lk: msm: image_verify: Save boot hash regardless of signature decryption

Save the calculated image hash before decrypting the signature
for the expected hash.

CRs-Fixed: 629626
Change-Id: Ifed7bd3a035bcd1607a72ab84fa9bd9f55383ee7
diff --git a/platform/msm_shared/image_verify.c b/platform/msm_shared/image_verify.c
index cf1253f..edca3bc 100644
--- a/platform/msm_shared/image_verify.c
+++ b/platform/msm_shared/image_verify.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011,2013 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011,2013-2014 The Linux Foundation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -99,6 +99,23 @@
 		goto cleanup;
 	}
 
+	/*
+	 * Calculate hash of image and save calculated hash on TZ.
+	 */
+	hash_size =
+	    (hash_type == CRYPTO_AUTH_ALG_SHA256) ? SHA256_SIZE : SHA1_SIZE;
+	hash_find(image_ptr, image_size, (unsigned char *)&digest, hash_type);
+#ifdef TZ_SAVE_KERNEL_HASH
+	if (hash_type == CRYPTO_AUTH_ALG_SHA256) {
+		save_kernel_hash_cmd(digest);
+		dprintf(INFO, "Image hash saved.\n");
+	} else
+		dprintf(INFO, "image_verify: hash is not SHA-256.\n");
+#endif
+
+	/*
+	 * Decrypt the pre-calculated expected image hash.
+	 */
 	ret = image_decrypt_signature(signature_ptr, plain_text);
 	if (ret == -1) {
 		dprintf(CRITICAL, "ERROR: Image Invalid! Decryption failed!\n");
@@ -106,17 +123,8 @@
 	}
 
 	/*
-	 * Calculate hash of image for comparison
+	 * Compare the expected hash with the calculated hash.
 	 */
-	hash_size =
-	    (hash_type == CRYPTO_AUTH_ALG_SHA256) ? SHA256_SIZE : SHA1_SIZE;
-	hash_find(image_ptr, image_size, (unsigned char *)&digest, hash_type);
-#ifdef TZ_SAVE_KERNEL_HASH
-	if (hash_type == CRYPTO_AUTH_ALG_SHA256)
-		save_kernel_hash_cmd(digest);
-	else
-		dprintf(INFO, "image_verify: hash is not SHA-256.\n");
-#endif
 	if (memcmp(plain_text, digest, hash_size) != 0) {
 		dprintf(CRITICAL,
 			"ERROR: Image Invalid! Please use another image!\n");