lk: msm: image_verify: Save boot hash regardless of signature decryption
Save the calculated image hash before decrypting the signature
for the expected hash.
CRs-Fixed: 629626
Change-Id: Ifed7bd3a035bcd1607a72ab84fa9bd9f55383ee7
diff --git a/platform/msm_shared/image_verify.c b/platform/msm_shared/image_verify.c
index cf1253f..edca3bc 100644
--- a/platform/msm_shared/image_verify.c
+++ b/platform/msm_shared/image_verify.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011,2013 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011,2013-2014 The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -99,6 +99,23 @@
goto cleanup;
}
+ /*
+ * Calculate hash of image and save calculated hash on TZ.
+ */
+ hash_size =
+ (hash_type == CRYPTO_AUTH_ALG_SHA256) ? SHA256_SIZE : SHA1_SIZE;
+ hash_find(image_ptr, image_size, (unsigned char *)&digest, hash_type);
+#ifdef TZ_SAVE_KERNEL_HASH
+ if (hash_type == CRYPTO_AUTH_ALG_SHA256) {
+ save_kernel_hash_cmd(digest);
+ dprintf(INFO, "Image hash saved.\n");
+ } else
+ dprintf(INFO, "image_verify: hash is not SHA-256.\n");
+#endif
+
+ /*
+ * Decrypt the pre-calculated expected image hash.
+ */
ret = image_decrypt_signature(signature_ptr, plain_text);
if (ret == -1) {
dprintf(CRITICAL, "ERROR: Image Invalid! Decryption failed!\n");
@@ -106,17 +123,8 @@
}
/*
- * Calculate hash of image for comparison
+ * Compare the expected hash with the calculated hash.
*/
- hash_size =
- (hash_type == CRYPTO_AUTH_ALG_SHA256) ? SHA256_SIZE : SHA1_SIZE;
- hash_find(image_ptr, image_size, (unsigned char *)&digest, hash_type);
-#ifdef TZ_SAVE_KERNEL_HASH
- if (hash_type == CRYPTO_AUTH_ALG_SHA256)
- save_kernel_hash_cmd(digest);
- else
- dprintf(INFO, "image_verify: hash is not SHA-256.\n");
-#endif
if (memcmp(plain_text, digest, hash_size) != 0) {
dprintf(CRITICAL,
"ERROR: Image Invalid! Please use another image!\n");