| author | Tellen Yu <tellen.yu@amlogic.com> | 2019-07-23 07:04:09 (GMT) |
|---|---|---|
| committer | Gerrit Code Review <gituser@droid04> | 2019-07-23 07:04:09 (GMT) |
| commit | 515d9eeab206172c1d44f242ebc38ebd28906d38 (patch) | |
| tree | 5d24617b276e010ae41f31f89094302d6f9a5b26 | |
| parent | b4e7cd61b89350000fe5f752fedd75a05a9687ae (diff) | |
| parent | 89fbfa94dbac8167fec2fa669354db09ae934b5a (diff) | |
| download | uboot-515d9eeab206172c1d44f242ebc38ebd28906d38.zip uboot-515d9eeab206172c1d44f242ebc38ebd28906d38.tar.gz uboot-515d9eeab206172c1d44f242ebc38ebd28906d38.tar.bz2 | |
Merge "sabrina: skip kernel & dtb sec boot check [2/6]" into p-tv-openlinux-nov
| -rw-r--r-- | board/amlogic/configs/sm1_sabrina_v1.h | 2 | ||||
| -rw-r--r-- | common/aml_dt.c | 4 | ||||
| -rw-r--r-- | common/cmd_bootm.c | 5 | ||||
| -rw-r--r-- | common/cmd_imgread.c | 18 | ||||
| -rw-r--r-- | common/store_interface.c | 6 |
5 files changed, 28 insertions, 7 deletions
diff --git a/board/amlogic/configs/sm1_sabrina_v1.h b/board/amlogic/configs/sm1_sabrina_v1.h index 31ca6a4..779d679 100644 --- a/board/amlogic/configs/sm1_sabrina_v1.h +++ b/board/amlogic/configs/sm1_sabrina_v1.h @@ -646,11 +646,13 @@ //unify build for generate encrypted bootloader "u-boot.bin.encrypt" #define CONFIG_AML_CRYPTO_UBOOT 1 +#define CONFIG_AML_SIGNED_UBOOT 0 //unify build for generate encrypted kernel image //SRC : "board/amlogic/(board)/boot.img" //DST : "fip/boot.img.encrypt" //#define CONFIG_AML_CRYPTO_IMG 1 +#define CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK #endif //CONFIG_AML_SECURE_UBOOT diff --git a/common/aml_dt.c b/common/aml_dt.c index 54f08c9..100fe8b 100644 --- a/common/aml_dt.c +++ b/common/aml_dt.c @@ -269,14 +269,16 @@ int check_valid_dts(unsigned char *buffer) memcpy(sbuffer, buffer, AML_DTB_IMG_MAX_SZ); flush_cache((unsigned long)sbuffer, AML_DTB_IMG_MAX_SZ); + ulong nCheckOffset = 0; +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK ret = aml_sec_boot_check(AML_D_P_IMG_DECRYPT, (long unsigned)sbuffer, AML_DTB_IMG_MAX_SZ, 0); if (ret) { printf("\n %s() %d: Decrypt dtb: Sig Check %d\n", __func__, __LINE__, ret); return -__LINE__; } - ulong nCheckOffset; nCheckOffset = aml_sec_boot_check(AML_D_Q_IMG_SIG_HDR_SIZE,GXB_IMG_LOAD_ADDR,GXB_EFUSE_PATTERN_SIZE,GXB_IMG_DEC_ALL); +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ if (AML_D_Q_IMG_SIG_HDR_SIZE == (nCheckOffset & 0xFFFF)) nCheckOffset = (nCheckOffset >> 16) & 0xFFFF; else diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index 8fa2be7..4609cd1 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -168,6 +168,7 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } #ifndef CONFIG_SKIP_KERNEL_DTB_VERIFY +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK unsigned int nLoadAddr = GXB_IMG_LOAD_ADDR; //default load address if (argc > 0) @@ -183,6 +184,7 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) printf("\naml log : Sig Check %d\n",nRet); return nRet; } +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ #endif /* ! CONFIG_SKIP_KERNEL_DTB_VERIFY */ avb_s = getenv("avb2"); @@ -260,7 +262,10 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) * Only skip if secure boot so normal boot can use plain boot.img+ */ ulong img_addr,nCheckOffset; img_addr = genimg_get_kernel_addr(argc < 1 ? NULL : argv[0]); + nCheckOffset = 0; +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK nCheckOffset = aml_sec_boot_check(AML_D_Q_IMG_SIG_HDR_SIZE,GXB_IMG_LOAD_ADDR,GXB_EFUSE_PATTERN_SIZE,GXB_IMG_DEC_ALL); +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ if (AML_D_Q_IMG_SIG_HDR_SIZE == (nCheckOffset & 