From 29ed198ffe8f46715a7ccee21c2eb6f1d53392a5 Mon Sep 17 00:00:00 2001 From: Ji Luo Date: Mon, 21 Sep 2020 16:10:32 +0800 Subject: [PATCH] MA-17910-1 Add config to guard avb public key load Add config "CONFIG_LOAD_KEY_FROM_RPMB" to decide loading the avb public key from RPMB storage or building it statically. Test: AVB verify. Signed-off-by: Ji Luo Change-Id: I1ca09c28bbfa18dd00aa28405389b382e09fe07e (cherry picked from commit 5a7973e8f42e54b3cd8ce15624478dcbe19c49fd) (cherry picked from commit 29f15078f00ed862abf6ca9592e68815046a38f3) --- lib/Kconfig | 5 +++++ lib/avb/fsl/fsl_avb.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index 6acc1acf1d..1ebc1a1443 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -374,6 +374,11 @@ config TRUSTY_UNLOCK_PERMISSION config VIRTUAL_AB_SUPPORT bool "Support virtual AB update" +config LOAD_KEY_FROM_RPMB + bool "Support load AVB public key from RPMB storage" + default n + depends on IMX_TRUSTY_OS + endmenu menu "Hashing Support" diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c index 4ee7adfbfc..f3faa08361 100644 --- a/lib/avb/fsl/fsl_avb.c +++ b/lib/avb/fsl/fsl_avb.c @@ -16,7 +16,7 @@ #include "utils.h" #include "debug.h" #include "trusty/avb.h" -#if !defined(CONFIG_IMX_TRUSTY_OS) +#ifndef CONFIG_LOAD_KEY_FROM_RPMB #include "fsl_public_key.h" #endif #include "fsl_atx_attributes.h" @@ -578,7 +578,7 @@ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops, assert(ops != NULL && out_is_trusted != NULL); *out_is_trusted = false; -#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) +#ifdef CONFIG_LOAD_KEY_FROM_RPMB uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH]; if (trusty_read_vbmeta_public_key(public_key_buf, public_key_length) != 0) { -- 2.17.1