boot: zephyr: Fix disabling I/D caches
Fixes an issue whereby the instruction and data caches being
disabled before booting code had bit-rotted and no longer worked,
adds a new Kconfig that allows this option to be turned off if
wanted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index b422625..1fd9bfc 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -690,6 +690,16 @@
'mcuboot_status_type_t' is listed in
boot/bootutil/include/bootutil/mcuboot_status.h
+config BOOT_DISABLE_CACHES
+ bool "Disable I/D caches before chain-loading application"
+ depends on CPU_HAS_ICACHE || CPU_HAS_DCACHE
+ default y
+ help
+ Will flush and disable the instruction and data caches on the CPU prior to
+ booting an application, this is required on some ARM Cortex devices and
+ increases protection against data leakage from MCUboot to applications via
+ these caches.
+
endmenu
config MCUBOOT_DEVICE_SETTINGS
diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c
index 204c430..686e02e 100644
--- a/boot/zephyr/main.c
+++ b/boot/zephyr/main.c
@@ -27,6 +27,10 @@
#include <soc.h>
#include <zephyr/linker/linker-defs.h>
+#if defined(CONFIG_BOOT_DISABLE_CACHES)
+#include <zephyr/cache.h>
+#endif
+
#if defined(CONFIG_ARM)
#include <cmsis_core.h>
#endif
@@ -176,10 +180,12 @@
#if CONFIG_MCUBOOT_CLEANUP_ARM_CORE
cleanup_arm_nvic(); /* cleanup NVIC registers */
-#ifdef CONFIG_CPU_CORTEX_M_HAS_CACHE
- /* Disable instruction cache and data cache before chain-load the application */
- SCB_DisableDCache();
- SCB_DisableICache();
+#if defined(CONFIG_BOOT_DISABLE_CACHES)
+ /* Flush and disable instruction/data caches before chain-loading the application */
+ (void)sys_cache_instr_flush_all();
+ (void)sys_cache_data_flush_all();
+ sys_cache_instr_disable();
+ sys_cache_data_disable();
#endif
#if CONFIG_CPU_HAS_ARM_MPU || CONFIG_CPU_HAS_NXP_MPU