projects / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62f2b87)
MA-15152 erase user data before setting lock/unlock status
authorfaqiang.zhu <faqiang.zhu@nxp.com>
Wed, 17 Jul 2019 07:32:00 +0000 (15:32 +0800)
committerJi Luo <ji.luo@nxp.com>
Thu, 13 May 2021 01:49:17 +0000 (09:49 +0800)
when conduct fastboot lock/unlock operations, erase the userdata first
and then set lock/unlock status to improve security level.

Change-Id: I74c571c35b88afd6fdd4c287463f7209da8c15ff
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
(cherry picked from commit b81f0b617d23548cd30953b94aca4ff8cc4da723)
(cherry picked from commit fb9d5e07623098aefd12a81d74c0779060b0bf0a)

drivers/fastboot/fb_fsl/fb_fsl_command.c patch | blob | history

diff --git a/drivers/fastboot/fb_fsl/fb_fsl_command.c b/drivers/fastboot/fb_fsl/fb_fsl_command.c
index b2459cd..210c505 100644 (file)
--- a/drivers/fastboot/fb_fsl/fb_fsl_command.c
+++ b/drivers/fastboot/fb_fsl/fb_fsl_command.c
@@ -343,9 +343,6 @@ static void wipe_all_userdata(void)
        /* Erase the cache partition for legacy imx6/7 */
        process_erase_mmc(FASTBOOT_PARTITION_CACHE, response);
 #endif
-       /* The unlock permissive flag is set by user and should be wiped here. */
-       set_fastboot_lock_disable();
-
 
 #if defined(AVB_RPMB) && !defined(CONFIG_IMX_TRUSTY_OS)
        printf("Start stored_rollback_index wipe process....\n");
@@ -365,12 +362,11 @@ static FbLockState do_fastboot_unlock(bool force)
        }
        if ((fastboot_lock_enable() == FASTBOOT_UL_ENABLE) || force) {
                printf("It is able to unlock device. %d\n",fastboot_lock_enable());
+
+               wipe_all_userdata();
                status = fastboot_set_lock_stat(FASTBOOT_UNLOCK);
                if (status < 0)
                        return FASTBOOT_LOCK_ERROR;
-
-               wipe_all_userdata();
-
        } else {
                printf("It is not able to unlock device.");
                return FASTBOOT_LOCK_ERROR;
@@ -387,12 +383,12 @@ static FbLockState do_fastboot_lock(void)
                printf("The device is already locked\n");
                return FASTBOOT_LOCK;
        }
+
+       wipe_all_userdata();
        status = fastboot_set_lock_stat(FASTBOOT_LOCK);
        if (status < 0)
                return FASTBOOT_LOCK_ERROR;
 
-       wipe_all_userdata();
-
        return FASTBOOT_LOCK;
 }