diff options
Diffstat (limited to 'futility/cmd_update.c')
-rw-r--r-- | futility/cmd_update.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/futility/cmd_update.c b/futility/cmd_update.c index 81fd8f41..c4897918 100644 --- a/futility/cmd_update.c +++ b/futility/cmd_update.c @@ -1400,10 +1400,20 @@ static int check_compatible_tpm_keys(struct updater_config *cfg, tpm_data_key_version = 0, tpm_firmware_version = 0, tpm_fwver = 0; + /* Fail if the given image does not look good. */ + if (get_key_versions(rw_image, FMAP_RW_VBLOCK_A, &data_key_version, + &firmware_version) != 0) + return -1; + tpm_fwver = get_system_property(SYS_PROP_TPM_FWVER, cfg); if (tpm_fwver <= 0) { - ERROR("Invalid tpm_fwver: %d.", tpm_fwver); - return -1; + ERROR("Invalid tpm_fwver: %#x (skipped checking).", tpm_fwver); + /* + * This is an error, but it may be common for early proto + * devices so we don't want to fail here. Just skip checking TPM + * if system tpm_fwver can't be fetched. + */ + return 0; } tpm_data_key_version = tpm_fwver >> 16; @@ -1411,10 +1421,6 @@ static int check_compatible_tpm_keys(struct updater_config *cfg, DEBUG("TPM: data_key_version = %d, firmware_version = %d", tpm_data_key_version, tpm_firmware_version); - if (get_key_versions(rw_image, FMAP_RW_VBLOCK_A, &data_key_version, - &firmware_version) != 0) - return -1; - if (tpm_data_key_version > data_key_version) { ERROR("Data key version rollback detected (%d->%d).", tpm_data_key_version, data_key_version); |