[iot] Set power-on write protection for boot1 partition

The RPMB keyslot is stored in last block of boot1 partition which is easily erased or tampered, set power-on write protection for this partition to prevent corruption. Test: Power-on write protection works as expected on imx8m. Change-Id: I7aadaed81ff81de680da9b20049f163a982e3d57 Signed-off-by: Luo Ji <ji.luo@nxp.com>
author: Luo Ji <ji.luo@nxp.com> 2018-06-20 18:35:01 +0800
committer: Ji Luo <ji.luo@nxp.com> 2018-08-21 09:44:33 +0800
commit: 80834f323b5d535c6a84c84b73c0943d9666d201 (patch)
tree: 4a0565b899965d8417de2761c3a5c8a093ea5ff3 /lib
parent: 06e6b708df75d50e7c4ad1c1a74fdbfc98d4bcc1 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/avb/fsl/fsl_avb_ab_flow.c b/lib/avb/fsl/fsl_avb_ab_flow.c
index 35fad53f7f..8a67de79eb 100644
--- a/lib/avb/fsl/fsl_avb_ab_flow.c
+++ b/lib/avb/fsl/fsl_avb_ab_flow.c
@@ -62,6 +62,8 @@ bool fsl_slot_is_bootable(AvbABSlotData* slot) {
 #define PARTITION_MISC "misc"
 #define PARTITION_BOOTLOADER "bootloader"
 
+extern int mmc_switch(struct mmc *mmc, u8 set, u8 index, u8 value);
+
 /* Pre-declaration of h_spl_load_read(), see detail implementation in
  * common/spl/spl_mmc.c.
  */
@@ -281,6 +283,11 @@ int mmc_load_image_raw_sector_dual_uboot(
 			return -1;
 		}
 	}
+	/* Set power-on write protection to boot1 partition. */
+	if (mmc_switch(mmc, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_BOOT_WP, BOOT1_PWR_WP)) {
+		printf("Unable to set power-on write protection to boot1!\n");
+		return -1;
+	}
 
 	/* Load AB metadata from misc partition */
 	if (fsl_load_metadata_dual_uboot(dev_desc, &ab_data,
author	Luo Ji <ji.luo@nxp.com>	2018-06-20 18:35:01 +0800
committer	Ji Luo <ji.luo@nxp.com>	2018-08-21 09:44:33 +0800
commit	80834f323b5d535c6a84c84b73c0943d9666d201 (patch)
tree	4a0565b899965d8417de2761c3a5c8a093ea5ff3 /lib
parent	06e6b708df75d50e7c4ad1c1a74fdbfc98d4bcc1 (diff)