MLK-17044-3 booti: Add kernel image authentication for secure boot

When secure boot is enabled, add authenticate_image in booti to authenticate
kernel image.

Signed-off-by: Ye Li <ye.li@nxp.com>

1 files changed, 11 insertions, 1 deletions

diff --git a/cmd/booti.c b/cmd/booti.c
index bff87a8acc..0e4a4e2ed2 100644
--- a/cmd/booti.c
+++ b/cmd/booti.c
@@ -42,7 +42,7 @@ static int booti_setup(bootm_headers_t *images)
 		puts("Bad Linux ARM64 Image magic!\n");
 		return 1;
 	}
-	
+
 	if (ih->image_size == 0) {
 		puts("Image lacks image_size field, assuming 16MiB\n");
 		image_size = 16 << 20;
@@ -50,6 +50,16 @@ static int booti_setup(bootm_headers_t *images)
 		image_size = le64_to_cpu(ih->image_size);
 	}
 
+#ifdef CONFIG_SECURE_BOOT
+	extern uint32_t authenticate_image(
+			uint32_t ddr_start, uint32_t image_size);
+	if (authenticate_image(images->ep, image_size) == 0) {
+		printf("Authenticate Image Fail, Please check\n");
+		return 1;
+	}
+
+#endif
+
 	/*
 	 * If we are not at the correct run-time location, set the new
 	 * correct location and then move the image there.