summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBreno Lima <breno.lima@nxp.com>2018-10-08 23:25:20 -0300
committerYe Li <ye.li@nxp.com>2018-10-11 19:41:40 -0700
commit29e880eec00b6c7b6071ea358a6c855d9833c0a9 (patch)
tree9dba4e04ae6b8b783a46ca14a0d50d41017b775b
parent884ef77506e8255903ba9d9b8f6d54142f242e9f (diff)
MLK-19876 imx: hab: Enable hab.c to authenticate additional images in open configuration
Currently it's not possible to authenticate additional boot images in HAB open configuration. The hab.c code is checking if the SEC_CONFIG[1] fuse is programmed prior to calling the hab_authenticate_image() API function. Users cannot check if their additional boot images has been correctly signed prior to closing their device. Enable hab.c to authenticate additional boot images in open mode so HAB events can be retrieved through get_hab_status() function. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 15d3e93bd16b5375f4dbf525ce61f0912ece4c0b)
-rw-r--r--arch/arm/mach-imx/hab.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index a0f53a0e7a..b2b3929781 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -706,10 +706,8 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
struct ivt *ivt;
enum hab_status status;
- if (!imx_hab_is_enabled()) {
+ if (!imx_hab_is_enabled())
puts("hab fuse not enabled\n");
- return 0;
- }
printf("\nAuthenticate image from DDR location 0x%x...\n",
ddr_start);
@@ -808,7 +806,7 @@ hab_exit_failure_print_status:
hab_authentication_exit:
- if (load_addr != 0)
+ if (load_addr != 0 || !imx_hab_is_enabled())
result = 0;
return result;