commit 1bfc9dafb4db2bd7a56267d36f33585fdbb2f2f4
author Tamas Ban <tamas.ban@arm.com> Thu Jul 09 13:55:38 2020 +0100
committer Tamas Ban <tamas.ban@arm.com> Mon Oct 05 13:07:41 2020 +0100
tree ee6c90c511e09f9b2340e83a96e7fe1c7e2cc834
parent 37aedb51b80af13ef03e53fb162c66488ec67bff

Boot: Harden critical path against fault attacks

Add fault attack mitigation measures to code which is vital for
the correct validation of images.

Change-Id: Iea12a6eac9c3f516ed8c96a6df44b7a4086dd7f5
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

bl2/src/security_cnt.c

diff --git a/bl2/src/security_cnt.c b/bl2/src/security_cnt.c
index 1359265..7fc6e4c 100644
--- a/bl2/src/security_cnt.c
+++ b/bl2/src/security_cnt.c
@@ -8,6 +8,7 @@
 #include "bootutil/security_cnt.h"
 #include "../../platform/include/tfm_plat_nv_counters.h"
 #include "../../platform/include/tfm_plat_defs.h"
+#include "bootutil/fault_injection_hardening.h"
 #include <stdint.h>
 
 #define TFM_BOOT_NV_COUNTER_0    PLAT_NV_COUNTER_3   /* NV counter of Image 0 */
@@ -33,41 +34,38 @@
     return (enum tfm_nv_counter_t)nv_counter;
 }
 
-int32_t boot_nv_security_counter_init(void)
+fih_int boot_nv_security_counter_init(void)
 {
-    enum tfm_plat_err_t err;
+    fih_int fih_rc = FIH_FAILURE;
 
-    err = tfm_plat_init_nv_counter();
-    if (err != TFM_PLAT_ERR_SUCCESS) {
-        return -1;
-    }
+    fih_rc = fih_int_encode_zero_equality(tfm_plat_init_nv_counter());
 
-    return 0;
+    FIH_RET(fih_rc);
 }
 
-int32_t boot_nv_security_counter_get(uint32_t image_id, uint32_t *security_cnt)
+fih_int boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt)
 {
     enum tfm_nv_counter_t nv_counter;
-    enum tfm_plat_err_t err;
+    fih_int fih_rc = FIH_FAILURE;
+    uint32_t security_cnt_soft;
 
     /* Check if it's a null-pointer. */
     if (!security_cnt) {
-        return -1;
+        FIH_RET(FIH_FAILURE);
     }
 
     nv_counter = get_nv_counter_from_image_id(image_id);
     if (nv_counter == TFM_BOOT_NV_COUNTER_MAX) {
-        return -1;
+        FIH_RET(FIH_FAILURE);
     }
 
-    err = tfm_plat_read_nv_counter(nv_counter,
-                                   sizeof(*security_cnt),
-                                   (uint8_t *)security_cnt);
-    if (err != TFM_PLAT_ERR_SUCCESS) {
-        return -1;
-    }
+    fih_rc = fih_int_encode_zero_equality(
+             tfm_plat_read_nv_counter(nv_counter,
+                                      sizeof(security_cnt_soft),
+                                      (uint8_t *)&security_cnt_soft));
+    *security_cnt = fih_int_encode(security_cnt_soft);
 
-    return 0;
+    FIH_RET(fih_rc);
 }
 
 int32_t boot_nv_security_counter_update(uint32_t image_id,