diff options
author | Sam Wu <yihui.wu@amlogic.com> | 2016-10-20 14:11:26 +0800 |
---|---|---|
committer | Sam Wu <yihui.wu@amlogic.com> | 2016-10-28 18:09:39 +0800 |
commit | 351599d3203fddbe9763563db6011d6227b27bb1 (patch) | |
tree | ccb367d015c826e42835de3a61f194d0c54d179f /common/store_interface.c | |
parent | 6a0270894292bd48c74ad81b05cb23330509b4a8 (diff) | |
download | u-boot-odroid-c1-351599d3203fddbe9763563db6011d6227b27bb1.tar.gz |
PD#132936:force dtb encrypted if secure boot
1, Add Decrypting dtb.img in
'store dtb read' and 'get_partition_from_dts',
1.1) need flush cache before decrypting, or failed in usb boot;
1.2) 'store dtb read' will decrypting,
but 'store dtb write/iread' will NOT;
2, Must check uboot containing this commit:
[[UBOOT][GXL/GXM/TXL]: secure boot update
c5d23aa93b8de96e7ed2bf4a8955433a9ac47e76]
3, [Usb Burn]Remove 'store dtb write' in 'disk_initial',
add special partition name '_aml_dtb' for upgrading dtb.
Change-Id: I1b36a0cffe84e9ca5140cf61e6089a53a56e3f5a
Diffstat (limited to 'common/store_interface.c')
-rw-r--r-- | common/store_interface.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/common/store_interface.c b/common/store_interface.c index 57c07ae4b6..7b549c9089 100644 --- a/common/store_interface.c +++ b/common/store_interface.c @@ -17,6 +17,7 @@ #include <libfdt.h> #include <linux/string.h> #include <asm/cpu_id.h> +#include <asm/arch/bl31_apis.h> #if defined(CONFIG_AML_NAND) extern int amlnf_init(unsigned flag); @@ -224,11 +225,22 @@ static int do_store_dtb_ops(cmd_tbl_t * cmdtp, int flag, int argc, char * const MsgP("To run cmd[%s]\n", _cmdBuf); ret = run_command(_cmdBuf, 0); + unsigned long dtImgAddr = simple_strtoul(dtbLoadaddr, NULL, 16); + // + //ONLY need decrypting when 'store dtb read' + if (!strcmp("read", argv[2])) + { + flush_cache(dtImgAddr, AML_DTB_IMG_MAX_SZ); + ret = aml_sec_boot_check(AML_D_P_IMG_DECRYPT, dtImgAddr, AML_DTB_IMG_MAX_SZ, 0); + if (ret) { + MsgP("decrypt dtb: Sig Check %d\n",ret); + return ret; + } + } #ifdef CONFIG_MULTI_DTB - if (!is_write && strcmp("iread", ops)) + if (!is_write && strcmp("iread", argv[2])) { extern unsigned long get_multi_dt_entry(unsigned long fdt_addr); - unsigned long dtImgAddr = simple_strtoul(dtbLoadaddr, NULL, 16); unsigned long fdtAddr = get_multi_dt_entry(dtImgAddr); ret = fdt_check_header((char*)fdtAddr); |