MLK-17044-3 booti: Add kernel image authentication for secure boot

When secure boot is enabled, add authenticate_image in booti to authenticate
kernel image.

Signed-off-by: Ye Li <ye.li@nxp.com>

diff --git a/cmd/booti.c b/cmd/booti.c
index bff87a8..0e4a4e2 100644 (file)
--- a/cmd/booti.c
+++ b/cmd/booti.c
@@ -42,7 +42,7 @@ static int booti_setup(bootm_headers_t *images)
                puts("Bad Linux ARM64 Image magic!\n");
                return 1;
        }
-       
+
        if (ih->image_size == 0) {
                puts("Image lacks image_size field, assuming 16MiB\n");
                image_size = 16 << 20;
@@ -50,6 +50,16 @@ static int booti_setup(bootm_headers_t *images)
                image_size = le64_to_cpu(ih->image_size);
        }
 
+#ifdef CONFIG_SECURE_BOOT
+       extern uint32_t authenticate_image(
+                       uint32_t ddr_start, uint32_t image_size);
+       if (authenticate_image(images->ep, image_size) == 0) {
+               printf("Authenticate Image Fail, Please check\n");
+               return 1;
+       }
+
+#endif
+
        /*
         * If we are not at the correct run-time location, set the new
         * correct location and then move the image there.