diff options
| -rw-r--r-- | cpu/arm_cortexa9/db8500/sec_bridge.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/cpu/arm_cortexa9/db8500/sec_bridge.c b/cpu/arm_cortexa9/db8500/sec_bridge.c index 56919f9b4..ee404c799 100644 --- a/cpu/arm_cortexa9/db8500/sec_bridge.c +++ b/cpu/arm_cortexa9/db8500/sec_bridge.c @@ -100,11 +100,10 @@ int sec_bridge_get_rt_flags(u32* rt_flags) rt_flags, 0); - if (ret == SEC_ROM_RET_OK) { - ret_val = 0; - } else - printf("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret); + debug("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret); + if (ret == SEC_ROM_RET_OK) + ret_val = 0; } return ret_val; @@ -229,8 +228,18 @@ static int sec_bridge_verify_image(u32 *img_addr, { issw_signed_header_t *hdr = (issw_signed_header_t *) *img_addr; - if (!is_secboot_enabled()) + if (!is_secboot_enabled()) { + /* It shall be possible to boot a signed kernel + * when security is turned off, move img_addr to + * after header + */ + if (hdr->magic == ISSW_SIGNED_HEADER_MAGIC) { + debug("sec_bridge: " + "Security disabled but signed header found\n"); + goto skip_header; + } return 0; + } debug("sec_bridge_verify_image(img_addr->0x%08x, payload_type:%d)\n", *img_addr, payload_type); @@ -243,7 +252,7 @@ static int sec_bridge_verify_image(u32 *img_addr, /* * Using a secure service for this since sha256 in u-boot - * was incedible slow. + * was incedibly slow. */ if (sec_bridge_verify_hash(ISSW_SIGNED_HEADER_HASH(hdr), ISSW_SIGNED_HEADER_HASH_SIZE(hdr), @@ -251,6 +260,7 @@ static int sec_bridge_verify_image(u32 *img_addr, hdr->size_of_payload, hdr->hash_type)) return 1; +skip_header: *img_addr = (ulong)ISSW_SIGNED_HEADER_PAYLOAD(hdr); debug("sec_bridge: Changed img_addr->0x%08x\n", *img_addr); return 0; |