Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>: > This patch adds hab_auth_img_or_fail() a command line function that > encapsulates a common usage of authenticate and failover, namely if > authenticate image fails, then drop to BootROM USB recovery mode. > > For secure-boot systems, this type of locked down behavior is important to > ensure no unsigned images can be run. > > It's possible to script this logic but, when done over and over again the > environment starts get very complex and repetitive, reducing that script > repetition down to a command line function makes sense. > > Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> > Cc: Utkarsh Gupta <utkarsh.gu...@nxp.com> > Cc: Breno Lima <breno.l...@nxp.com> > Cc: Fabio Estevam <fabio.este...@nxp.com> > --- > arch/arm/mach-imx/hab.c | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c > index 0c18b2e..61ccdeb 100644 > --- a/arch/arm/mach-imx/hab.c > +++ b/arch/arm/mach-imx/hab.c > @@ -366,6 +366,22 @@ static int do_hab_get_ivt_addr(cmd_tbl_t *cmdtp, int > flag, int argc, > return CMD_RET_SUCCESS; > } > > +static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag, > + int argc, char * const argv[]) > +{ > + if (!imx_hab_is_enabled()) > + goto done;
It would be nice to return CMD_RET_USAGE on this case, or maybe print something like "Secure boot disabled". If I run in a non HAB enabled board I get the following output: => hab_auth_img_or_fail <addr> <length> <ivt_offset> => We may also need to add the following here: if (argc < 4) return CMD_RET_USAGE; If I run this command without any parameter the code is wrongly executed, and the system goes to USB recovery mode. Thanks, Breno Lima _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot