arm: imx: hab: Only call ROM once headers are verified

Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <[email protected]>
Cc: Stefano Babic <[email protected]>
Cc: Fabio Estevam <[email protected]>
Cc: Peng Fan <[email protected]>
Cc: Albert Aribaud <[email protected]>
Cc: Sven Ebenfeld <[email protected]>
Cc: George McCollister <[email protected]>
Cc: Breno Matheus Lima <[email protected]>
Tested-by: Breno Lima <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 39f8f2de59107ed70ed1fe2d0cf1f3f06732e2b1..a8e3e79c3bea07a1177763567b7de061a7ce3662 100644 (file)
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
        hab_caam_clock_enable(1);
 
-       if (hab_rvt_entry() != HAB_SUCCESS) {
-               puts("hab entry function fail\n");
-               goto hab_caam_clock_disable;
-       }
-
        /* Calculate IVT address header */
        ivt_addr = ddr_start + ivt_offset;
        ivt = (struct ivt *)ivt_addr;
@@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
        start = ddr_start;
        bytes = image_size;
+
+       if (hab_rvt_entry() != HAB_SUCCESS) {
+               puts("hab entry function fail\n");
+               goto hab_caam_clock_disable;
+       }
+
 #ifdef DEBUG
        printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
        puts("Dumping IVT\n");