From c97ed47b42364f6b8b387aac331ab111480a8075 Mon Sep 17 00:00:00 2001
From: Manorit Chawdhry <m-chawdhry@ti.com>
Date: Tue, 25 Jul 2023 13:09:22 +0530
Subject: [PATCH] mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
---
 arch/arm/mach-k3/security.c | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
index 6038c9665e..89659f479e 100644
--- a/arch/arm/mach-k3/security.c
+++ b/arch/arm/mach-k3/security.c
@@ -67,14 +67,6 @@ void ti_secure_image_check_binary(void **p_image, size_t *p_size)
 
 		return;
 	}
-
-	if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
-	    !ti_secure_cert_detected(*p_image)) {
-		printf("Warning: Did not detect image signing certificate. "
-		       "Skipping authentication to prevent boot failure. "
-		       "This will fail on Security Enforcing(HS-SE) devices\n");
-		return;
-	}
 }
 
 void ti_secure_image_post_process(void **p_image, size_t *p_size)
@@ -91,11 +83,17 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size)
 		return;
 	}
 
-	if (get_device_type() == K3_DEVICE_TYPE_GP &&
-	    (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
-	     !ti_secure_cert_detected(*p_image)))
+	if (get_device_type() == K3_DEVICE_TYPE_GP)
 		return;
 
+	if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
+	    !ti_secure_cert_detected(*p_image)) {
+		printf("Warning: Did not detect image signing certificate. "
+		       "Skipping authentication to prevent boot failure. "
+		       "This will fail on Security Enforcing(HS-SE) devices\n");
+		return;
+	}
+
 	/* Clean out image so it can be seen by system firmware */
 	image_addr = dma_map_single(*p_image, *p_size, DMA_BIDIRECTIONAL);
 
-- 
2.39.5