diff options
| author | Ji Luo <ji.luo@nxp.com> | 2018-11-30 09:59:36 +0800 |
|---|---|---|
| committer | Ji Luo <ji.luo@nxp.com> | 2018-12-04 10:38:55 +0800 |
| commit | 6192aff56871a4f88c8ac23d9ca2b6131c579f1f (patch) | |
| tree | ba168a2319cc01c08b7796e97d972fe7f7f4a48e /lib | |
| parent | a024d695b71caf33a3ec2334c235beba398393c2 (diff) | |
MA-13628 [Auto] Read/Write rollback index from rpmb
Secure storage is ready in trusty so we should read/write the rollback
index from rpmb.
But for borads without rpmb key, read/write the rpmb will fail and will
block the following avb verify process. In this case, check if the rpmb
key has been set and always return AVB_IO_RESULT_OK for the boards without
rpmb key.
Test: build and boot pass on imx8qm_mek.
Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/avb/fsl/fsl_avb.c | 22 | ||||
| -rw-r--r-- | lib/avb/fsl/fsl_avbkey.c | 2 |
2 files changed, 18 insertions, 6 deletions
diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c index a1c56b196f..ee9f34f205 100644 --- a/lib/avb/fsl/fsl_avb.c +++ b/lib/avb/fsl/fsl_avb.c @@ -631,8 +631,16 @@ AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slo AvbIOResult ret; #ifdef CONFIG_IMX_TRUSTY_OS if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) { - ERR("write rollback from Trusty error!"); - ret = AVB_IO_RESULT_ERROR_IO; + ERR("write rollback from Trusty error!\n"); +#ifdef CONFIG_ANDROID_AUTO_SUPPORT + /* Read/write rollback index from rpmb will fail if the rpmb + * key hasn't been set, return AVB_IO_RESULT_OK in this case. + */ + if (!rpmbkey_is_set()) + ret = AVB_IO_RESULT_OK; + else +#endif + ret = AVB_IO_RESULT_ERROR_IO; } else { ret = AVB_IO_RESULT_OK; } @@ -720,8 +728,14 @@ AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot AvbIOResult ret; #ifdef CONFIG_IMX_TRUSTY_OS if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) { - ERR("read rollback from Trusty error!"); - ret = AVB_IO_RESULT_ERROR_IO; + ERR("read rollback from Trusty error!\n"); +#ifdef CONFIG_ANDROID_AUTO_SUPPORT + if (!rpmbkey_is_set()) { + *out_rollback_index = 0; + ret = AVB_IO_RESULT_OK; + } else +#endif + ret = AVB_IO_RESULT_ERROR_IO; } else { ret = AVB_IO_RESULT_OK; } diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index 56adf44c5a..890ff71322 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -572,7 +572,6 @@ fail: } int init_avbkey(void) { -#ifndef CONFIG_ARM64 struct keyslot_package kp; read_keyslot_package(&kp); if (strcmp(kp.magic, KEYPACK_MAGIC)) { @@ -588,7 +587,6 @@ int init_avbkey(void) { return RESULT_ERROR; #endif fill_secure_keyslot_package(&kp); -#endif return RESULT_OK; } |