From f435435f2e8367dc3f689d6ba946441a54acad0a Mon Sep 17 00:00:00 2001 From: Ye Li Date: Tue, 22 Jan 2019 05:07:33 -0800 Subject: [PATCH] MLK-20798 imx8: spl: Fix container header parser issue Current container parser only load 0x400 as container header size. However, the signature block in container header may exceed 0x400 size, when using certificate or 4096bits RSA keys to sign image, so we have to load the entire header according to container length field. Otherwise the container authentication will fail Signed-off-by: Ye Li Reviewed-by: Peng Fan --- arch/arm/mach-imx/imx8/parser.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/imx8/parser.c b/arch/arm/mach-imx/imx8/parser.c index 6af00db29a..71d68f728f 100644 --- a/arch/arm/mach-imx/imx8/parser.c +++ b/arch/arm/mach-imx/imx8/parser.c @@ -187,8 +187,10 @@ static int read_auth_container(struct spl_image_info *spl_image) return -ENOMEM; ret = read(start_offset, CONTAINER_HDR_ALIGNMENT, (void *)container); - if (ret) - return ret; + if (ret) { + printf("Error in read container %d\n", ret); + goto out; + } if (container->tag != 0x87 && container->version != 0x0) { printf("Wrong container header\n"); @@ -205,6 +207,22 @@ static int read_auth_container(struct spl_image_info *spl_image) length = container->length_lsb + (container->length_msb << 8); debug("container length %u\n", length); + + if (length > CONTAINER_HDR_ALIGNMENT) { + length = ALIGN(length, CONTAINER_HDR_ALIGNMENT); + + free(container); + container = malloc(length); + if (!container) + return -ENOMEM; + + ret = read(start_offset, length, (void *)container); + if (ret) { + printf("Error in read full container %d\n", ret); + goto out; + } + } + memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));