cypress: Add fault injection mitigation
Add software countermeasures against fault injection attacks.
Change-Id: I35ae95a3387a0231f81782e22728bf8a3f9b6005
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
diff --git a/boot/cypress/MCUBootApp/cy_security_cnt.c b/boot/cypress/MCUBootApp/cy_security_cnt.c
index 9ccb3be..81aa54e 100644
--- a/boot/cypress/MCUBootApp/cy_security_cnt.c
+++ b/boot/cypress/MCUBootApp/cy_security_cnt.c
@@ -17,15 +17,15 @@
#include "bootutil/security_cnt.h"
#include <stdint.h>
-int32_t
+fih_int
boot_nv_security_counter_init(void)
{
/* Do nothing. */
return 0;
}
-int32_t
-boot_nv_security_counter_get(uint32_t image_id, uint32_t *security_cnt)
+fih_int
+boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt)
{
(void)image_id;
*security_cnt = 30;
diff --git a/boot/cypress/MCUBootApp/main.c b/boot/cypress/MCUBootApp/main.c
index d148215..fdc6c6e 100644
--- a/boot/cypress/MCUBootApp/main.c
+++ b/boot/cypress/MCUBootApp/main.c
@@ -36,6 +36,9 @@
#include "bootutil/bootutil_log.h"
+#include "bootutil/fault_injection_hardening.h"
+#include "bootutil/fault_injection_hardening_delay_rng.h"
+
/* Define pins for UART debug output */
#define CYBSP_UART_ENABLED 1U
#define CYBSP_UART_HW SCB5
@@ -75,6 +78,7 @@
struct boot_rsp rsp;
cy_rslt_t rc = CY_RSLT_TYPE_ERROR;
bool boot_succeeded = false;
+ fih_int fih_rc = FIH_FAILURE;
init_cycfg_clocks();
init_cycfg_peripherals();
@@ -113,7 +117,9 @@
if (CY_SMIF_SUCCESS == rc)
#endif
{
- if (boot_go(&rsp) == 0)
+
+ FIH_CALL(boot_go, fih_rc, &rsp);
+ if (fih_eq(fih_rc, FIH_SUCCESS))
{
BOOT_LOG_INF("User Application validated successfully");
do_boot(&rsp);