diff options
author | Ji Luo <ji.luo@nxp.com> | 2020-05-18 11:02:13 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2020-05-18 11:02:13 +0800 |
commit | 73a50a9ce690cecd2d9481ed02cb78fbef8aa472 (patch) | |
tree | b69745d3032e1b4c4fc2b7b10bf31def8e10ac81 /lib | |
parent | 2131579aac44676570162a85001117ffc80a59b3 (diff) |
MA-17144 Only do security check for rpmb key flashed boards
Only check the bootloader rollback index and trusty keyslot package
for rpmb key flashed boards.
Test: boots on boards without rpmb key.
Change-Id: I130e4d906c0f08d602eac820ec5612214e01ff55
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/avb/fsl/fsl_avb_ab_flow.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/lib/avb/fsl/fsl_avb_ab_flow.c b/lib/avb/fsl/fsl_avb_ab_flow.c index de384eac7b..e56d350a0b 100644 --- a/lib/avb/fsl/fsl_avb_ab_flow.c +++ b/lib/avb/fsl/fsl_avb_ab_flow.c @@ -377,12 +377,14 @@ int mmc_load_image_raw_sector_dual_uboot(struct spl_image_info *spl_image, #if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS) /* Image loaded successfully, go to verify rollback index */ - if (!ret) - ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); + if (rpmbkey_is_set()) { + if (!ret) + ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); - /* Copy rpmb keyslot to secure memory. */ - if (!ret) - fill_secure_keyslot_package(&kp); + /* Copy rpmb keyslot to secure memory. */ + if (!ret) + fill_secure_keyslot_package(&kp); + } #endif } @@ -457,12 +459,14 @@ int mmc_load_image_raw_sector_dual_uboot(struct spl_image_info *spl_image, #if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS) /* Image loaded successfully, go to verify rollback index */ - if (!ret) - ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); + if (rpmbkey_is_set()) { + if (!ret) + ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); - /* Copy rpmb keyslot to secure memory. */ - if (!ret) - fill_secure_keyslot_package(&kp); + /* Copy rpmb keyslot to secure memory. */ + if (!ret) + fill_secure_keyslot_package(&kp); + } #endif } |