From 35bf48c5b7e10723b36f0f9fbed048d4bdff918e Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 12 Jul 2024 19:21:40 +0000 Subject: [PATCH] boot: Change boot_enc_load to take slot number instead of image In all cases where boot_enc_load is called it is known what slot is addressed, so it is better to just pass the slot number instead of making the boot_enc_load figure out slot number from image index and provided flash area object. Signed-off-by: Dominik Ermel (cherry picked from commit 7f9ac97951b989e4e71a8f87dbb7187ec10ffb06) --- boot/boot_serial/src/boot_serial_encryption.c | 7 ++----- boot/bootutil/include/bootutil/enc_key.h | 2 +- boot/bootutil/src/encrypted.c | 9 +-------- boot/bootutil/src/loader.c | 20 +++++++++---------- 4 files changed, 13 insertions(+), 25 deletions(-) diff --git a/boot/boot_serial/src/boot_serial_encryption.c b/boot/boot_serial/src/boot_serial_encryption.c index ee2e111c..baa13af8 100644 --- a/boot/boot_serial/src/boot_serial_encryption.c +++ b/boot/boot_serial/src/boot_serial_encryption.c @@ -36,7 +36,7 @@ boot_image_validate_encrypted(const struct flash_area *fa_p, memset(&boot_data, 0, sizeof(struct boot_loader_state)); image_index = BOOT_CURR_IMG(state); if(IS_ENCRYPTED(hdr)) { - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fa_p, bs); + rc = boot_enc_load(BOOT_CURR_ENC(state), 1, hdr, fa_p, bs); if (rc < 0) { FIH_RET(fih_rc); } @@ -218,7 +218,6 @@ decrypt_image_inplace(const struct flash_area *fa_p, size_t sect_size; size_t sect_count; size_t sect; - uint8_t image_index; struct flash_sector sector; memset(&boot_data, 0, sizeof(struct boot_loader_state)); @@ -228,8 +227,6 @@ decrypt_image_inplace(const struct flash_area *fa_p, rc = flash_area_get_sector(fa_p, boot_status_off(fa_p), §or); - image_index = BOOT_CURR_IMG(state); - if(IS_ENCRYPTED(hdr)) { #if 0 //Skip this step?, the image will just not boot if it's not decrypted properly static uint8_t tmpbuf[BOOT_TMPBUF_SZ]; @@ -241,7 +238,7 @@ decrypt_image_inplace(const struct flash_area *fa_p, #endif memset(&boot_data, 0, sizeof(struct boot_loader_state)); /* Load the encryption keys into cache */ - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fa_p, bs); + rc = boot_enc_load(BOOT_CURR_ENC(state), 0, hdr, fa_p, bs); if (rc < 0) { FIH_RET(fih_rc); } diff --git a/boot/bootutil/include/bootutil/enc_key.h b/boot/bootutil/include/bootutil/enc_key.h index 39276af4..6f3db545 100644 --- a/boot/bootutil/include/bootutil/enc_key.h +++ b/boot/bootutil/include/bootutil/enc_key.h @@ -55,7 +55,7 @@ int boot_enc_init(struct enc_key_data *enc_state, uint8_t slot); int boot_enc_drop(struct enc_key_data *enc_state, uint8_t slot); int boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot, const struct boot_status *bs); -int boot_enc_load(struct enc_key_data *enc_state, int image_index, +int boot_enc_load(struct enc_key_data *enc_state, int slot, const struct image_header *hdr, const struct flash_area *fap, struct boot_status *bs); bool boot_enc_valid(struct enc_key_data *enc_state, int image_index, diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c index 81343cf0..84ffddd0 100644 --- a/boot/bootutil/src/encrypted.c +++ b/boot/bootutil/src/encrypted.c @@ -607,7 +607,7 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey) * Load encryption key. */ int -boot_enc_load(struct enc_key_data *enc_state, int image_index, +boot_enc_load(struct enc_key_data *enc_state, int slot, const struct image_header *hdr, const struct flash_area *fap, struct boot_status *bs) { @@ -619,15 +619,8 @@ boot_enc_load(struct enc_key_data *enc_state, int image_index, #else uint8_t buf[EXPECTED_ENC_LEN]; #endif - uint8_t slot; int rc; - rc = flash_area_id_to_multi_image_slot(image_index, flash_area_get_id(fap)); - if (rc < 0) { - return rc; - } - slot = rc; - /* Already loaded... */ if (enc_state[slot].valid) { return 1; diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 1030131f..a095f2d7 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -781,7 +781,6 @@ boot_image_check(struct boot_loader_state *state, struct image_header *hdr, const struct flash_area *fap, struct boot_status *bs) { TARGET_STATIC uint8_t tmpbuf[BOOT_TMPBUF_SZ]; - uint8_t image_index; int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); @@ -792,13 +791,11 @@ boot_image_check(struct boot_loader_state *state, struct image_header *hdr, (void)bs; (void)rc; - image_index = BOOT_CURR_IMG(state); - /* In the case of ram loading the image has already been decrypted as it is * decrypted when copied in ram */ #if defined(MCUBOOT_ENC_IMAGES) && !defined(MCUBOOT_RAM_LOAD) - if (MUST_DECRYPT(fap, image_index, hdr)) { - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs); + if (MUST_DECRYPT(fap, BOOT_CURR_IMG(state), hdr)) { + rc = boot_enc_load(BOOT_CURR_ENC(state), 1, hdr, fap, bs); if (rc < 0) { FIH_RET(fih_rc); } @@ -808,8 +805,9 @@ boot_image_check(struct boot_loader_state *state, struct image_header *hdr, } #endif - FIH_CALL(bootutil_img_validate, fih_rc, BOOT_CURR_ENC(state), image_index, - hdr, fap, tmpbuf, BOOT_TMPBUF_SZ, NULL, 0, NULL); + FIH_CALL(bootutil_img_validate, fih_rc, BOOT_CURR_ENC(state), + BOOT_CURR_IMG(state), hdr, fap, tmpbuf, BOOT_TMPBUF_SZ, + NULL, 0, NULL); FIH_RET(fih_rc); } @@ -1403,7 +1401,7 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) #ifdef MCUBOOT_ENC_IMAGES if (IS_ENCRYPTED(boot_img_hdr(state, BOOT_SECONDARY_SLOT))) { - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, + rc = boot_enc_load(BOOT_CURR_ENC(state), BOOT_SECONDARY_SLOT, boot_img_hdr(state, BOOT_SECONDARY_SLOT), fap_secondary_slot, bs); @@ -1527,7 +1525,7 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs) #ifdef MCUBOOT_ENC_IMAGES if (IS_ENCRYPTED(hdr)) { fap = BOOT_IMG_AREA(state, BOOT_PRIMARY_SLOT); - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs); + rc = boot_enc_load(BOOT_CURR_ENC(state), 0, hdr, fap, bs); assert(rc >= 0); if (rc == 0) { @@ -1551,7 +1549,7 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs) hdr = boot_img_hdr(state, BOOT_SECONDARY_SLOT); if (IS_ENCRYPTED(hdr)) { fap = BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs); + rc = boot_enc_load(BOOT_CURR_ENC(state), 1, hdr, fap, bs); assert(rc >= 0); if (rc == 0) { @@ -2750,7 +2748,7 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state, goto done; } - rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap_src, &bs); + rc = boot_enc_load(BOOT_CURR_ENC(state), slot, hdr, fap_src, &bs); if (rc < 0) { goto done; }