Re: [PATCH v1 4/6] mach-k3: security: Propagate verified image addr

[Philippe Schenker <dev@pschenker.ch>]

On Thu, 2025-10-23 at 09:24 -0500, Andrew Davis wrote:
> On 10/23/25 4:46 AM, Philippe Schenker wrote:
> > From: Philippe Schenker <philippe.schenker@impulsing.ch>
> > 
> > The ti_secure_image_check() function may relocate the image during
> > authentication, updating image_addr to point to the verified
> > location.
> > The caller was not updated with this new address, causing it to
> > reference the original unverified location.
> > 
> > Update p_image with the verified image address after authentication
> > to ensure subsequent operations use the correct location.
> > 
> > Signed-off-by: Philippe Schenker <philippe.schenker@impulsing.ch>
> > ---
> 
> Seems reasonable,
> 
> Acked-by: Andrew Davis <afd@ti.com>
> 
> BTW, did you actually run into an issue with having a binary moved
> by the authentication, or was this found some other way? Normally
> binaries don't move (but they can, so this is still valid).

Thanks for your acked-by's! Sorry forgot to answer and just now saw it
again. Yes I ran into an issue where I have a signed elf file. The step
of loading the elf file was failing because the pointer still pointing
to the signature.

Philippe

> 
> > 
> >   arch/arm/mach-k3/security.c | 2 ++
> >   1 file changed, 2 insertions(+)
> > 
> > diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-
> > k3/security.c
> > index 3468a370a455..9255505a7944 100644
> > --- a/arch/arm/mach-k3/security.c
> > +++ b/arch/arm/mach-k3/security.c
> > @@ -119,6 +119,8 @@ void ti_secure_image_post_process(void
> > **p_image, size_t *p_size)
> >    */
> >    *p_size = image_size;
> >   
> > + *p_image = (void *)image_addr;
> > +
> >    /*
> >    * Output notification of successful authentication to re-assure
> > the
> >    * user that the secure code is being processed as expected.
> > However