From bc03d1e9728ab1faa9eebbee3ed90e57bd27c051 Mon Sep 17 00:00:00 2001
From: Robert Rosengren <robert.rosengren@stericsson.com>
Date: Wed, 15 Dec 2010 09:48:59 +0100
Subject: db8500: Verify signature of kernel before booting

Verification of the kernel and ITP signature before allowing to boot is
added. This feature is configurable and by default not activated. MeeGo-
built RPM will have this enabled.

ST-Ericsson ID: WP275634, ER275440

Change-Id: Ib888f39dd5dca1bc8b7d6e1b002da83a77908b07
Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/11415
Tested-by: Robert ROSENGREN <robert.rosengren@stericsson.com>
Reviewed-by: Michael BRANDT <michael.brandt@stericsson.com>
Reviewed-by: QATOOLS
Reviewed-by: Jens WIKLANDER <jens.wiklander@stericsson.com>
---
 common/cmd_bootm.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'common')

diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index 94ddac37c..0cac9cf1b 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -867,6 +867,18 @@ static void *boot_get_kernel (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]
 	/* copy from dataflash if needed */
 	img_addr = genimg_get_image (img_addr);
 
+#if defined(CONFIG_SECURE_KERNEL_BOOT)
+	{
+		/*
+		 * Extern declaration could more nicely done, but keeping
+		 * it here to have as low impact as possible...
+		 */
+		extern int sec_bridge_verify_kernel_image(u32 *img_addr);
+		if (sec_bridge_verify_kernel_image ((u32*)&img_addr))
+			img_addr = 0;
+	}
+#endif
+
 	/* check image type, for FIT images get FIT kernel node */
 	*os_data = *os_len = 0;
 	switch (genimg_get_format ((void *)img_addr)) {
-- 
cgit v1.2.3