aboutsummaryrefslogtreecommitdiff
path: root/libstb
diff options
context:
space:
mode:
Diffstat (limited to 'libstb')
-rw-r--r--libstb/secureboot.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index 08a6ae6..2c7a8db 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -28,6 +28,7 @@
static const void* hw_key_hash = NULL;
static size_t hw_key_hash_size;
static bool secure_mode = false;
+static bool secure_init = false;
static struct {
enum secureboot_version version;
@@ -161,6 +162,8 @@ void secureboot_init(void)
}
if (cvc_init())
secureboot_enforce();
+
+ secure_init = true;
}
int secureboot_verify(enum resource_id id, void *buf, size_t len)
@@ -176,6 +179,12 @@ int secureboot_verify(enum resource_id id, void *buf, size_t len)
secureboot_enforce();
}
+ if (!secure_init) {
+ prlog(PR_WARNING, "container NOT VERIFIED, resource_id=%d "
+ "secureboot not yet initialized\n", id);
+ return -1;
+ }
+
rc = call_cvc_verify(buf, len, hw_key_hash, hw_key_hash_size, &log);
if (rc == OPAL_SUCCESS) {
generated by cgit v1.1 at 2024-11-15 04:32:47 +0000