv tlv_entry; - uintptr_t tlv_end, offset; + struct image_tlv_iter it; + uint32_t offset; + uint16_t len; + uint8_t type; uint8_t buf[32]; int32_t res; uint16_t ias_minor; @@ -106,7 +108,8 @@ boot_save_sw_measurements(uint8_t sw_module, /* Manifest data is concatenated to the end of the image. It is encoded in * TLV format. */ - res = boot_find_tlv_offs(hdr, fap, &offset, &tlv_end); + + res = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false); if (res) { return BOOT_STATUS_ERROR; } @@ -116,20 +119,21 @@ boot_save_sw_measurements(uint8_t sw_module, * - image hash: SW component measurement value * - public key hash: Signer ID */ - for (; offset < tlv_end; offset += sizeof(tlv_entry) + tlv_entry.it_len) { - res = LOAD_IMAGE_DATA(hdr, fap, offset, &tlv_entry, sizeof(tlv_entry)); - if (res) { + while (true) { + res = bootutil_tlv_iter_next(&it, &offset, &len, &type); + if (res < 0) { return BOOT_STATUS_ERROR; + } else if (res > 0) { + break; } - if (tlv_entry.it_type == IMAGE_TLV_SHA256) { + if (type == IMAGE_TLV_SHA256) { /* Get the image's hash value from the manifest section */ - if (tlv_entry.it_len != sizeof(buf)) { /* SHA256 - 32 bytes */ + if (len != sizeof(buf)) { /* SHA256 - 32 bytes */ return BOOT_STATUS_ERROR; } - res = LOAD_IMAGE_DATA(hdr, fap, offset + sizeof(tlv_entry), - buf, tlv_entry.it_len); + res = LOAD_IMAGE_DATA(hdr, fap, offset, buf, len); if (res) { return BOOT_STATUS_ERROR; } @@ -138,7 +142,7 @@ boot_save_sw_measurements(uint8_t sw_module, ias_minor = SET_IAS_MINOR(sw_module, SW_MEASURE_VALUE); res2 = boot_add_data_to_shared_area(TLV_MAJOR_IAS, ias_minor, - tlv_entry.it_len, + len, buf); if (res2) { return BOOT_STATUS_ERROR; @@ -156,32 +160,30 @@ boot_save_sw_measurements(uint8_t sw_module, #ifdef MCUBOOT_SIGN_RSA #ifndef MCUBOOT_HW_KEY - } else if (tlv_entry.it_type == IMAGE_TLV_KEYHASH) { + } else if (type == IMAGE_TLV_KEYHASH) { /* Get the hash of the public key from the manifest section */ - if (tlv_entry.it_len != sizeof(buf)) { /* SHA256 - 32 bytes */ + if (len != sizeof(buf)) { /* SHA256 - 32 bytes */ return BOOT_STATUS_ERROR; } - res = LOAD_IMAGE_DATA(hdr, fap, offset + sizeof(tlv_entry), - buf, tlv_entry.it_len); + res = LOAD_IMAGE_DATA(hdr, fap, offset, buf, len); if (res) { return BOOT_STATUS_ERROR; } #else /* MCUBOOT_HW_KEY */ - } else if (tlv_entry.it_type == IMAGE_TLV_KEY) { + } else if (type == IMAGE_TLV_KEY) { /* Get the public key from the manifest section. */ - if (tlv_entry.it_len > sizeof(key_buf)) { + if (len > sizeof(key_buf)) { return BOOT_STATUS_ERROR; } - res = LOAD_IMAGE_DATA(hdr, fap, offset + sizeof(tlv_entry), - key_buf, tlv_entry.it_len); + res = LOAD_IMAGE_DATA(hdr, fap, offset, key_buf, len); if (res) { return BOOT_STATUS_ERROR; } /* Calculate the hash of the public key. */ bootutil_sha256_init(&sha256_ctx); - bootutil_sha256_update(&sha256_ctx, key_buf, tlv_entry.it_len); + bootutil_sha256_update(&sha256_ctx, key_buf, len); bootutil_sha256_finish(&sha256_ctx, buf); #endif /* MCUBOOT_HW_KEY */ @@ -387,8 +389,10 @@ boot_save_boot_status(uint8_t sw_module, #else /* MCUBOOT_INDIVIDUAL_CLAIMS */ - struct image_tlv tlv_entry; - uint32_t tlv_end, offset; + struct image_tlv_iter it; + uint32_t offset; + uint16_t len; + uint8_t type; size_t record_len = 0; uint8_t image_hash[32]; /* SHA256 - 32 Bytes */ uint8_t buf[MAX_BOOT_RECORD_SZ]; @@ -402,7 +406,7 @@ boot_save_boot_status(uint8_t sw_module, * It is encoded in TLV format. */ - res = boot_find_tlv_offs(hdr, fap, &offset, &tlv_end); + res = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false); if (res) { return BOOT_STATUS_ERROR; } @@ -410,32 +414,32 @@ boot_save_boot_status(uint8_t sw_module, /* Traverse through the TLV area to find the boot record * and image hash TLVs. */ - while (offset < tlv_end) { - res = LOAD_IMAGE_DATA(hdr, fap, offset, &tlv_entry, sizeof(tlv_entry)); - if (res) { + while (true) { + res = bootutil_tlv_iter_next(&it, &offset, &len, &type); + if (res < 0) { return BOOT_STATUS_ERROR; + } else if (res > 0) { + break; } - if (tlv_entry.it_type == IMAGE_TLV_BOOT_RECORD) { - if (tlv_entry.it_len > sizeof(buf)) { + if (type == IMAGE_TLV_BOOT_RECORD) { + if (len > sizeof(buf)) { return BOOT_STATUS_ERROR; } - res = LOAD_IMAGE_DATA(hdr, fap, offset + sizeof(tlv_entry), - buf, tlv_entry.it_len); + res = LOAD_IMAGE_DATA(hdr, fap, offset, buf, len); if (res) { return BOOT_STATUS_ERROR; } - record_len = tlv_entry.it_len; + record_len = len; boot_record_found = 1; - } else if (tlv_entry.it_type == IMAGE_TLV_SHA256) { + } else if (type == IMAGE_TLV_SHA256) { /* Get the image's hash value from the manifest section. */ - if (tlv_entry.it_len > sizeof(image_hash)) { + if (len > sizeof(image_hash)) { return BOOT_STATUS_ERROR; } - res = LOAD_IMAGE_DATA(hdr, fap, offset + sizeof(tlv_entry), - image_hash, tlv_entry.it_len); + res = LOAD_IMAGE_DATA(hdr, fap, offset, image_hash, len); if (res) { return BOOT_STATUS_ERROR; } @@ -449,15 +453,6 @@ boot_save_boot_status(uint8_t sw_module, */ break; } - - /* Avoid integer overflow. */ - if ((UINTPTR_MAX - offset) < - (sizeof(tlv_entry) + tlv_entry.it_len)) { - /* Potential overflow. */ - break; - } else { - offset += sizeof(tlv_entry) + tlv_entry.it_len; - } } |