diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 887ad6ee..2c2968d7 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2012-2014 Wind River Systems, Inc. + * Copyright (c) 2020 Arm Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +30,8 @@ #include "bootutil/bootutil_log.h" #include "bootutil/image.h" #include "bootutil/bootutil.h" +#include "bootutil/fault_injection_hardening.h" +#include "bootutil/fault_injection_hardening_delay_rng.h" #include "flash_map_backend/flash_map_backend.h" #ifdef CONFIG_MCUBOOT_SERIAL @@ -309,6 +312,7 @@ void main(void) { struct boot_rsp rsp; int rc; + fih_int fih_rc = FIH_FAILURE; BOOT_LOG_INF("Starting bootloader"); @@ -316,6 +320,8 @@ void main(void) ZEPHYR_BOOT_LOG_START(); + (void)rc; + #if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) if (!flash_device_get_binding(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) { BOOT_LOG_ERR("Flash device %s not found", @@ -381,11 +387,10 @@ void main(void) } #endif - rc = boot_go(&rsp); - if (rc != 0) { + FIH_CALL(boot_go, fih_rc, &rsp); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { BOOT_LOG_ERR("Unable to find bootable image"); - while (1) - ; + FIH_PANIC; } BOOT_LOG_INF("Bootloader chainload address offset: 0x%x", diff --git a/boot/zephyr/single_loader.c b/boot/zephyr/single_loader.c index 258d38be..a5e9d1f7 100644 --- a/boot/zephyr/single_loader.c +++ b/boot/zephyr/single_loader.c @@ -2,12 +2,15 @@ * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2020 Nordic Semiconductor ASA + * Copyright (c) 2020 Arm Limited */ #include #include "bootutil/image.h" #include "bootutil_priv.h" #include "bootutil/bootutil_log.h" +#include "bootutil/fault_injection_hardening.h" +#include "bootutil/fault_injection_hardening_delay_rng.h" #include "mcuboot_config/mcuboot_config.h" @@ -24,13 +27,14 @@ static struct image_header _hdr = { 0 }; * @param[in] fa_p flash area pointer * @param[in] hdr boot image header pointer * - * @return 0 on success, error code otherwise + * @return FIH_SUCCESS on success, error code otherwise */ -inline static int +inline static fih_int boot_image_validate(const struct flash_area *fa_p, struct image_header *hdr) { static uint8_t tmpbuf[BOOT_TMPBUF_SZ]; + fih_int fih_rc = FIH_FAILURE; /* NOTE: The enc-state pointer may be NULL only because when there is * only one image (BOOT_IMAGE_NUMBER == 1), the code that uses the @@ -38,12 +42,10 @@ boot_image_validate(const struct flash_area *fa_p, * is excluded from compilation. */ /* Validate hash */ - if (bootutil_img_validate(NULL, 0, hdr, fa_p, tmpbuf, - BOOT_TMPBUF_SZ, NULL, 0, NULL)) { - return BOOT_EBADIMAGE; - } + FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, hdr, fa_p, tmpbuf, + BOOT_TMPBUF_SZ, NULL, 0, NULL); - return 0; + FIH_RET(fih_rc); } #endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */ @@ -95,12 +97,13 @@ boot_image_load_header(const struct flash_area *fa_p, * * @parami[out] rsp Parameters for booting image, on success * - * @return 0 on success, error code otherwise. + * @return FIH_SUCCESS on success; nonzero on failure. */ -int +fih_int boot_go(struct boot_rsp *rsp) { int rc = -1; + fih_int fih_rc = FIH_FAILURE; rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(0), &_fa_p); assert(rc == 0); @@ -110,10 +113,12 @@ boot_go(struct boot_rsp *rsp) goto out; #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT - rc = boot_image_validate(_fa_p, &_hdr); - if (rc != 0) { + FIH_CALL(boot_image_validate, fih_rc, _fa_p, &_hdr); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { goto out; } +#else + fih_rc = FIH_SUCCESS; #endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */ rsp->br_flash_dev_id = _fa_p->fa_device_id; @@ -122,5 +127,6 @@ boot_go(struct boot_rsp *rsp) out: flash_area_close(_fa_p); - return rc; + + FIH_RET(fih_rc); }