TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 3d3b51d2e0308ecbee455a57d15a0fd21ece51a2 / . / boot / bootutil / src / fault_injection_hardening.c
blob: 4dcbdd9be6942d9b37cfb8866049f95ac613d3a8 [file] [log] [blame]
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]1/*
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]2 * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]3 *
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
5 *
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]6 */
7
8#include "bootutil/fault_injection_hardening.h"
9
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]10#ifdef FIH_ENABLE_CFI
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]11fih_uint fih_cfi_ctr = FIH_UINT_INIT(0u);
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]12
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]13fih_uint fih_cfi_get_and_increment(uint8_t cnt)
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]14{
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]15 fih_uint saved_ctr = fih_cfi_ctr;
16
17 if (fih_uint_decode(fih_cfi_ctr) > UINT32_MAX - cnt) {
18 /* Overflow */
19 FIH_PANIC;
20 }
21
22 fih_cfi_ctr = fih_uint_encode(fih_uint_decode(fih_cfi_ctr) + cnt);
23
24 fih_uint_validate(fih_cfi_ctr);
25 fih_uint_validate(saved_ctr);
26
27 return saved_ctr;
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]28}
29
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]30void fih_cfi_validate(fih_uint saved)
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]31{
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]32 volatile int32_t rc = FIH_FALSE;
33
34 rc = fih_uint_eq(saved, fih_cfi_ctr);
35 if (rc != FIH_TRUE) {
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]36 FIH_PANIC;
37 }
38}
39
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]40void fih_cfi_decrement(void)
41{
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]42 if (fih_uint_decode(fih_cfi_ctr) < 1u) {
43 FIH_PANIC;
44 }
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]45
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]46 fih_cfi_ctr = fih_uint_encode(fih_uint_decode(fih_cfi_ctr) - 1u);
47
48 fih_uint_validate(fih_cfi_ctr);
49}
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]50#endif /* FIH_ENABLE_CFI */
51
52#ifdef FIH_ENABLE_GLOBAL_FAIL
53/* Global failure loop for bootloader code. Uses attribute used to prevent
54 * compiler removing due to non-standard calling procedure. Multiple loop jumps
55 * used to make unlooping difficult.
56 */
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]57__attribute__((noinline))
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]58__attribute__((noreturn))
59__attribute__((weak))
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]60void fih_panic_loop(void)
61{
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]62 FIH_LABEL("FAILURE_LOOP");
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]63 __asm volatile ("b fih_panic_loop");
64 __asm volatile ("b fih_panic_loop");
65 __asm volatile ("b fih_panic_loop");
66 __asm volatile ("b fih_panic_loop");
67 __asm volatile ("b fih_panic_loop");
68 __asm volatile ("b fih_panic_loop");
69 __asm volatile ("b fih_panic_loop");
70 __asm volatile ("b fih_panic_loop");
71 __asm volatile ("b fih_panic_loop");
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]72 while (true) {} /* Satisfy noreturn */
Raef Colese8fe6cf2020-05-26 13:07:40 +0100[diff] [blame]73}
74#endif /* FIH_ENABLE_GLOBAL_FAIL */
Roman Okhrimenkodc0ca082023-06-21 20:49:51 +0300[diff] [blame]75
76#ifdef FIH_ENABLE_DELAY
77void fih_delay_init(void)
78{
79 /* Implement here */
80}
81
82uint8_t fih_delay_random(void)
83{
84 /* Implement here */
85
86 return 0xFF;
87}
88#endif /* FIH_ENABLE_DELAY */