deadpool: check vendor avb keys only when device is e-fused [1/1]

PD#SWPL-13377

Problem:
we need to check if the device is e-fused or not
If e-fused, check only with vendor avb keys
If no, check both vendor avb keys & default avb keys

Solution:
check if the device is e-fused or not
If e-fused, check only with vendor avb keys
If no, check both vendor avb keys & default avb keys

Verify:
deadpool

Change-Id: I431518e308571fccb2967db66f736dd901dd9247
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/common/cmd_avb.c b/common/cmd_avb.c
index d95d432..2bf71ff 100644
--- a/common/cmd_avb.c
+++ b/common/cmd_avb.c
@@ -17,6 +17,7 @@
 #ifdef CONFIG_AML_ANTIROLLBACK
 #include <anti-rollback.h>
 #endif
+#include <amlogic/aml_efuse.h>
 
 #define MAX_DTB_SIZE (256 * 1024)
 
@@ -192,6 +193,10 @@ static AvbIOResult validate_vbmeta_public_key(AvbOps* ops, const uint8_t* public
             *out_is_trusted = false;
     }
 
+    unsigned int isSecure = IS_FEAT_BOOT_VERIFY();
+    printf("isSecure: %d\n", isSecure);
+    if (isSecure == 0) {
+
 /**
  * Allow re-verify with default AVB2 public key if really want to do.
  *
@@ -211,6 +216,7 @@ static AvbIOResult validate_vbmeta_public_key(AvbOps* ops, const uint8_t* public
             *out_is_trusted = false;
     }
 #endif /* CONFIG_AVB2_KPUB_DEFAULT_VENDOR */
+    }
 #elif defined(CONFIG_AVB2_KPUB_DEFAULT)
     printf("AVB2 verify with default kpub\n");
     if (avb2_kpub_default_len != public_key_length)