diff options
Diffstat (limited to 'arch/arm/mach-tegra/tegra20/bct.c')
-rw-r--r-- | arch/arm/mach-tegra/tegra20/bct.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/arch/arm/mach-tegra/tegra20/bct.c b/arch/arm/mach-tegra/tegra20/bct.c index 5eb4899..b2c44f3 100644 --- a/arch/arm/mach-tegra/tegra20/bct.c +++ b/arch/arm/mach-tegra/tegra20/bct.c @@ -11,6 +11,9 @@ #include "bct.h" #include "uboot_aes.h" +/* Device with "sbk burned: false" will expose zero key */ +const u8 nosbk[AES128_KEY_LENGTH] = { 0 }; + /* * @param bct boot config table start in RAM * @param ect bootloader start in RAM @@ -23,22 +26,27 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size) u8 ebt_hash[AES128_KEY_LENGTH] = { 0 }; u8 sbk[AES128_KEY_LENGTH] = { 0 }; u8 *bct_hash = bct; + bool encrypted; int ret; bct += BCT_HASH; + ebt_size = roundup(ebt_size, EBT_ALIGNMENT); + memcpy(sbk, (u8 *)(bct + BCT_LENGTH), NVBOOT_CMAC_AES_HASH_LENGTH * 4); - ret = decrypt_data_block(bct, BCT_LENGTH, sbk); - if (ret) - return 1; + encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH); - ebt_size = roundup(ebt_size, EBT_ALIGNMENT); + if (encrypted) { + ret = decrypt_data_block(bct, BCT_LENGTH, sbk); + if (ret) + return 1; - ret = encrypt_data_block(ebt, ebt_size, sbk); - if (ret) - return 1; + ret = encrypt_data_block(ebt, ebt_size, sbk); + if (ret) + return 1; + } ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk); if (ret) @@ -52,9 +60,11 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size) bct_tbl->bootloader[0].load_addr = CONFIG_SPL_TEXT_BASE; bct_tbl->bootloader[0].length = ebt_size; - ret = encrypt_data_block(bct, BCT_LENGTH, sbk); - if (ret) - return 1; + if (encrypted) { + ret = encrypt_data_block(bct, BCT_LENGTH, sbk); + if (ret) + return 1; + } ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk); if (ret) |