TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4^! / . / bl2 / ext / mcuboot
commit1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4[log] [tgz]
authorTamas Ban <tamas.ban@arm.com>Thu Jul 09 13:55:38 2020 +0100
committerTamas Ban <tamas.ban@arm.com>Mon Oct 05 13:07:41 2020 +0100
treeee6c90c511e09f9b2340e83a96e7fe1c7e2cc834
parent37aedb51b80af13ef03e53fb162c66488ec67bff [diff]
Boot: Harden critical path against fault attacks

Add fault attack mitigation measures to code which is vital for
the correct validation of images.

Change-Id: Iea12a6eac9c3f516ed8c96a6df44b7a4086dd7f5
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 2e1e082..7b056e7 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt

@@ -34,6 +34,8 @@
         ${MCUBOOT_PATH}/boot/bootutil/src/swap_move.c
         ${MCUBOOT_PATH}/boot/bootutil/src/swap_misc.c
         ${MCUBOOT_PATH}/boot/bootutil/src/encrypted.c
+        ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening.c
+        ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c
 )
 
 set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)

diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index d0f1577..ab77052 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c

@@ -25,6 +25,7 @@
 #include "bootutil/image.h"
 #include "bootutil/bootutil.h"
 #include "bootutil/boot_record.h"
+#include "bootutil/fault_injection_hardening.h"
 #include "flash_map_backend/flash_map_backend.h"
 #include "boot_hal.h"
 #include "uart_stdout.h"
@@ -83,7 +84,7 @@
 int main(void)
 {
     struct boot_rsp rsp;
-    int rc;
+    fih_int fih_rc = FIH_FAILURE;
 
     /* Initialise the mbedtls static memory allocator so that mbedtls allocates
      * memory from the provided static buffer instead of from the heap.
@@ -97,24 +98,21 @@
     /* Perform platform specific initialization */
     if (boot_platform_init() != 0) {
         BOOT_LOG_ERR("Platform init failed");
-        while (1)
-            ;
+        FIH_PANIC;
     }
 
     BOOT_LOG_INF("Starting bootloader");
 
-    rc = boot_nv_security_counter_init();
-    if (rc != 0) {
+    FIH_CALL(boot_nv_security_counter_init, fih_rc);
+    if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
         BOOT_LOG_ERR("Error while initializing the security counter");
-        while (1)
-            ;
+        FIH_PANIC;
     }
 
-    rc = boot_go(&rsp);
-    if (rc != 0) {
+    FIH_CALL(boot_go, fih_rc, &rsp);
+    if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
         BOOT_LOG_ERR("Unable to find bootable image");
-        while (1)
-            ;
+        FIH_PANIC;
     }
 
     BOOT_LOG_INF("Bootloader chainload address offset: 0x%x",
@@ -123,6 +121,5 @@
     do_boot(&rsp);
 
     BOOT_LOG_ERR("Never should get here");
-    while (1)
-        ;
+    FIH_PANIC;
 }