TBB: abort boot if BL3-2 cannot be authenticated

BL3-2 image (Secure Payload) is optional. If the image cannot be loaded a warning message is printed and the boot process continues. According to the TBBR document, this behaviour should not apply in case of an authentication error, where the boot process should be aborted. This patch modifies the load_auth_image() function to distinguish between a load error and an authentication error. The caller uses the return value to abort the boot process or continue. In case of authentication error, the memory region used to store the image is wiped clean. Change-Id: I534391d526d514b2a85981c3dda00de67e0e7992
author: Juan Castillo <juan.castillo@arm.com> 2015-08-17 10:43:27 +0100
committer: Juan Castillo <juan.castillo@arm.com> 2015-08-20 16:44:02 +0100
commit: fedbc0497bb0407fc1d55430eae1938712f1afe8 (patch)
tree: 35dd097425d463bd9fdcf2b8c8f3ecec54fb796b /include/common
parent: aaa0567c38ea6f08d68ce64210800b51a8872c13 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index b1a9c8f6..66244ca9 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -202,6 +202,15 @@ typedef struct bl31_params {
 	image_info_t *bl33_image_info;
 } bl31_params_t;
 
+/*
+ * load_auth_image() return values
+ */
+enum {
+	LOAD_SUCCESS,		/* Load + authentication success */
+	LOAD_ERR,		/* Load error */
+	LOAD_AUTH_ERR		/* Authentication error */
+};
+
 
 /*
  * Compile time assertions related to the 'entry_point_info' structure to
author	Juan Castillo <juan.castillo@arm.com>	2015-08-17 10:43:27 +0100
committer	Juan Castillo <juan.castillo@arm.com>	2015-08-20 16:44:02 +0100
commit	fedbc0497bb0407fc1d55430eae1938712f1afe8 (patch)
tree	35dd097425d463bd9fdcf2b8c8f3ecec54fb796b /include/common
parent	aaa0567c38ea6f08d68ce64210800b51a8872c13 (diff)