MLK-17044-3 booti: Add kernel image authentication for secure boot

When secure boot is enabled, add authenticate_image in booti to authenticate kernel image. Signed-off-by: Ye Li <ye.li@nxp.com>

MLK-17044-3 booti: Add kernel image authentication for secure boot
When secure boot is enabled, add authenticate_image in booti to authenticate kernel image. Signed-off-by: Ye Li <ye.li@nxp.com>
Ye Li · Eric Lee · Eric Lee · Eric Lee · Eric Lee · Eric Lee
1 parent bca4e251b6
Showing 1 changed file with 11 additions and 1 deletions Side-by-side Diff
cmd/booti.c
@@ -42,13 +42,23 @@
 		puts("Bad Linux ARM64 Image magic!\n");
 		return 1;
 	}
-	
+
 	if (ih->image_size == 0) {
 		puts("Image lacks image_size field, assuming 16MiB\n");
 		image_size = 16 << 20;
 	} else {
 		image_size = le64_to_cpu(ih->image_size);
 	}
+
+#ifdef CONFIG_SECURE_BOOT
+	extern uint32_t authenticate_image(
+			uint32_t ddr_start, uint32_t image_size);
+	if (authenticate_image(images->ep, image_size) == 0) {
+		printf("Authenticate Image Fail, Please check\n");
+		return 1;
+	}
+
+#endif
  
 	/*
 	 * If we are not at the correct run-time location, set the new
...	...	@@ -42,13 +42,23 @@
42	42	puts("Bad Linux ARM64 Image magic!\n");
43	43	return 1;
44	44	}
45		-
	45	+
46	46	if (ih->image_size == 0) {
47	47	puts("Image lacks image_size field, assuming 16MiB\n");
48	48	image_size = 16 << 20;
49	49	} else {
50	50	image_size = le64_to_cpu(ih->image_size);
51	51	}
	52	+
	53	+#ifdef CONFIG_SECURE_BOOT
	54	+ extern uint32_t authenticate_image(
	55	+ uint32_t ddr_start, uint32_t image_size);
	56	+ if (authenticate_image(images->ep, image_size) == 0) {
	57	+ printf("Authenticate Image Fail, Please check\n");
	58	+ return 1;
	59	+ }
	60	+
	61	+#endif
52	62
53	63	/*
54	64	* If we are not at the correct run-time location, set the new