boot: fail closed on flash protect errors

Author: danielinux

src/update_disk.c

@@ -549,7 +549,10 @@ void RAMFUNCTION wolfBoot_start(void)
     (void)hal_hsm_server_cleanup();
 #endif
 #ifndef TZEN
-    (void)hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE);
+    if (hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE) < 0) {
+        wolfBoot_printf("Error protecting bootloader flash region\r\n");
+        wolfBoot_panic();
+    }
 #endif
     hal_prepare_boot();
 

src/update_flash.c

@@ -1503,7 +1503,10 @@ void RAMFUNCTION wolfBoot_start(void)
 #endif
 
 #ifndef TZEN
-    (void)hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE);
+    if (hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE) < 0) {
+        wolfBoot_printf("Error protecting bootloader flash region\n");
+        wolfBoot_panic();
+    }
 #endif
     hal_prepare_boot();
 

src/update_flash_hwswap.c

@@ -107,7 +107,8 @@ void RAMFUNCTION wolfBoot_start(void)
     (void)hal_hsm_server_cleanup();
 #endif
 #ifndef TZEN
-    (void)hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE);
+    if (hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE) < 0)
+        boot_panic();
 #endif
     hal_prepare_boot();
 #ifdef WOLFBOOT_HOOK_BOOT

src/update_ram.c

@@ -391,7 +391,10 @@ void RAMFUNCTION wolfBoot_start(void)
 #endif
 
 #ifndef TZEN
-    (void)hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE);
+    if (hal_flash_protect(WOLFBOOT_ORIGIN, BOOTLOADER_PARTITION_SIZE) < 0) {
+        wolfBoot_printf("Error protecting bootloader flash region\n");
+        wolfBoot_panic();
+    }
 #endif
     hal_prepare_boot();
 

tools/unit-tests/unit-update-flash.c

@@ -137,8 +137,10 @@ int hal_flash_protect(haladdr_t address, int len)
 static void reset_mock_stats(void)
 {
     wolfBoot_staged_ok = 0;
+#ifdef CUSTOM_ENCRYPT_KEY
     mock_set_encrypt_key_ret = 0;
     mock_set_encrypt_key_calls = 0;
+#endif
 #ifndef ARCH_SIM
     wolfBoot_panicked = 0;
 #endif