Merge "app: aboot: Check device's status in cmd_flash_meta_img before flashing" into lk.lnx.1.0-dev.1.0
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 8ef8857..c35147b 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -2666,6 +2666,26 @@
return;
}
+ /* If device is locked:
+ * Forbid to flash image to avoid the device to bypass the image
+ * which with "any" name other than bootloader. Because it maybe
+ * a meta package of all partitions.
+ */
+#if VERIFIED_BOOT
+ if (target_build_variant_user()) {
+ if (!device.is_unlocked) {
+ fastboot_fail("Device is locked, meta image flashing is not allowed");
+ return;
+ }
+#if !VBOOT_MOTA
+ if(!device.is_unlock_critical) {
+ fastboot_fail("Device is critical locked, Meta image flashing is not allowed");
+ return;
+ }
+#endif
+ }
+#endif
+
meta_header = (meta_header_t*) data;
if( data_end < ((uintptr_t)data + meta_header->img_hdr_sz))
{