From 5063a2c6433dd97079e4b9c039a101eb5f16e112 Mon Sep 17 00:00:00 2001 From: Paer-Olof Haakansson Date: Fri, 4 Nov 2011 13:51:52 +0100 Subject: u8500: accept signed SW when in unsecure mode A signed kernel shall be accepted also when signing is not required. The image is checked to find out whether it is signed, in that case the pointer to the image is updated to point after the header. ST-Ericsson ID: 340102 ST-Ericsson FOSS-OUT ID: NA Change-Id: If8de7c4a9c2e11af8522484db2390e1177454cf6 Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/36481 Tested-by: Par-Olof HAKANSSON Reviewed-by: QATOOLS Reviewed-by: Johan YDSTROM Reviewed-by: Par-Olof HAKANSSON --- cpu/arm_cortexa9/db8500/sec_bridge.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/cpu/arm_cortexa9/db8500/sec_bridge.c b/cpu/arm_cortexa9/db8500/sec_bridge.c index 56919f9b4..ee404c799 100644 --- a/cpu/arm_cortexa9/db8500/sec_bridge.c +++ b/cpu/arm_cortexa9/db8500/sec_bridge.c @@ -100,11 +100,10 @@ int sec_bridge_get_rt_flags(u32* rt_flags) rt_flags, 0); - if (ret == SEC_ROM_RET_OK) { - ret_val = 0; - } else - printf("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret); + debug("sec_bridge: ISSWAPI_GET_RT_FLAGS: %d\n", ret); + if (ret == SEC_ROM_RET_OK) + ret_val = 0; } return ret_val; @@ -229,8 +228,18 @@ static int sec_bridge_verify_image(u32 *img_addr, { issw_signed_header_t *hdr = (issw_signed_header_t *) *img_addr; - if (!is_secboot_enabled()) + if (!is_secboot_enabled()) { + /* It shall be possible to boot a signed kernel + * when security is turned off, move img_addr to + * after header + */ + if (hdr->magic == ISSW_SIGNED_HEADER_MAGIC) { + debug("sec_bridge: " + "Security disabled but signed header found\n"); + goto skip_header; + } return 0; + } debug("sec_bridge_verify_image(img_addr->0x%08x, payload_type:%d)\n", *img_addr, payload_type); @@ -243,7 +252,7 @@ static int sec_bridge_verify_image(u32 *img_addr, /* * Using a secure service for this since sha256 in u-boot - * was incedible slow. + * was incedibly slow. */ if (sec_bridge_verify_hash(ISSW_SIGNED_HEADER_HASH(hdr), ISSW_SIGNED_HEADER_HASH_SIZE(hdr), @@ -251,6 +260,7 @@ static int sec_bridge_verify_image(u32 *img_addr, hdr->size_of_payload, hdr->hash_type)) return 1; +skip_header: *img_addr = (ulong)ISSW_SIGNED_HEADER_PAYLOAD(hdr); debug("sec_bridge: Changed img_addr->0x%08x\n", *img_addr); return 0; -- cgit v1.2.3