MA-17910-1 Add config to guard avb public key load

author Ji Luo <ji.luo@nxp.com>

Mon, 21 Sep 2020 08:10:32 +0000 (16:10 +0800)

committer Ji Luo <ji.luo@nxp.com>

Thu, 13 May 2021 01:49:18 +0000 (09:49 +0800)
author Ji Luo <ji.luo@nxp.com>
Mon, 21 Sep 2020 08:10:32 +0000 (16:10 +0800)
committer Ji Luo <ji.luo@nxp.com>
Thu, 13 May 2021 01:49:18 +0000 (09:49 +0800)
diff --git a/lib/Kconfig b/lib/Kconfig

index 6acc1ac..1ebc1a1 100644 (file)
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -374,6 +374,11 @@ config TRUSTY_UNLOCK_PERMISSION
  config VIRTUAL_AB_SUPPORT
         bool "Support virtual AB update"
  
+config LOAD_KEY_FROM_RPMB
+       bool "Support load AVB public key from RPMB storage"
+       default n
+       depends on IMX_TRUSTY_OS
+
  endmenu
  
  menu "Hashing Support"
diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c

index 4ee7adf..f3faa08 100644 (file)
--- a/lib/avb/fsl/fsl_avb.c
+++ b/lib/avb/fsl/fsl_avb.c
@@ -16,7 +16,7 @@
  #include "utils.h"
  #include "debug.h"
  #include "trusty/avb.h"
-#if !defined(CONFIG_IMX_TRUSTY_OS)
+#ifndef CONFIG_LOAD_KEY_FROM_RPMB
  #include "fsl_public_key.h"
  #endif
  #include "fsl_atx_attributes.h"
@@ -578,7 +578,7 @@ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
         assert(ops != NULL && out_is_trusted != NULL);
         *out_is_trusted = false;
  
-#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
+#ifdef CONFIG_LOAD_KEY_FROM_RPMB
         uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
         if (trusty_read_vbmeta_public_key(public_key_buf,
                                                 public_key_length) != 0) {
author	Ji Luo <ji.luo@nxp.com>
	Mon, 21 Sep 2020 08:10:32 +0000 (16:10 +0800)
committer	Ji Luo <ji.luo@nxp.com>
	Thu, 13 May 2021 01:49:18 +0000 (09:49 +0800)
lib/Kconfig		patch \| blob \| history
lib/avb/fsl/fsl_avb.c		patch \| blob \| history