Allow disabling authentication dynamically
This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.
Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
diff --git a/Makefile b/Makefile
index b7116a7..17630fb 100644
--- a/Makefile
+++ b/Makefile
@@ -401,6 +401,16 @@
endif
endif
+# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 and LOAD_IMAGE_V2=1
+ifeq ($(DYN_DISABLE_AUTH), 1)
+ ifeq (${TRUSTED_BOARD_BOOT}, 0)
+ $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.")
+ endif
+ ifeq (${LOAD_IMAGE_V2}, 0)
+ $(error "DYN_DISABLE_AUTH is only supported for LOAD_IMAGE_V2.")
+ endif
+endif
+
################################################################################
# Process platform overrideable behaviour
################################################################################
@@ -517,6 +527,7 @@
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
$(eval $(call assert_boolean,DEBUG))
$(eval $(call assert_boolean,DISABLE_PEDANTIC))
+$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
$(eval $(call assert_boolean,ENABLE_AMU))
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
@@ -620,6 +631,11 @@
$(eval $(call add_define,AARCH64))
endif
+# Define the DYN_DISABLE_AUTH flag only if set.
+ifeq (${DYN_DISABLE_AUTH},1)
+$(eval $(call add_define,DYN_DISABLE_AUTH))
+endif
+
################################################################################
# Build targets
################################################################################
diff --git a/common/bl_common.c b/common/bl_common.c
index b0d1bfa..6b979f6 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,6 +17,35 @@
#include <utils.h>
#include <xlat_tables_defs.h>
+#if TRUSTED_BOARD_BOOT
+# ifdef DYN_DISABLE_AUTH
+static int disable_auth;
+
+/******************************************************************************
+ * API to dynamically disable authentication. Only meant for development
+ * systems. This is only invoked if DYN_DISABLE_AUTH is defined. This
+ * capability is restricted to LOAD_IMAGE_V2.
+ *****************************************************************************/
+void dyn_disable_auth(void)
+{
+ INFO("Disabling authentication of images dynamically\n");
+ disable_auth = 1;
+}
+# endif /* DYN_DISABLE_AUTH */
+
+/******************************************************************************
+ * Function to determine whether the authentication is disabled dynamically.
+ *****************************************************************************/
+static int dyn_is_auth_disabled(void)
+{
+# ifdef DYN_DISABLE_AUTH
+ return disable_auth;
+# else
+ return 0;
+# endif
+}
+#endif /* TRUSTED_BOARD_BOOT */
+
uintptr_t page_align(uintptr_t value, unsigned dir)
{
/* Round up the limit to the next page boundary */
@@ -287,14 +316,16 @@
int rc;
#if TRUSTED_BOARD_BOOT
- unsigned int parent_id;
+ if (dyn_is_auth_disabled() == 0) {
+ unsigned int parent_id;
- /* Use recursion to authenticate parent images */
- rc = auth_mod_get_parent_id(image_id, &parent_id);
- if (rc == 0) {
- rc = load_auth_image_internal(parent_id, image_data, 1);
- if (rc != 0) {
- return rc;
+ /* Use recursion to authenticate parent images */
+ rc = auth_mod_get_parent_id(image_id, &parent_id);
+ if (rc == 0) {
+ rc = load_auth_image_internal(parent_id, image_data, 1);
+ if (rc != 0) {
+ return rc;
+ }
}
}
#endif /* TRUSTED_BOARD_BOOT */
@@ -306,17 +337,19 @@
}
#if TRUSTED_BOARD_BOOT
- /* Authenticate it */
- rc = auth_mod_verify_img(image_id,
- (void *)image_data->image_base,
- image_data->image_size);
- if (rc != 0) {
- /* Authentication error, zero memory and flush it right away. */
- zero_normalmem((void *)image_data->image_base,
- image_data->image_size);
- flush_dcache_range(image_data->image_base,
- image_data->image_size);
- return -EAUTH;
+ if (dyn_is_auth_disabled() == 0) {
+ /* Authenticate it */
+ rc = auth_mod_verify_img(image_id,
+ (void *)image_data->image_base,
+ image_data->image_size);
+ if (rc != 0) {
+ /* Authentication error, zero memory and flush it right away. */
+ zero_normalmem((void *)image_data->image_base,
+ image_data->image_size);
+ flush_dcache_range(image_data->image_base,
+ image_data->image_size);
+ return -EAUTH;
+ }
}
#endif /* TRUSTED_BOARD_BOOT */
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 069ad11..fbe258f 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -323,6 +323,11 @@
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
(release) or 1 (debug) as values. 0 is the default.
+- ``DYN_DISABLE_AUTH``: Enables the capability to disable Trusted Board Boot
+ authentication. This option is only meant to be enabled for development
+ platforms. Both TRUSTED_BOARD_BOOT and the LOAD_IMAGE_V2 flags need to be
+ set if this flag has to be enabled. 0 is the default.
+
- ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
the normal boot flow. It must specify the entry point address of the EL3
payload. Please refer to the "Booting an EL3 payload" section for more
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index 09a394d..c7c7487 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -233,6 +233,14 @@
#endif /* LOAD_IMAGE_V2 */
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+/*
+ * API to dynamically disable authentication. Only meant for development
+ * systems.
+ */
+void dyn_disable_auth(void);
+#endif
+
extern const char build_message[];
extern const char version_string[];
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 4bbff03..cea8533 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -58,6 +58,10 @@
# Build platform
DEFAULT_PLAT := fvp
+# Enable capability to disable authentication dynamically. Only meant for
+# development platforms.
+DYN_DISABLE_AUTH := 0
+
# Flag to enable Performance Measurement Framework
ENABLE_PMF := 0