From c97ed47b42364f6b8b387aac331ab111480a8075 Mon Sep 17 00:00:00 2001 From: Manorit Chawdhry Date: Tue, 25 Jul 2023 13:09:22 +0530 Subject: [PATCH] mach-k3: security: improve the checks around authentication The following checks are more reasonable as the previous logs were a bit misleading as we could still get the logs that the authetication is being skipped but still authenticate. Move the debug prints and checks to proper locations. Signed-off-by: Manorit Chawdhry --- arch/arm/mach-k3/security.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c index 6038c9665e..89659f479e 100644 --- a/arch/arm/mach-k3/security.c +++ b/arch/arm/mach-k3/security.c @@ -67,14 +67,6 @@ void ti_secure_image_check_binary(void **p_image, size_t *p_size) return; } - - if (get_device_type() != K3_DEVICE_TYPE_HS_SE && - !ti_secure_cert_detected(*p_image)) { - printf("Warning: Did not detect image signing certificate. " - "Skipping authentication to prevent boot failure. " - "This will fail on Security Enforcing(HS-SE) devices\n"); - return; - } } void ti_secure_image_post_process(void **p_image, size_t *p_size) @@ -91,11 +83,17 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size) return; } - if (get_device_type() == K3_DEVICE_TYPE_GP && - (get_device_type() != K3_DEVICE_TYPE_HS_SE && - !ti_secure_cert_detected(*p_image))) + if (get_device_type() == K3_DEVICE_TYPE_GP) return; + if (get_device_type() != K3_DEVICE_TYPE_HS_SE && + !ti_secure_cert_detected(*p_image)) { + printf("Warning: Did not detect image signing certificate. " + "Skipping authentication to prevent boot failure. " + "This will fail on Security Enforcing(HS-SE) devices\n"); + return; + } + /* Clean out image so it can be seen by system firmware */ image_addr = dma_map_single(*p_image, *p_size, DMA_BIDIRECTIONAL); -- 2.39.5