aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaer-Olof Haakansson <par-olof.hakansson@stericsson.com>2011-11-04 13:51:52 +0100
committerPar-Olof HAKANSSON <par-olof.hakansson@stericsson.com>2011-11-04 14:36:26 +0100
commit5063a2c6433dd97079e4b9c039a101eb5f16e112 (patch)
treede4f2dd4ee1cee785f345fd2e4f6dc6e63e513d1
parentfc3399fcbf0b4a8f87fb25ab7095239c9b3d1ca7 (diff)
downloadu-boot-ux500-5063a2c6433dd97079e4b9c039a101eb5f16e112.tar.gz
u8500: accept signed SW when in unsecure mode
A signed kernel shall be accepted also when signing is not required. The image is checked to find out whether it is signed, in that case the pointer to the image is updated to point after the header. ST-Ericsson ID: 340102 ST-Ericsson FOSS-OUT ID: NA Change-Id: If8de7c4a9c2e11af8522484db2390e1177454cf6 Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/36481 Tested-by: Par-Olof HAKANSSON <par-olof.hakansson@stericsson.com> Reviewed-by: QATOOLS Reviewed-by: Johan YDSTROM <johan.xj.ydstrom@stericsson.com> Reviewed-by: Par-Olof HAKANSSON <par-olof.hakansson@stericsson.com>
-rw-r--r--cpu/arm_cortexa9/db8500/sec_bridge.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/cpu/arm_cortexa9/db8500/sec_bridge.c b/cpu/arm_cortexa9/db8500/sec_bridge.c
index 56919f9b4..ee404c799 100644
--- a/cpu/arm_cortexa9/db8500/sec_bridge.c
+++ b/cpu/arm_cortexa9/db8500/sec_bridge.c
@@ -100,11 +100,10 @@ int sec_bridge_get_rt_flags(u32* rt_flags)
rt_flags,
0);
- if (ret == SEC_ROM_RET_OK) {
- ret_val = 0;
- } else
- printf("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret);
+ debug("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret);
+ if (ret == SEC_ROM_RET_OK)
+ ret_val = 0;
}
return ret_val;
@@ -229,8 +228,18 @@ static int sec_bridge_verify_image(u32 *img_addr,
{
issw_signed_header_t *hdr = (issw_signed_header_t *) *img_addr;
- if (!is_secboot_enabled())
+ if (!is_secboot_enabled()) {
+ /* It shall be possible to boot a signed kernel
+ * when security is turned off, move img_addr to
+ * after header
+ */
+ if (hdr->magic == ISSW_SIGNED_HEADER_MAGIC) {
+ debug("sec_bridge: "
+ "Security disabled but signed header found\n");
+ goto skip_header;
+ }
return 0;
+ }
debug("sec_bridge_verify_image(img_addr->0x%08x, payload_type:%d)\n",
*img_addr, payload_type);
@@ -243,7 +252,7 @@ static int sec_bridge_verify_image(u32 *img_addr,
/*
* Using a secure service for this since sha256 in u-boot
- * was incedible slow.
+ * was incedibly slow.
*/
if (sec_bridge_verify_hash(ISSW_SIGNED_HEADER_HASH(hdr),
ISSW_SIGNED_HEADER_HASH_SIZE(hdr),
@@ -251,6 +260,7 @@ static int sec_bridge_verify_image(u32 *img_addr,
hdr->size_of_payload, hdr->hash_type))
return 1;
+skip_header:
*img_addr = (ulong)ISSW_SIGNED_HEADER_PAYLOAD(hdr);
debug("sec_bridge: Changed img_addr->0x%08x\n", *img_addr);
return 0;