[snip...]
+
+ entry++;
+
+ if ((uint8_t *)(&entry[1]) > tmp_sec + MAX_SECTOR_SIZE) {
+ puts("Wrong entry value");
+ return -EINVAL;
+ }
Can someone who is more informed than I am of the IPL process please
explain to me what is the purpose of the above check? Why does it check
if the next entry, the one which isn't going to be inspected/loaded, is
within the bounds of tmp_sec? This has been here since this file's
inception and I can't find any documentation or mention that supports it.
This code precludes any of the secure IPL changes.
Was this actually meant to be entry[0] to ensure the actual entry we
want to work on is not outside the bounds of tmp_sec? Or perhaps it was
meant to be done before the increment to entry?
I noticed that as well and came to the same conclusions as you, which is
to say,
it has always been that way and it is not clear what the purpose is, but
it does
not appear to have any impact on the proposed secure IPL functionality.
I agree
that it seems somehow strange, but I believe any changes/fixes would be
outside
the scope of this item.
In my opinion, since this is already a large patch series, it is better
to leave
it alone for now unless we find a compelling reason to change it
immediately.
Regards,
Jared Rossi
