TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / 8faae452712b630dc69c24da61e84c88a901d2d4^! / . / bl2 / ext
commit8faae452712b630dc69c24da61e84c88a901d2d4[log] [tgz]
authorSherry Zhang <sherry.zhang2@arm.com>Mon Feb 13 14:53:51 2023 +0800
committerSherry Zhang <sherry.zhang2@arm.com>Wed Feb 22 16:47:01 2023 +0800
treef6c8c543780170a98d9bb52bb49ea09f0086a28e
parent36316f54f381d66fdf1d5142832bc71ea597006c [diff]
Boot: Align MCUboot to the latest version

Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Co-authored-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I256ab23d330bd45a93ff33f0cd93e45822c0ed2f

diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index c45c3ba..901a94e 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2014 Wind River Systems, Inc.
- * Copyright (c) 2017-2022 Arm Limited.
+ * Copyright (c) 2017-2023 Arm Limited.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -89,7 +89,7 @@
 
 int main(void)
 {
-    fih_int fih_rc = FIH_FAILURE;
+    fih_ret fih_rc = FIH_FAILURE;
     enum tfm_plat_err_t plat_err;
     int32_t image_id;
 
@@ -127,7 +127,7 @@
     }
 
     FIH_CALL(boot_nv_security_counter_init, fih_rc);
-    if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+    if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
         BOOT_LOG_ERR("Error while initializing the security counter");
         FIH_PANIC;
     }
@@ -151,8 +151,13 @@
             FIH_PANIC;
         }
 
+        /* Primary goal to zeroize the 'rsp' is to avoid to accidentally load
+         * the NS image in case of a fault injection attack. However, it is
+         * done anyway as a good practice to sanitize memory.
+         */
+        memset(&rsp, 0, sizeof(struct boot_rsp));
         FIH_CALL(boot_go_for_image_id, fih_rc, &rsp, image_id);
-        if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+        if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
             BOOT_LOG_ERR("Unable to find bootable image");
             FIH_PANIC;
         }

diff --git a/bl2/ext/mcuboot/include/fih.h b/bl2/ext/mcuboot/include/fih.h
index 5331dbb..20cb3b2 100644
--- a/bl2/ext/mcuboot/include/fih.h
+++ b/bl2/ext/mcuboot/include/fih.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -20,11 +20,11 @@
 #include "stdint.h"
 
 /*
- * FIH return type macro changes the function return types to fih_int.
+ * FIH return type macro changes the function return types to fih_ret.
  * All functions that need to be protected by FIH and called via FIH_CALL must
- * return a fih_int type.
+ * return a fih_ret type.
  */
-#define FIH_RET_TYPE(type)    fih_int
+#define FIH_RET_TYPE(type)    fih_ret
 
 #include "bootutil/fault_injection_hardening.h"