warp7: panic: hab: Call into BootROM failsafe on panic path

This patch adds a callback into the BootROM's provided High Assurance Boot
(HAB) failsafe function when panicking i.e. the call is done without making
use of stack.

The HAB failsafe function allows a piece of software to call into the
BootROM and place the processor into failsafe mode.

Failsafe mode is a special mode which presents a serial download protocol
interface over UART or USB at the time of writing.

If the board has been set into secure mode, then only a signed binary can
be used to recover the board.

Thus failsafe gives a putatively secure method of performing a secure
recovery over UART or USB.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>

diff --git a/plat/imx/imx7/warp7/aarch32/warp7_helpers.S b/plat/imx/imx7/warp7/aarch32/warp7_helpers.S
index b12ff325f2f0b8ae655f4e8caa5d1f19cbe69a53..b1921cc389520fab99548259191a89c3e3ae53c3 100644 (file)
--- a/plat/imx/imx7/warp7/aarch32/warp7_helpers.S
+++ b/plat/imx/imx7/warp7/aarch32/warp7_helpers.S
@@ -8,11 +8,13 @@
 #include <asm_macros.S>
 #include <assert_macros.S>
 #include <platform_def.h>
+#include <imx_hab.h>
 
        .globl  platform_mem_init
        .globl  plat_get_my_entrypoint
        .globl  plat_crash_console_init
        .globl  plat_crash_console_putc
+       .globl  plat_panic_handler
 
        /* ---------------------------------------------
         * int plat_mem_init(void)
@@ -42,3 +44,9 @@ func plat_crash_console_putc
        mov_imm r1, PLAT_WARP7_BOOT_UART_BASE
        b       imx_crash_uart_putc
 endfunc plat_crash_console_putc
+
+func plat_panic_handler
+       mov     r3, #HAB_ROM_VECTOR_TABLE_FAILSAFE
+       ldr     r3, [r3, #0]
+       blx     r3
+endfunc plat_panic_handler