Merge "app: aboot: mdtp: Fix blocking of fastboot boot command"
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 252d01b..7ff5fae 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -1887,6 +1887,9 @@
void cmd_boot(const char *arg, void *data, unsigned sz)
{
+#ifdef MDTP_SUPPORT
+ static bool is_mdtp_activated = 0;
+#endif /* MDTP_SUPPORT */
unsigned kernel_actual;
unsigned ramdisk_actual;
uint32_t image_actual;
@@ -1960,18 +1963,14 @@
else
{
/* fastboot boot is not allowed when MDTP is activated */
-
mdtp_ext_partition_verification_t ext_partition;
- ext_partition.partition = boot_into_recovery ? MDTP_PARTITION_RECOVERY : MDTP_PARTITION_BOOT;
- ext_partition.integrity_state = MDTP_PARTITION_STATE_UNSET;
- ext_partition.page_size = page_size;
- ext_partition.image_addr = (uint32_t)data;
- ext_partition.image_size = image_actual - sig_actual;
- ext_partition.sig_avail = TRUE;
- mdtp_fwlock_verify_lock(&ext_partition);
+
+ if (!is_mdtp_activated) {
+ ext_partition.partition = MDTP_PARTITION_NONE;
+ mdtp_fwlock_verify_lock(&ext_partition);
+ }
}
- bool is_mdtp_activated = 0;
mdtp_activated(&is_mdtp_activated);
if(is_mdtp_activated){
dprintf(CRITICAL, "fastboot boot command is not available.\n");
diff --git a/app/aboot/mdtp.c b/app/aboot/mdtp.c
index 578f4de..01f907a 100644
--- a/app/aboot/mdtp.c
+++ b/app/aboot/mdtp.c
@@ -570,38 +570,40 @@
}
else
{
- for(i=0; i<MAX_PARTITIONS; i++)
+ if (ext_partition->partition != MDTP_PARTITION_NONE)
{
- if(dip->partition_cfg[i].lock_enabled && dip->partition_cfg[i].size)
+ for(i=0; i<MAX_PARTITIONS; i++)
{
- total_num_blocks = ((dip->partition_cfg[i].size - 1) / MDTP_FWLOCK_BLOCK_SIZE);
- if (validate_partition_params(dip->partition_cfg[i].size,
- dip->partition_cfg[i].hash_mode,
- dip->partition_cfg[i].verify_ratio))
+ if(dip->partition_cfg[i].lock_enabled && dip->partition_cfg[i].size)
{
- dprintf(CRITICAL, "mdtp: verify_all_partitions: Wrong partition parameters\n");
- verify_failure = TRUE;
- break;
- }
+ total_num_blocks = ((dip->partition_cfg[i].size - 1) / MDTP_FWLOCK_BLOCK_SIZE);
+ if (validate_partition_params(dip->partition_cfg[i].size,
+ dip->partition_cfg[i].hash_mode,
+ dip->partition_cfg[i].verify_ratio))
+ {
+ dprintf(CRITICAL, "mdtp: verify_all_partitions: Wrong partition parameters\n");
+ verify_failure = TRUE;
+ break;
+ }
- verify_failure |= (verify_partition(dip->partition_cfg[i].name,
- dip->partition_cfg[i].size,
- dip->partition_cfg[i].hash_mode,
- (dip->partition_cfg[i].verify_ratio * total_num_blocks) / 100,
- dip->partition_cfg[i].hash_table,
- dip->partition_cfg[i].force_verify_block) != 0);
+ verify_failure |= (verify_partition(dip->partition_cfg[i].name,
+ dip->partition_cfg[i].size,
+ dip->partition_cfg[i].hash_mode,
+ (dip->partition_cfg[i].verify_ratio * total_num_blocks) / 100,
+ dip->partition_cfg[i].hash_table,
+ dip->partition_cfg[i].force_verify_block) != 0);
+ }
+ }
+
+ ext_partition_verify_failure = verify_ext_partition(ext_partition);
+
+ if (verify_failure || ext_partition_verify_failure)
+ {
+ dprintf(CRITICAL, "mdtp: verify_all_partitions: Failed partition verification\n");
+ return;
}
}
-
- ext_partition_verify_failure = verify_ext_partition(ext_partition);
-
- if (verify_failure || ext_partition_verify_failure)
- {
- dprintf(CRITICAL, "mdtp: verify_all_partitions: Failed partition verification\n");
- return;
- }
is_mdtp_activated = 1;
-
}
*verify_result = VERIFY_OK;
@@ -728,7 +730,7 @@
/* Disallow CIPHER_DIP SCM call from this point, unless we are in recovery */
/* The recovery image will disallow CIPHER_DIP SCM call by itself. */
- if (ext_partition->partition != MDTP_PARTITION_RECOVERY)
+ if (ext_partition->partition == MDTP_PARTITION_BOOT)
{
mdtp_tzbsp_disallow_cipher_DIP();
}
diff --git a/app/aboot/mdtp.h b/app/aboot/mdtp.h
index c29dcc2..03e3b7c 100644
--- a/app/aboot/mdtp.h
+++ b/app/aboot/mdtp.h
@@ -113,6 +113,7 @@
typedef enum {
MDTP_PARTITION_BOOT = 0,
MDTP_PARTITION_RECOVERY,
+ MDTP_PARTITION_NONE,
MDTP_PARTITION_NUM,
} mdtp_ext_partition_t;