diff options
author | Ji Luo <ji.luo@nxp.com> | 2019-08-27 15:41:57 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2020-05-15 17:34:35 +0800 |
commit | 123c4738ec8b8282efdd4b5c9d131a686f460c00 (patch) | |
tree | ec636077077c36d22543223f0daa714df3c4a8b6 /lib | |
parent | 225d7366d8e48b57969691550ef80c00bcd616e7 (diff) |
MA-15360 Verify vbmeta public key for non-trusty devices
Don't skip vbmeta public key verify for non-trusty
platforms.
Test: boot on imx8mm.
Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f
Signed-off-by: Ji Luo <ji.luo@nxp.com>
(cherry picked from commit 9b8264c89ccb3e9179a438e428ad79d72c7efe9b)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/avb/fsl/fsl_avb.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c index cd70ebac38..573a093d05 100644 --- a/lib/avb/fsl/fsl_avb.c +++ b/lib/avb/fsl/fsl_avb.c @@ -833,17 +833,28 @@ fail: #endif /* CONFIG_IMX_TRUSTY_OS */ } #else /* AVB_RPMB */ -/* - * In no security enhanced ARM64, we cannot protect public key. - * So that we choose to trust the key from vbmeta image - */ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops, const uint8_t* public_key_data, size_t public_key_length, const uint8_t* public_key_metadata, size_t public_key_metadata_length, bool* out_is_trusted) { - *out_is_trusted = true; + assert(ops != NULL && out_is_trusted != NULL); + + /* match given public key */ + if (memcmp(fsl_public_key, public_key_data, public_key_length)) { + ERR("public key not match\n"); + *out_is_trusted = false; + } else + *out_is_trusted = true; + + /* We're not going to return error code when public key + * verify fail because it will abort the following avb + * verify process even we allow the verification error. + * Return AVB_IO_RESULT_OK and keep the 'out_is_trusted' + * as false, avb will handle the error depends on the + * 'allow_verification_error' flag. + */ return AVB_IO_RESULT_OK; } |