boot/zephyr: Add fault injection mitigation
Add software countermeasures against fault injection attacks.
Change-Id: I82f2d6b529ee2bd8d58ec6d5302c01680b4fd483
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
diff --git a/boot/zephyr/single_loader.c b/boot/zephyr/single_loader.c
index 258d38b..a5e9d1f 100644
--- a/boot/zephyr/single_loader.c
+++ b/boot/zephyr/single_loader.c
@@ -2,12 +2,15 @@
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2020 Nordic Semiconductor ASA
+ * Copyright (c) 2020 Arm Limited
*/
#include <assert.h>
#include "bootutil/image.h"
#include "bootutil_priv.h"
#include "bootutil/bootutil_log.h"
+#include "bootutil/fault_injection_hardening.h"
+#include "bootutil/fault_injection_hardening_delay_rng.h"
#include "mcuboot_config/mcuboot_config.h"
@@ -24,13 +27,14 @@
* @param[in] fa_p flash area pointer
* @param[in] hdr boot image header pointer
*
- * @return 0 on success, error code otherwise
+ * @return FIH_SUCCESS on success, error code otherwise
*/
-inline static int
+inline static fih_int
boot_image_validate(const struct flash_area *fa_p,
struct image_header *hdr)
{
static uint8_t tmpbuf[BOOT_TMPBUF_SZ];
+ fih_int fih_rc = FIH_FAILURE;
/* NOTE: The enc-state pointer may be NULL only because when there is
* only one image (BOOT_IMAGE_NUMBER == 1), the code that uses the
@@ -38,12 +42,10 @@
* is excluded from compilation.
*/
/* Validate hash */
- if (bootutil_img_validate(NULL, 0, hdr, fa_p, tmpbuf,
- BOOT_TMPBUF_SZ, NULL, 0, NULL)) {
- return BOOT_EBADIMAGE;
- }
+ FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, hdr, fa_p, tmpbuf,
+ BOOT_TMPBUF_SZ, NULL, 0, NULL);
- return 0;
+ FIH_RET(fih_rc);
}
#endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */
@@ -95,12 +97,13 @@
*
* @parami[out] rsp Parameters for booting image, on success
*
- * @return 0 on success, error code otherwise.
+ * @return FIH_SUCCESS on success; nonzero on failure.
*/
-int
+fih_int
boot_go(struct boot_rsp *rsp)
{
int rc = -1;
+ fih_int fih_rc = FIH_FAILURE;
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(0), &_fa_p);
assert(rc == 0);
@@ -110,10 +113,12 @@
goto out;
#ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
- rc = boot_image_validate(_fa_p, &_hdr);
- if (rc != 0) {
+ FIH_CALL(boot_image_validate, fih_rc, _fa_p, &_hdr);
+ if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
goto out;
}
+#else
+ fih_rc = FIH_SUCCESS;
#endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */
rsp->br_flash_dev_id = _fa_p->fa_device_id;
@@ -122,5 +127,6 @@
out:
flash_area_close(_fa_p);
- return rc;
+
+ FIH_RET(fih_rc);
}