author | Xindong Xu <xindong.xu@amlogic.com> | 2019-08-29 01:15:27 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2019-08-29 05:49:20 (GMT) |
commit | 9425e79cf17eb8729a384e7815e12e2e185c6133 (patch) | |
tree | fa46ddd4bf4cc06b5e309953c9369326c5d3d6be | |
parent | b095b9b23f40a0a5b004e03ff56a9dee7e438cba (diff) | |
download | uboot-9425e79cf17eb8729a384e7815e12e2e185c6133.zip uboot-9425e79cf17eb8729a384e7815e12e2e185c6133.tar.gz uboot-9425e79cf17eb8729a384e7815e12e2e185c6133.tar.bz2 |
deadpool: check vendor avb keys only when device is e-fused [1/1]
PD#SWPL-13377
Problem:
we need to check if the device is e-fused or not
If e-fused, check only with vendor avb keys
If no, check both vendor avb keys & default avb keys
Solution:
check if the device is e-fused or not
If e-fused, check only with vendor avb keys
If no, check both vendor avb keys & default avb keys
Verify:
deadpool
Change-Id: I431518e308571fccb2967db66f736dd901dd9247
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>
-rw-r--r-- | common/cmd_avb.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/common/cmd_avb.c b/common/cmd_avb.c index d95d432..2bf71ff 100644 --- a/common/cmd_avb.c +++ b/common/cmd_avb.c @@ -17,6 +17,7 @@ #ifdef CONFIG_AML_ANTIROLLBACK #include <anti-rollback.h> #endif +#include <amlogic/aml_efuse.h> #define MAX_DTB_SIZE (256 * 1024) @@ -192,6 +193,10 @@ static AvbIOResult validate_vbmeta_public_key(AvbOps* ops, const uint8_t* public *out_is_trusted = false; } + unsigned int isSecure = IS_FEAT_BOOT_VERIFY(); + printf("isSecure: %d\n", isSecure); + if (isSecure == 0) { + /** * Allow re-verify with default AVB2 public key if really want to do. * @@ -211,6 +216,7 @@ static AvbIOResult validate_vbmeta_public_key(AvbOps* ops, const uint8_t* public *out_is_trusted = false; } #endif /* CONFIG_AVB2_KPUB_DEFAULT_VENDOR */ + } #elif defined(CONFIG_AVB2_KPUB_DEFAULT) printf("AVB2 verify with default kpub\n"); if (avb2_kpub_default_len != public_key_length) |