LF-11115 imx: ahab: Use authenticated header for images loading

When authenticating container header, the container header is first
loaded to the heap memory in DRAM and then copied to a different
location in RAM for authentication (in the function ahab_auth_cntr_hdr).
To mitigate risk, the container header being authenticated should be
the one that is parsed by the loader SW.
The patch refactors the ahab_auth_cntr_hdr to return the container
be authenticated. Caller uses this authenticated container for following
parsing and image loading.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

arch/arm/include/asm/mach-imx/ahab.h

@@ -8,7 +8,7 @@
 
 #include <asm/mach-imx/image.h>
 
-int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length);
+void *ahab_auth_cntr_hdr(struct container_hdr *container, u16 length);
 int ahab_auth_release(void);
 int ahab_verify_cntr_image(struct boot_img_t *img, int image_index);
 

arch/arm/mach-imx/ele_ahab.c

@@ -259,7 +259,7 @@ static void display_ahab_auth_ind(u32 event)
 	printf("%s\n", ele_ind_str[get_idx(ele_ind, resp_ind, ARRAY_SIZE(ele_ind))]);
 }
 
-int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
+void *ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
 {
 	int err;
 	u32 resp;
@@ -275,9 +275,10 @@ int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
 		printf("Authenticate container hdr failed, return %d, resp 0x%x\n",
 		       err, resp);
 		display_ahab_auth_ind(resp);
+		return NULL;
 	}
 
-	return err;
+	return (void *)IMG_CONTAINER_BASE; /* Return authenticated container header */
 }
 
 int ahab_auth_release(void)
@@ -331,7 +332,6 @@ int authenticate_os_container(ulong addr)
 {
 	struct container_hdr *phdr;
 	int i, ret = 0;
-	int err;
 	u16 length;
 	struct boot_img_t *img;
 	unsigned long s, e;
@@ -361,8 +361,8 @@ int authenticate_os_container(ulong addr)
 
 	debug("container length %u\n", length);
 
-	err = ahab_auth_cntr_hdr(phdr, length);
-	if (err) {
+	phdr = ahab_auth_cntr_hdr(phdr, length);
+	if (!phdr) {
 		ret = -EIO;
 		goto exit;
 	}
@@ -371,7 +371,7 @@ int authenticate_os_container(ulong addr)
 
 	/* Copy images to dest address */
 	for (i = 0; i < phdr->num_images; i++) {
-		img = (struct boot_img_t *)(addr +
+		img = (struct boot_img_t *)((ulong)phdr +
 					    sizeof(struct container_hdr) +
 					    i * sizeof(struct boot_img_t));
 

arch/arm/mach-imx/imx8/ahab.c

@@ -29,7 +29,7 @@ DECLARE_GLOBAL_DATA_PTR;
 #define AHAB_HASH_TYPE_MASK	0x00000700
 #define AHAB_HASH_TYPE_SHA256	0
 
-int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
+void *ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
 {
 	int err;
 	memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container,
@@ -41,9 +41,10 @@ int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
 	if (err) {
 		printf("Authenticate container hdr failed, return %d\n",
 		       err);
+		return NULL;
 	}
 
-	return err;
+	return (void *)SEC_SECURE_RAM_BASE; /* Return authenticated container header */
 }
 
 int ahab_auth_release(void)
@@ -129,7 +130,7 @@ int authenticate_os_container(ulong addr)
 {
 	struct container_hdr *phdr;
 	int i, ret = 0;
-	int err;
+	__maybe_unused int err;
 	u16 length;
 	struct boot_img_t *img;
 	unsigned long s, e;
@@ -162,15 +163,15 @@ int authenticate_os_container(ulong addr)
 
 	debug("container length %u\n", length);
 
-	err = ahab_auth_cntr_hdr(phdr, length);
-	if (err) {
+	phdr = ahab_auth_cntr_hdr(phdr, length);
+	if (!phdr) {
 		ret = -EIO;
 		goto exit;
 	}
 
 	/* Copy images to dest address */
 	for (i = 0; i < phdr->num_images; i++) {
-		img = (struct boot_img_t *)(addr +
+		img = (struct boot_img_t *)((ulong)phdr +
 					    sizeof(struct container_hdr) +
 					    i * sizeof(struct boot_img_t));
 

arch/arm/mach-imx/imx9/imx_bootaux.c

@@ -9,7 +9,7 @@
 #include <imx_sip.h>
 #include <linux/arm-smccc.h>
 #include <asm/mach-imx/ahab.h>
-
+#include <cpu_func.h>
 #include <asm/global_data.h>
 
 DECLARE_GLOBAL_DATA_PTR;
@@ -108,7 +108,6 @@ static int authenticate_auxcore_container(u32 core_id, ulong addr, ulong *entry)
 {
 	struct container_hdr *phdr;
 	int i, ret = 0;
-	int err;
 	u16 length;
 	struct boot_img_t *img;
 	unsigned long s, e;
@@ -138,8 +137,8 @@ static int authenticate_auxcore_container(u32 core_id, ulong addr, ulong *entry)
 
 	debug("container length %u\n", length);
 
-	err = ahab_auth_cntr_hdr(phdr, length);
-	if (err) {
+	phdr = ahab_auth_cntr_hdr(phdr, length);
+	if (!phdr) {
 		ret = -EIO;
 		goto exit;
 	}
@@ -148,7 +147,7 @@ static int authenticate_auxcore_container(u32 core_id, ulong addr, ulong *entry)
 
 	/* Copy images to dest address */
 	for (i = 0; i < phdr->num_images; i++) {
-		img = (struct boot_img_t *)(addr +
+		img = (struct boot_img_t *)((ulong)phdr +
 					    sizeof(struct container_hdr) +
 					    i * sizeof(struct boot_img_t));
 

arch/arm/mach-imx/parse-container.c

@@ -89,6 +89,7 @@ static int read_auth_container(struct spl_image_info *spl_image,
 			       struct spl_load_info *info, ulong sector)
 {
 	struct container_hdr *container = NULL;
+	struct container_hdr *authhdr;
 	u16 length;
 	u32 sectors;
 	int i, size, ret = 0;
@@ -144,15 +145,17 @@ static int read_auth_container(struct spl_image_info *spl_image,
 		}
 	}
 
+	authhdr = container;
+
 #ifdef CONFIG_AHAB_BOOT
-	ret = ahab_auth_cntr_hdr(container, length);
-	if (ret)
+	authhdr = ahab_auth_cntr_hdr(authhdr, length);
+	if (!authhdr)
 		goto end_auth;
 #endif
 
-	for (i = 0; i < container->num_images; i++) {
+	for (i = 0; i < authhdr->num_images; i++) {
 		struct boot_img_t *image = read_auth_image(spl_image, info,
-							   container, i,
+							   authhdr, i,
 							   sector);
 
 		if (!image) {
@@ -168,7 +171,7 @@ static int read_auth_container(struct spl_image_info *spl_image,
 
 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX_TRUSTY_OS)
 	/* Everything checks out, get the sw_version now. */
-	spl_image->rbindex = (uint64_t)container->sw_version;
+	spl_image->rbindex = (uint64_t)authhdr->sw_version;
 #endif