diff options
| author | Igor Opaniuk <igor.opaniuk@linaro.org> | 2018-06-03 21:56:40 +0300 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2018-06-18 20:55:13 +0300 |
| commit | 5d4fd8777337134dc1a1270f27569a9ccaece193 (patch) | |
| tree | f63f6c725dbbe18633dfa60f679e6f307044b2e8 /cmd/avb.c | |
| parent | 60b2f9e7b97580b3a71d6fa119fc9c66491d963e (diff) | |
| download | u-boot-5d4fd8777337134dc1a1270f27569a9ccaece193.tar.xz | |
avb2.0: add boot states and dm-verity support
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Diffstat (limited to 'cmd/avb.c')
| -rw-r--r-- | cmd/avb.c | 17 |
1 files changed, 16 insertions, 1 deletions
@@ -218,6 +218,8 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, { AvbSlotVerifyResult slot_result; AvbSlotVerifyData *out_data; + char *cmdline; + char *extra_args; bool unlocked = false; int res = CMD_RET_FAILURE; @@ -249,10 +251,23 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, switch (slot_result) { case AVB_SLOT_VERIFY_RESULT_OK: + /* Until we don't have support of changing unlock states, we + * assume that we are by default in locked state. + * So in this case we can boot only when verification is + * successful; we also supply in cmdline GREEN boot state + */ printf("Verification passed successfully\n"); /* export additional bootargs to AVB_BOOTARGS env var */ - env_set(AVB_BOOTARGS, out_data->cmdline); + + extra_args = avb_set_state(avb_ops, AVB_GREEN); + if (extra_args) + cmdline = append_cmd_line(out_data->cmdline, + extra_args); + else + cmdline = out_data->cmdline; + + env_set(AVB_BOOTARGS, cmdline); res = CMD_RET_SUCCESS; break; |