From: Breno Lima Date: Thu, 25 Mar 2021 09:30:10 +0000 (+0800) Subject: imx: hab: Enable hab.c to authenticate additional images in open configuration X-Git-Tag: v2025.01-rc5-pxa1908~1929^2~81 X-Git-Url: http://git.dujemihanovic.xyz/img/static/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=1d756add3c478f3fe79ed36aa86b2447949879b3;p=u-boot.git imx: hab: Enable hab.c to authenticate additional images in open configuration Currently it's not possible to authenticate additional boot images in HAB open configuration. The hab.c code is checking if the SEC_CONFIG[1] fuse is programmed prior to calling the hab_authenticate_image() API function. Users cannot check if their additional boot images has been correctly signed prior to closing their device. Enable hab.c to authenticate additional boot images in open mode so HAB events can be retrieved through get_hab_status() function. Signed-off-by: Breno Lima Reviewed-by: Ye Li Signed-off-by: Peng Fan --- diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index bd00d4a458..01ddfab699 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -794,10 +794,8 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, struct ivt *ivt; enum hab_status status; - if (!imx_hab_is_enabled()) { + if (!imx_hab_is_enabled()) puts("hab fuse not enabled\n"); - return 0; - } printf("\nAuthenticate image from DDR location 0x%x...\n", ddr_start); @@ -896,7 +894,7 @@ hab_exit_failure_print_status: hab_authentication_exit: - if (load_addr != 0) + if (load_addr != 0 || !imx_hab_is_enabled()) result = 0; return result;