0xFFFF)) nCheckOffset = (nCheckOffset >> 16) & 0xFFFF; else diff --git a/common/cmd_imgread.c b/common/cmd_imgread.c index 736d590..618ffb3 100644 --- a/common/cmd_imgread.c +++ b/common/cmd_imgread.c @@ -126,8 +126,10 @@ static int _aml_get_secure_boot_kernel_size(const void* pLoadaddr, unsigned* pTo if (isSecure) { - ulong nCheckOffset; + ulong nCheckOffset = 0; +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK nCheckOffset = aml_sec_boot_check(AML_D_Q_IMG_SIG_HDR_SIZE,GXB_IMG_LOAD_ADDR,GXB_EFUSE_PATTERN_SIZE,GXB_IMG_DEC_ALL); +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ if (AML_D_Q_IMG_SIG_HDR_SIZE == (nCheckOffset & 0xFFFF) && ((nCheckOffset>>16) & 0xFFFF)) { @@ -185,7 +187,6 @@ static int _aml_get_secure_boot_kernel_size(const void* pLoadaddr, unsigned* pTo return 0; } - static int do_image_read_dtb(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { boot_img_hdr *hdr_addr = NULL; @@ -252,11 +253,13 @@ static int do_image_read_dtb(cmd_tbl_t *cmdtp, int flag, int argc, char * const //here must update the cache, otherwise nand will fail (eMMC is OK) flush_cache((unsigned long)dtImgAddr,(unsigned long)nFlashLoadLen); +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK nReturn = aml_sec_boot_check(AML_D_P_IMG_DECRYPT,(unsigned long)loadaddr,GXB_IMG_SIZE,GXB_IMG_DEC_DTB); if (nReturn) { errorP("\n[dtb]aml log : Sig Check is %d\n",nReturn); return __LINE__; } +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ MsgP("Enc dtb sz 0x%x\n", nFlashLoadLen); } @@ -303,8 +306,10 @@ static int do_image_read_kernel(cmd_tbl_t *cmdtp, int flag, int argc, char * con loadaddr = (unsigned char*)simple_strtoul(getenv("loadaddr"), NULL, 16); } - ulong nCheckOffset; + ulong nCheckOffset = 0; +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK nCheckOffset = aml_sec_boot_check(AML_D_Q_IMG_SIG_HDR_SIZE,GXB_IMG_LOAD_ADDR,GXB_EFUSE_PATTERN_SIZE,GXB_IMG_DEC_ALL); +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ if (AML_D_Q_IMG_SIG_HDR_SIZE == (nCheckOffset & 0xFFFF)) nCheckOffset = (nCheckOffset >> 16) & 0xFFFF; else @@ -331,12 +336,15 @@ static int do_image_read_kernel(cmd_tbl_t *cmdtp, int flag, int argc, char * con } //Check if encrypted image - rc = _aml_get_secure_boot_kernel_size(loadaddr, &secureKernelImgSz); +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK + rc = _aml_get_secure_boot_kernel_size(loadaddr, &secureKernelImgSz); if (rc) { errorP("Fail in _aml_get_secure_boot_kernel_size, rc=%d\n", rc); return __LINE__; } - if (secureKernelImgSz) +#endif /*CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK*/ + + if (secureKernelImgSz) { actualBootImgSz = secureKernelImgSz + nCheckOffset; MsgP("secureKernelImgSz=0x%x\n", actualBootImgSz); diff --git a/common/store_interface.c b/common/store_interface.c index b13f8ce..20d6171 100644 --- a/common/store_interface.c +++ b/common/store_interface.c @@ -320,18 +320,22 @@ static int do_store_dtb_ops(cmd_tbl_t * cmdtp, int flag, int argc, char * const if (!strcmp("read", argv[2])) { flush_cache(dtImgAddr, AML_DTB_IMG_MAX_SZ); +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK ret = aml_sec_boot_check(AML_D_P_IMG_DECRYPT, dtImgAddr, AML_DTB_IMG_MAX_SZ, 0); if (ret) { MsgP("decrypt dtb: Sig Check %d\n",ret); return ret; } +#endif } } if (!is_write && strcmp("iread", argv[2])) { - ulong nCheckOffset; + ulong nCheckOffset = 0; +#ifndef CONFIG_SKIP_KERNEL_DTB_SECBOOT_CHECK nCheckOffset = aml_sec_boot_check(AML_D_Q_IMG_SIG_HDR_SIZE,GXB_IMG_LOAD_ADDR,GXB_EFUSE_PATTERN_SIZE,GXB_IMG_DEC_ALL); +#endif if (AML_D_Q_IMG_SIG_HDR_SIZE == (nCheckOffset & 0xFFFF)) nCheckOffset = (nCheckOffset >> 16) & 0xFFFF; else |