Boot: Harden critical path against fault attacks
Add fault attack mitigation measures to code which is vital for
the correct validation of images.
Change-Id: Iea12a6eac9c3f516ed8c96a6df44b7a4086dd7f5
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt
index 701f719..de11459 100644
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -134,6 +134,7 @@
MCUBOOT_${MCUBOOT_UPGRADE_STRATEGY}
$<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
$<$<BOOL:${MCUBOOT_HW_KEY}>:MCUBOOT_HW_KEY>
+ MCUBOOT_FIH_PROFILE_${MCUBOOT_FIH_PROFILE}
)
endif()
diff --git a/platform/ext/target/musca_b1/boot_hal.c b/platform/ext/target/musca_b1/boot_hal.c
index de99b34..f49d7e7 100644
--- a/platform/ext/target/musca_b1/boot_hal.c
+++ b/platform/ext/target/musca_b1/boot_hal.c
@@ -101,6 +101,8 @@
if (result) {
while (1);
}
+
+ (void)fih_delay_init();
#endif /* CRYPTO_HW_ACCELERATOR */
result = FLASH_DEV_NAME.Uninitialize();
diff --git a/platform/ext/target/musca_s1/boot_hal.c b/platform/ext/target/musca_s1/boot_hal.c
index 4b600d4..cdc77a9 100644
--- a/platform/ext/target/musca_s1/boot_hal.c
+++ b/platform/ext/target/musca_s1/boot_hal.c
@@ -63,6 +63,8 @@
if (result) {
return 1;
}
+
+ (void)fih_delay_init();
#endif /* CRYPTO_HW_ACCELERATOR */
/* This is a workaround to program the TF-M related cryptographic keys