MA-15180 Refine dual bootloader flow for imx8m

We may need to enable the dual bootloader feature on non-trusty platforms, skip the bootloader rollback index check in spl if trusty is not enabled. Don't generate rpmb key in spl, it should be generated in u-boot proper with u-boot commands. Test: dual bootloader on imx8mm. Change-Id: Iac455e0140cd6f4472a66d267d9ba0d40df7102c Signed-off-by: Ji Luo <ji.luo@nxp.com>
author: Ji Luo <ji.luo@nxp.com> 2019-07-22 09:14:28 +0800
committer: Ji Luo <ji.luo@nxp.com> 2019-07-25 20:15:05 +0800
commit: 22bad9224ec6b3932b72e49aeb0fa94644871156 (patch)
tree: 766aaf6657f7d64e56543e0a608da1ab429fd9f1 /lib
parent: 2a43c3e702720fab67ae9af73634a958a1b62044 (diff)
1 files changed, 25 insertions, 16 deletions
diff --git a/lib/avb/fsl/fsl_avb_ab_flow.c b/lib/avb/fsl/fsl_avb_ab_flow.c
index 446d650692..2eea2d9760 100644
--- a/lib/avb/fsl/fsl_avb_ab_flow.c
+++ b/lib/avb/fsl/fsl_avb_ab_flow.c
@@ -214,7 +214,7 @@ int fsl_load_metadata_dual_uboot(struct blk_desc *dev_desc,
 	}
 }
 
-#ifndef CONFIG_XEN
+#if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS)
 static int spl_verify_rbidx(struct mmc *mmc, AvbABSlotData *slot,
 			struct spl_image_info *spl_image)
 {
@@ -286,7 +286,7 @@ int mmc_load_image_parse_container_dual_uboot(
 	struct blk_desc *dev_desc;
 	AvbABData ab_data, ab_data_orig;
 	size_t slot_index_to_boot, target_slot;
-#ifndef CONFIG_XEN
+#if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS)
 	struct keyslot_package kp;
 #endif
 
@@ -302,7 +302,7 @@ int mmc_load_image_parse_container_dual_uboot(
 		return -1;
 	}
 
-#ifndef CONFIG_XEN
+#if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS)
 	/* Read RPMB keyslot package, xen won't check this. */
 	read_keyslot_package(&kp);
 	if (strcmp(kp.magic, KEYPACK_MAGIC)) {
@@ -350,7 +350,7 @@ int mmc_load_image_parse_container_dual_uboot(
 			ret = mmc_load_image_parse_container(spl_image, mmc, info.start);
 
 			/* Don't need to check rollback index for xen. */
-#ifndef CONFIG_XEN
+#if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS)
 			/* Image loaded successfully, go to verify rollback index */
 			if (!ret && rpmbkey_is_set())
 				ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image);
@@ -398,7 +398,7 @@ int mmc_load_image_parse_container_dual_uboot(
 			ret = mmc_load_image_parse_container(spl_image, mmc, info.start);
 
 			/* Don't need to check rollback index for xen. */
-#ifndef CONFIG_XEN
+#if !defined(CONFIG_XEN) && defined(CONFIG_IMX_TRUSTY_OS)
 			/* Image loaded successfully, go to verify rollback index */
 			if (!ret && rpmbkey_is_set())
 				ret = spl_verify_rbidx(mmc, &ab_data.slots[slot_index_to_boot], spl_image);
@@ -445,7 +445,9 @@ int mmc_load_image_raw_sector_dual_uboot(
 	struct image_header *header;
 	AvbABData ab_data, ab_data_orig;
 	size_t slot_index_to_boot, target_slot;
+#ifdef CONFIG_IMX_TRUSTY_OS
 	struct keyslot_package kp;
+#endif
 
 	/* Check if gpt is valid */
 	dev_desc = mmc_get_blk_desc(mmc);
@@ -459,20 +461,23 @@ int mmc_load_image_raw_sector_dual_uboot(
 		return -1;
 	}
 
-	/* Init RPMB keyslot package if not initialized before. */
+#ifdef CONFIG_IMX_TRUSTY_OS
+	/* Read RPMB keyslot package. */
 	read_keyslot_package(&kp);
 	if (strcmp(kp.magic, KEYPACK_MAGIC)) {
-		printf("keyslot package magic error. Will generate new one\n");
-		if (gen_rpmb_key(&kp)) {
-			printf("Generate keyslot package fail!\n");
+		if (rpmbkey_is_set()) {
+			printf("\nFATAL - RPMB key was destroyed!\n");
+			hang();
+		} else
+			printf("keyslot package magic error, do nothing here!\n");
+	} else {
+		/* Set power-on write protection to boot1 partition. */
+		if (mmc_switch(mmc, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_BOOT_WP, BOOT1_PWR_WP)) {
+			printf("Unable to set power-on write protection to boot1!\n");
 			return -1;
 		}
 	}
-	/* Set power-on write protection to boot1 partition. */
-	if (mmc_switch(mmc, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_BOOT_WP, BOOT1_PWR_WP)) {
-		printf("Unable to set power-on write protection to boot1!\n");
-		return -1;
-	}
+#endif
 
 	/* Load AB metadata from misc partition */
 	if (fsl_load_metadata_dual_uboot(dev_desc, &ab_data,
@@ -528,13 +533,15 @@ int mmc_load_image_raw_sector_dual_uboot(
 				ret = -1;
 			}
 
+#ifdef CONFIG_IMX_TRUSTY_OS
 			/* Fit image loaded successfully, go to verify rollback index */
-			if (!ret)
+			if (!ret && rpmbkey_is_set())
 				ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image);
 
 			/* Copy rpmb keyslot to secure memory. */
 			if (!ret)
 				fill_secure_keyslot_package(&kp);
+#endif
 		}
 
 		/* Set current slot to unbootable if load/verify fail. */
@@ -598,13 +605,15 @@ int mmc_load_image_raw_sector_dual_uboot(
 				ret = -1;
 			}
 
+#ifdef CONFIG_IMX_TRUSTY_OS
 			/* Fit image loaded successfully, go to verify rollback index */
-			if (!ret)
+			if (!ret && rpmbkey_is_set())
 				ret = spl_verify_rbidx(mmc, &ab_data.slots[target_slot], spl_image);
 
 			/* Copy rpmb keyslot to secure memory. */
 			if (!ret)
 				fill_secure_keyslot_package(&kp);
+#endif
 		}
 
 		if (ret)
author	Ji Luo <ji.luo@nxp.com>	2019-07-22 09:14:28 +0800
committer	Ji Luo <ji.luo@nxp.com>	2019-07-25 20:15:05 +0800
commit	22bad9224ec6b3932b72e49aeb0fa94644871156 (patch)
tree	766aaf6657f7d64e56543e0a608da1ab429fd9f1 /lib
parent	2a43c3e702720fab67ae9af73634a958a1b62044 (diff)