From 9b8264c89ccb3e9179a438e428ad79d72c7efe9b Mon Sep 17 00:00:00 2001 From: Ji Luo Date: Tue, 27 Aug 2019 15:41:57 +0800 Subject: [PATCH] MA-15360 Verify vbmeta public key for non-trusty devices Don't skip vbmeta public key verify for non-trusty platforms. Test: boot on imx8mm. Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f Signed-off-by: Ji Luo --- lib/avb/fsl/fsl_avb.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c index cd70ebac38..573a093d05 100644 --- a/lib/avb/fsl/fsl_avb.c +++ b/lib/avb/fsl/fsl_avb.c @@ -833,17 +833,28 @@ fail: #endif /* CONFIG_IMX_TRUSTY_OS */ } #else /* AVB_RPMB */ -/* - * In no security enhanced ARM64, we cannot protect public key. - * So that we choose to trust the key from vbmeta image - */ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops, const uint8_t* public_key_data, size_t public_key_length, const uint8_t* public_key_metadata, size_t public_key_metadata_length, bool* out_is_trusted) { - *out_is_trusted = true; + assert(ops != NULL && out_is_trusted != NULL); + + /* match given public key */ + if (memcmp(fsl_public_key, public_key_data, public_key_length)) { + ERR("public key not match\n"); + *out_is_trusted = false; + } else + *out_is_trusted = true; + + /* We're not going to return error code when public key + * verify fail because it will abort the following avb + * verify process even we allow the verification error. + * Return AVB_IO_RESULT_OK and keep the 'out_is_trusted' + * as false, avb will handle the error depends on the + * 'allow_verification_error' flag. + */ return AVB_IO_RESULT_OK; } -- 2.17.1