From ad4494dc38a39d06a31ef3386829ef1af79db39a Mon Sep 17 00:00:00 2001 From: Dan Handley Date: Thu, 28 Jul 2016 14:38:03 +0100 Subject: [PATCH] Remove dcache invalidation after image authentication At the end of successful image authentication in load_auth_image(), the data cache for the virtual address range corresponding to the image is invalidated (by a call to inv_dcache_range()). The intent seems to be to ensure the data caches do not contain any sensitive data used during authentication, which subsequent code can read. However, this same address range is already flushed (cleaned and invalidated by a call to flush_dcache_range()) at the end of load_image(), and the subsequent invalidate has no functional effect. This patch removes the redundant call to inv_dcache_range(). It also moves the flush_dcache_range() call from the end of load_image() to the end of load_auth_image(), so the image data will remain in the caches during authentication, improving performance. This also improves the comments that explain the rationale for calling flush_dcache_range() after image loading/authentication. Change-Id: I14f17ad2935075ef6f3d1327361c5088bfb2d284 --- common/bl_common.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/common/bl_common.c b/common/bl_common.c index be56256b..6dcd4c18 100644 --- a/common/bl_common.c +++ b/common/bl_common.c @@ -321,12 +321,16 @@ int load_image(meminfo_t *mem_layout, (void *) image_base, image_size); } +#if !TRUSTED_BOARD_BOOT /* * File has been successfully loaded. - * Flush the image in Trusted SRAM so that the next exception level can - * see it. + * Flush the image to main memory so that it can be executed later by + * any CPU, regardless of cache and MMU state. + * When TBB is enabled the image is flushed later, after image + * authentication. */ flush_dcache_range(image_base, image_size); +#endif /* TRUSTED_BOARD_BOOT */ INFO("Image id=%u loaded at address %p, size = 0x%zx\n", image_id, (void *) image_base, image_size); @@ -388,10 +392,12 @@ int load_auth_image(meminfo_t *mem_layout, image_data->image_size); return -EAUTH; } - - /* After working with data, invalidate the data cache */ - inv_dcache_range(image_data->image_base, - (size_t)image_data->image_size); + /* + * File has been successfully loaded and authenticated. + * Flush the image to main memory so that it can be executed later by + * any CPU, regardless of cache and MMU state. + */ + flush_dcache_range(image_data->image_base, image_data->image_size); #endif /* TRUSTED_BOARD_BOOT */ return 0; -- 2.30.2