diff options
author | Ji Luo <ji.luo@nxp.com> | 2018-11-30 09:59:36 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2018-12-04 09:53:12 +0800 |
commit | d7c768a690529017a476552091ffd4bc9a6159c7 (patch) | |
tree | 874720aaf290bd19f39990cde8b00c3ece746c2b /lib | |
parent | 69142ab1d90b1eef1d8d6a0137b24a9f75c14b83 (diff) |
MA-13628 [Auto] Read/Write rollback index from rpmb
Secure storage is ready in trusty so we should read/write the rollback
index from rpmb.
But for borads without rpmb key, read/write the rpmb will fail and will
block the following avb verify process. In this case, check if the rpmb
key has been set and always return AVB_IO_RESULT_OK for the boards without
rpmb key.
Test: build and boot pass on imx8qm_mek.
Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/avb/fsl/fsl_avb.c | 22 | ||||
-rw-r--r-- | lib/avb/fsl/fsl_avbkey.c | 2 |
2 files changed, 18 insertions, 6 deletions
diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c index a1c56b196f6..ee9f34f2058 100644 --- a/lib/avb/fsl/fsl_avb.c +++ b/lib/avb/fsl/fsl_avb.c @@ -631,8 +631,16 @@ AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slo AvbIOResult ret; #ifdef CONFIG_IMX_TRUSTY_OS if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) { - ERR("write rollback from Trusty error!"); - ret = AVB_IO_RESULT_ERROR_IO; + ERR("write rollback from Trusty error!\n"); +#ifdef CONFIG_ANDROID_AUTO_SUPPORT + /* Read/write rollback index from rpmb will fail if the rpmb + * key hasn't been set, return AVB_IO_RESULT_OK in this case. + */ + if (!rpmbkey_is_set()) + ret = AVB_IO_RESULT_OK; + else +#endif + ret = AVB_IO_RESULT_ERROR_IO; } else { ret = AVB_IO_RESULT_OK; } @@ -720,8 +728,14 @@ AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot AvbIOResult ret; #ifdef CONFIG_IMX_TRUSTY_OS if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) { - ERR("read rollback from Trusty error!"); - ret = AVB_IO_RESULT_ERROR_IO; + ERR("read rollback from Trusty error!\n"); +#ifdef CONFIG_ANDROID_AUTO_SUPPORT + if (!rpmbkey_is_set()) { + *out_rollback_index = 0; + ret = AVB_IO_RESULT_OK; + } else +#endif + ret = AVB_IO_RESULT_ERROR_IO; } else { ret = AVB_IO_RESULT_OK; } diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index 56adf44c5a2..890ff713226 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -572,7 +572,6 @@ fail: } int init_avbkey(void) { -#ifndef CONFIG_ARM64 struct keyslot_package kp; read_keyslot_package(&kp); if (strcmp(kp.magic, KEYPACK_MAGIC)) { @@ -588,7 +587,6 @@ int init_avbkey(void) { return RESULT_ERROR; #endif fill_secure_keyslot_package(&kp); -#endif return RESULT_OK; } |