From 60ac682a12f5491d94cb8662ba07d133fcab7b5f Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Thu, 22 Aug 2024 10:44:46 +0100 Subject: [PATCH] bootutil: loader: Verify image header before checking image Changes the order of operations to validate the image header before checking the image, it does not make sense to check the image if the header itself is invalid Note: This PR has been modified from the upstream commit due to a merge failure from other changes that are not being brought into Zephyr 3.7 Signed-off-by: Jamie McCrae (cherry picked from commit 2939d305456ad24cbc5711220702c07142ad88f3) --- boot/bootutil/src/loader.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 805c78e1..3dc033fa 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -1015,13 +1015,16 @@ boot_validate_slot(struct boot_loader_state *state, int slot, } } #endif - BOOT_HOOK_CALL_FIH(boot_image_check_hook, FIH_BOOT_HOOK_REGULAR, - fih_rc, BOOT_CURR_IMG(state), slot); - if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR)) - { - FIH_CALL(boot_image_check, fih_rc, state, hdr, fap, bs); + if (!boot_is_header_valid(hdr, fap)) { + fih_rc = FIH_FAILURE; + } else { + BOOT_HOOK_CALL_FIH(boot_image_check_hook, FIH_BOOT_HOOK_REGULAR, + fih_rc, BOOT_CURR_IMG(state), slot); + if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR)) { + FIH_CALL(boot_image_check, fih_rc, state, hdr, fap, bs); + } } - if (!boot_is_header_valid(hdr, fap) || FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) { + if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) { if ((slot != BOOT_PRIMARY_SLOT) || ARE_SLOTS_EQUIVALENT()) { flash_area_erase(fap, 0, flash_area_get_size(fap)); /* Image is invalid, erase it to prevent further unnecessary