From b05bacf279a65d8d98754adc0492209e90f1790f Mon Sep 17 00:00:00 2001 From: Ji Luo Date: Mon, 18 May 2020 11:02:13 +0800 Subject: [PATCH] MA-17144 Only do security check for rpmb key flashed boards Only check the bootloader rollback index and trusty keyslot package for rpmb key flashed boards. Test: boots on boards without rpmb key. Change-Id: I130e4d906c0f08d602eac820ec5612214e01ff55 Signed-off-by: Ji Luo (cherry pick from commit bb0c880bb2cd5d9414b4c167eac546682a5d5ccc) --- lib/avb/fsl/fsl_avb_ab_flow.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/lib/avb/fsl/fsl_avb_ab_flow.c b/lib/avb/fsl/fsl_avb_ab_flow.c index 94d9727406..4382e413c5 100644 --- a/lib/avb/fsl/fsl_avb_ab_flow.c +++ b/lib/avb/fsl/fsl_avb_ab_flow.c @@ -377,12 +377,14 @@ int mmc_load_image_raw_sector_dual_uboot(struct spl_image_info *spl_image, #if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS) /* Image loaded successfully, go to verify rollback index */ - if (!ret) - ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); + if (rpmbkey_is_set()) { + if (!ret) + ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); - /* Copy rpmb keyslot to secure memory. */ - if (!ret) - fill_secure_keyslot_package(&kp); + /* Copy rpmb keyslot to secure memory. */ + if (!ret) + fill_secure_keyslot_package(&kp); + } #endif } @@ -457,12 +459,14 @@ int mmc_load_image_raw_sector_dual_uboot(struct spl_image_info *spl_image, #if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS) /* Image loaded successfully, go to verify rollback index */ - if (!ret) - ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); + if (rpmbkey_is_set()) { + if (!ret) + ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image); - /* Copy rpmb keyslot to secure memory. */ - if (!ret) - fill_secure_keyslot_package(&kp); + /* Copy rpmb keyslot to secure memory. */ + if (!ret) + fill_secure_keyslot_package(&kp); + } #endif } -- 2.17.1