diff options
author | Paer-Olof Haakansson <par-olof.hakansson@stericsson.com> | 2011-11-04 13:51:52 +0100 |
---|---|---|
committer | Par-Olof HAKANSSON <par-olof.hakansson@stericsson.com> | 2011-11-04 14:36:26 +0100 |
commit | 5063a2c6433dd97079e4b9c039a101eb5f16e112 (patch) | |
tree | de4f2dd4ee1cee785f345fd2e4f6dc6e63e513d1 | |
parent | fc3399fcbf0b4a8f87fb25ab7095239c9b3d1ca7 (diff) |
u8500: accept signed SW when in unsecure mode
A signed kernel shall be accepted also when signing
is not required. The image is checked to find out
whether it is signed, in that case the pointer to
the image is updated to point after the header.
ST-Ericsson ID: 340102
ST-Ericsson FOSS-OUT ID: NA
Change-Id: If8de7c4a9c2e11af8522484db2390e1177454cf6
Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/36481
Tested-by: Par-Olof HAKANSSON <par-olof.hakansson@stericsson.com>
Reviewed-by: QATOOLS
Reviewed-by: Johan YDSTROM <johan.xj.ydstrom@stericsson.com>
Reviewed-by: Par-Olof HAKANSSON <par-olof.hakansson@stericsson.com>
-rw-r--r-- | cpu/arm_cortexa9/db8500/sec_bridge.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/cpu/arm_cortexa9/db8500/sec_bridge.c b/cpu/arm_cortexa9/db8500/sec_bridge.c index 56919f9b4..ee404c799 100644 --- a/cpu/arm_cortexa9/db8500/sec_bridge.c +++ b/cpu/arm_cortexa9/db8500/sec_bridge.c @@ -100,11 +100,10 @@ int sec_bridge_get_rt_flags(u32* rt_flags) rt_flags, 0); - if (ret == SEC_ROM_RET_OK) { - ret_val = 0; - } else - printf("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret); + debug("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret); + if (ret == SEC_ROM_RET_OK) + ret_val = 0; } return ret_val; @@ -229,8 +228,18 @@ static int sec_bridge_verify_image(u32 *img_addr, { issw_signed_header_t *hdr = (issw_signed_header_t *) *img_addr; - if (!is_secboot_enabled()) + if (!is_secboot_enabled()) { + /* It shall be possible to boot a signed kernel + * when security is turned off, move img_addr to + * after header + */ + if (hdr->magic == ISSW_SIGNED_HEADER_MAGIC) { + debug("sec_bridge: " + "Security disabled but signed header found\n"); + goto skip_header; + } return 0; + } debug("sec_bridge_verify_image(img_addr->0x%08x, payload_type:%d)\n", *img_addr, payload_type); @@ -243,7 +252,7 @@ static int sec_bridge_verify_image(u32 *img_addr, /* * Using a secure service for this since sha256 in u-boot - * was incedible slow. + * was incedibly slow. */ if (sec_bridge_verify_hash(ISSW_SIGNED_HEADER_HASH(hdr), ISSW_SIGNED_HEADER_HASH_SIZE(hdr), @@ -251,6 +260,7 @@ static int sec_bridge_verify_image(u32 *img_addr, hdr->size_of_payload, hdr->hash_type)) return 1; +skip_header: *img_addr = (ulong)ISSW_SIGNED_HEADER_PAYLOAD(hdr); debug("sec_bridge: Changed img_addr->0x%08x\n", *img_addr); return 0; |