MA-15152 erase user data before setting lock/unlock status

when conduct fastboot lock/unlock operations, erase the userdata first and then set lock/unlock status to improve security level. Change-Id: I74c571c35b88afd6fdd4c287463f7209da8c15ff Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com> (cherry picked from commit b81f0b617d23548cd30953b94aca4ff8cc4da723)

MA-15152 erase user data before setting lock/unlock status
when conduct fastboot lock/unlock operations, erase the userdata first and then set lock/unlock status to improve security level. Change-Id: I74c571c35b88afd6fdd4c287463f7209da8c15ff Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com> (cherry picked from commit b81f0b617d23548cd30953b94aca4ff8cc4da723)
faqiang.zhu · Ji Luo
1 parent 1411f5bb8a
Showing 1 changed file with 4 additions and 8 deletions Side-by-side Diff
drivers/fastboot/fb_fsl/fb_fsl_command.c
@@ -343,10 +343,7 @@
 	/* Erase the cache partition for legacy imx6/7 */
 	process_erase_mmc(FASTBOOT_PARTITION_CACHE, response);
 #endif
-	/* The unlock permissive flag is set by user and should be wiped here. */
-	set_fastboot_lock_disable();
  
-
 #if defined(AVB_RPMB) && !defined(CONFIG_IMX_TRUSTY_OS)
 	printf("Start stored_rollback_index wipe process....\n");
 	rbkidx_erase();
  
@@ -365,12 +362,11 @@
 	}
 	if ((fastboot_lock_enable() == FASTBOOT_UL_ENABLE) || force) {
 		printf("It is able to unlock device. %d\n",fastboot_lock_enable());
+
+		wipe_all_userdata();
 		status = fastboot_set_lock_stat(FASTBOOT_UNLOCK);
 		if (status < 0)
 			return FASTBOOT_LOCK_ERROR;
-
-		wipe_all_userdata();
-
 	} else {
 		printf("It is not able to unlock device.");
 		return FASTBOOT_LOCK_ERROR;
  
@@ -387,11 +383,11 @@
 		printf("The device is already locked\n");
 		return FASTBOOT_LOCK;
 	}
+
+	wipe_all_userdata();
 	status = fastboot_set_lock_stat(FASTBOOT_LOCK);
 	if (status < 0)
 		return FASTBOOT_LOCK_ERROR;
-
-	wipe_all_userdata();
  
 	return FASTBOOT_LOCK;
 }
...	...	@@ -343,10 +343,7 @@
343	343	/* Erase the cache partition for legacy imx6/7 */
344	344	process_erase_mmc(FASTBOOT_PARTITION_CACHE, response);
345	345	#endif
346		- /* The unlock permissive flag is set by user and should be wiped here. */
347		- set_fastboot_lock_disable();
348	346
349		-
350	347	#if defined(AVB_RPMB) && !defined(CONFIG_IMX_TRUSTY_OS)
351	348	printf("Start stored_rollback_index wipe process....\n");
352	349	rbkidx_erase();
353	350
...	...	@@ -365,12 +362,11 @@
365	362	}
366	363	if ((fastboot_lock_enable() == FASTBOOT_UL_ENABLE) \|\| force) {
367	364	printf("It is able to unlock device. %d\n",fastboot_lock_enable());
	365	+
	366	+ wipe_all_userdata();
368	367	status = fastboot_set_lock_stat(FASTBOOT_UNLOCK);
369	368	if (status < 0)
370	369	return FASTBOOT_LOCK_ERROR;
371		-
372		- wipe_all_userdata();
373		-
374	370	} else {
375	371	printf("It is not able to unlock device.");
376	372	return FASTBOOT_LOCK_ERROR;
377	373
...	...	@@ -387,11 +383,11 @@
387	383	printf("The device is already locked\n");
388	384	return FASTBOOT_LOCK;
389	385	}
	386	+
	387	+ wipe_all_userdata();
390	388	status = fastboot_set_lock_stat(FASTBOOT_LOCK);
391	389	if (status < 0)
392	390	return FASTBOOT_LOCK_ERROR;
393		-
394		- wipe_all_userdata();
395	391
396	392	return FASTBOOT_LOCK;
397	393	}