OrgZephyr/mcuboot
OrgZephyr
/
mcuboot
mirror of https://github.com/zephyrproject-rtos/mcuboot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

boot/zephyr: Add fault injection mitigation 

Add software countermeasures against fault injection attacks.

Change-Id: I82f2d6b529ee2bd8d58ec6d5302c01680b4fd483
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
This commit is contained in:
Tamas Ban 2020-09-30 07:58:48 +01:00 committed by Fabio Utzig
parent fce873364e
commit ee6615def0
2 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
boot/zephyr/main.c
View File

@ -1,5 +1,6 @@
/* /*
* Copyright (c) 2012-2014 Wind River Systems, Inc. * Copyright (c) 2012-2014 Wind River Systems, Inc.
* Copyright (c) 2020 Arm Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -29,6 +30,8 @@
#include "bootutil/bootutil_log.h" #include "bootutil/bootutil_log.h"
#include "bootutil/image.h" #include "bootutil/image.h"
#include "bootutil/bootutil.h" #include "bootutil/bootutil.h"
#include "bootutil/fault_injection_hardening.h"
#include "bootutil/fault_injection_hardening_delay_rng.h"
#include "flash_map_backend/flash_map_backend.h" #include "flash_map_backend/flash_map_backend.h"
#ifdef CONFIG_MCUBOOT_SERIAL #ifdef CONFIG_MCUBOOT_SERIAL
@ -309,6 +312,7 @@ void main(void)
{ {
struct boot_rsp rsp; struct boot_rsp rsp;
int rc; int rc;
fih_int fih_rc = FIH_FAILURE;
BOOT_LOG_INF("Starting bootloader"); BOOT_LOG_INF("Starting bootloader");
@ -316,6 +320,8 @@ void main(void)
ZEPHYR_BOOT_LOG_START(); ZEPHYR_BOOT_LOG_START();
(void)rc;
#if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) #if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL))
if (!flash_device_get_binding(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) { if (!flash_device_get_binding(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) {
BOOT_LOG_ERR("Flash device %s not found", BOOT_LOG_ERR("Flash device %s not found",
@ -381,11 +387,10 @@ void main(void)
} }
#endif #endif
rc = boot_go(&rsp); FIH_CALL(boot_go, fih_rc, &rsp);
if (rc != 0) { if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
BOOT_LOG_ERR("Unable to find bootable image"); BOOT_LOG_ERR("Unable to find bootable image");
while (1) FIH_PANIC;
;
} }
BOOT_LOG_INF("Bootloader chainload address offset: 0x%x", BOOT_LOG_INF("Bootloader chainload address offset: 0x%x",

30
boot/zephyr/single_loader.c
View File

@ -2,12 +2,15 @@
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Copyright (c) 2020 Nordic Semiconductor ASA * Copyright (c) 2020 Nordic Semiconductor ASA
* Copyright (c) 2020 Arm Limited
*/ */
#include <assert.h> #include <assert.h>
#include "bootutil/image.h" #include "bootutil/image.h"
#include "bootutil_priv.h" #include "bootutil_priv.h"
#include "bootutil/bootutil_log.h" #include "bootutil/bootutil_log.h"
#include "bootutil/fault_injection_hardening.h"
#include "bootutil/fault_injection_hardening_delay_rng.h"
#include "mcuboot_config/mcuboot_config.h" #include "mcuboot_config/mcuboot_config.h"
@ -24,13 +27,14 @@ static struct image_header _hdr = { 0 };
* @param[in] fa_p flash area pointer * @param[in] fa_p flash area pointer
* @param[in] hdr boot image header pointer * @param[in] hdr boot image header pointer
* *
* @return 0 on success, error code otherwise * @return FIH_SUCCESS on success, error code otherwise
*/ */
inline static int inline static fih_int
boot_image_validate(const struct flash_area *fa_p, boot_image_validate(const struct flash_area *fa_p,
struct image_header *hdr) struct image_header *hdr)
{ {
static uint8_t tmpbuf[BOOT_TMPBUF_SZ]; static uint8_t tmpbuf[BOOT_TMPBUF_SZ];
fih_int fih_rc = FIH_FAILURE;
/* NOTE: The enc-state pointer may be NULL only because when there is /* NOTE: The enc-state pointer may be NULL only because when there is
* only one image (BOOT_IMAGE_NUMBER == 1), the code that uses the * only one image (BOOT_IMAGE_NUMBER == 1), the code that uses the
@ -38,12 +42,10 @@ boot_image_validate(const struct flash_area *fa_p,
* is excluded from compilation. * is excluded from compilation.
*/ */
/* Validate hash */ /* Validate hash */
if (bootutil_img_validate(NULL, 0, hdr, fa_p, tmpbuf, FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, hdr, fa_p, tmpbuf,
BOOT_TMPBUF_SZ, NULL, 0, NULL)) { BOOT_TMPBUF_SZ, NULL, 0, NULL);
return BOOT_EBADIMAGE;
}
return 0; FIH_RET(fih_rc);
} }
#endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */ #endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */
@ -95,12 +97,13 @@ boot_image_load_header(const struct flash_area *fa_p,
* *
* @parami[out] rsp Parameters for booting image, on success * @parami[out] rsp Parameters for booting image, on success
* *
* @return 0 on success, error code otherwise. * @return FIH_SUCCESS on success; nonzero on failure.
*/ */
int fih_int
boot_go(struct boot_rsp *rsp) boot_go(struct boot_rsp *rsp)
{ {
int rc = -1; int rc = -1;
fih_int fih_rc = FIH_FAILURE;
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(0), &_fa_p); rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(0), &_fa_p);
assert(rc == 0); assert(rc == 0);
@ -110,10 +113,12 @@ boot_go(struct boot_rsp *rsp)
goto out; goto out;
#ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
rc = boot_image_validate(_fa_p, &_hdr); FIH_CALL(boot_image_validate, fih_rc, _fa_p, &_hdr);
if (rc != 0) { if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
goto out; goto out;
} }
#else
fih_rc = FIH_SUCCESS;
#endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */ #endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */
rsp->br_flash_dev_id = _fa_p->fa_device_id; rsp->br_flash_dev_id = _fa_p->fa_device_id;
@ -122,5 +127,6 @@ boot_go(struct boot_rsp *rsp)
out: out:
flash_area_close(_fa_p); flash_area_close(_fa_p);
return rc;
FIH_RET(fih_rc);
} }