Allow disabling authentication dynamically

This patch allows platforms to dynamically disable authentication of images during cold boot. This capability is controlled via the DYN_DISABLE_AUTH build flag and is only meant for development purposes. Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2024-11-23 17:59:40 +00:00 · 2018-03-26 12:43:37 +01:00 · 2018-03-26 12:43:37 +01:00 · 209a60cca5
commit 209a60cca5
parent 1f4d62df6c
5 changed files with 85 additions and 19 deletions
--- a/16
+++ b/16
@ -401,6 +401,16 @@ ifeq ($(FAULT_INJECTION_SUPPORT),1)
    endif
 endif

+# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 and LOAD_IMAGE_V2=1
+ifeq ($(DYN_DISABLE_AUTH), 1)
+    ifeq (${TRUSTED_BOARD_BOOT}, 0)
+        $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.")
+    endif
+    ifeq (${LOAD_IMAGE_V2}, 0)
+        $(error "DYN_DISABLE_AUTH is only supported for LOAD_IMAGE_V2.")
+    endif
+endif
+
 ################################################################################
 # Process platform overrideable behaviour
 ################################################################################
@ -517,6 +527,7 @@ $(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS))
 $(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
 $(eval $(call assert_boolean,DEBUG))
 $(eval $(call assert_boolean,DISABLE_PEDANTIC))
+$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
 $(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
 $(eval $(call assert_boolean,ENABLE_AMU))
 $(eval $(call assert_boolean,ENABLE_ASSERTIONS))
@ -620,6 +631,11 @@ else
        $(eval $(call add_define,AARCH64))
 endif

+# Define the DYN_DISABLE_AUTH flag only if set.
+ifeq (${DYN_DISABLE_AUTH},1)
+$(eval $(call add_define,DYN_DISABLE_AUTH))
+endif
+
 ################################################################################
 # Build targets
 ################################################################################
--- a/common/bl_common.c
+++ b/common/bl_common.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -17,6 +17,35 @@
 #include <utils.h>
 #include <xlat_tables_defs.h>

+#if TRUSTED_BOARD_BOOT
+# ifdef DYN_DISABLE_AUTH
+static int disable_auth;
+
+/******************************************************************************
+ * API to dynamically disable authentication. Only meant for development
+ * systems. This is only invoked if DYN_DISABLE_AUTH is defined. This
+ * capability is restricted to LOAD_IMAGE_V2.
+ *****************************************************************************/
+void dyn_disable_auth(void)
+{
+	INFO("Disabling authentication of images dynamically\n");
+	disable_auth = 1;
+}
+# endif /* DYN_DISABLE_AUTH */
+
+/******************************************************************************
+ * Function to determine whether the authentication is disabled dynamically.
+ *****************************************************************************/
+static int dyn_is_auth_disabled(void)
+{
+# ifdef DYN_DISABLE_AUTH
+	return disable_auth;
+# else
+	return 0;
+# endif
+}
+#endif /* TRUSTED_BOARD_BOOT */
+
 uintptr_t page_align(uintptr_t value, unsigned dir)
 {
 	/* Round up the limit to the next page boundary */
@ -287,14 +316,16 @@ static int load_auth_image_internal(unsigned int image_id,
 	int rc;

 #if TRUSTED_BOARD_BOOT
-	unsigned int parent_id;
+	if (dyn_is_auth_disabled() == 0) {
+		unsigned int parent_id;

-	/* Use recursion to authenticate parent images */
-	rc = auth_mod_get_parent_id(image_id, &parent_id);
-	if (rc == 0) {
-		rc = load_auth_image_internal(parent_id, image_data, 1);
-		if (rc != 0) {
-			return rc;
+		/* Use recursion to authenticate parent images */
+		rc = auth_mod_get_parent_id(image_id, &parent_id);
+		if (rc == 0) {
+			rc = load_auth_image_internal(parent_id, image_data, 1);
+			if (rc != 0) {
+				return rc;
+			}
 		}
 	}
 #endif /* TRUSTED_BOARD_BOOT */
@ -306,17 +337,19 @@ static int load_auth_image_internal(unsigned int image_id,
 	}

 #if TRUSTED_BOARD_BOOT
-	/* Authenticate it */
-	rc = auth_mod_verify_img(image_id,
-				 (void *)image_data->image_base,
-				 image_data->image_size);
-	if (rc != 0) {
-		/* Authentication error, zero memory and flush it right away. */
-		zero_normalmem((void *)image_data->image_base,
-		       image_data->image_size);
-		flush_dcache_range(image_data->image_base,
-				   image_data->image_size);
-		return -EAUTH;
+	if (dyn_is_auth_disabled() == 0) {
+		/* Authenticate it */
+		rc = auth_mod_verify_img(image_id,
+					 (void *)image_data->image_base,
+					 image_data->image_size);
+		if (rc != 0) {
+			/* Authentication error, zero memory and flush it right away. */
+			zero_normalmem((void *)image_data->image_base,
+			       image_data->image_size);
+			flush_dcache_range(image_data->image_base,
+					   image_data->image_size);
+			return -EAUTH;
+		}
 	}
 #endif /* TRUSTED_BOARD_BOOT */

--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@ -323,6 +323,11 @@ Common build options
 -  ``DEBUG``: Chooses between a debug and release build. It can take either 0
   (release) or 1 (debug) as values. 0 is the default.

+-  ``DYN_DISABLE_AUTH``: Enables the capability to disable Trusted Board Boot
+   authentication. This option is only meant to be enabled for development
+   platforms. Both TRUSTED_BOARD_BOOT and the LOAD_IMAGE_V2 flags need to be
+   set if this flag has to be enabled. 0 is the default.
+
 -  ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
   the normal boot flow. It must specify the entry point address of the EL3
   payload. Please refer to the "Booting an EL3 payload" section for more
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@ -233,6 +233,14 @@ void reserve_mem(uintptr_t *free_base, size_t *free_size,

 #endif /* LOAD_IMAGE_V2 */

+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+/*
+ * API to dynamically disable authentication. Only meant for development
+ * systems.
+ */
+void dyn_disable_auth(void);
+#endif
+
 extern const char build_message[];
 extern const char version_string[];

--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@ -58,6 +58,10 @@ DEBUG				:= 0
 # Build platform
 DEFAULT_PLAT			:= fvp

+# Enable capability to disable authentication dynamically. Only meant for
+# development platforms.
+DYN_DISABLE_AUTH		:= 0
+
 # Flag to enable Performance Measurement Framework
 ENABLE_PMF			:= 0