From: Vinitha V Pillai <[email protected]> boot_script_hdr does not exist, it should not continue to boot. So adding separate validation after loading boot_script.
The secure boot validation of the bootscript header will fail and halts the further execution of commands which prevent source command from execution. Signed-off-by: Vinitha V Pillai <[email protected]> Signed-off-by: Udit Agarwal <[email protected]> --- Changes in V2: Corrects commit message to add more clarity. include/configs/ls1012afrwy.h | 3 ++- include/configs/ls1012ardb.h | 3 ++- include/configs/ls1021atwr.h | 3 ++- include/configs/ls1043a_common.h | 3 ++- include/configs/ls1046a_common.h | 5 +++-- include/configs/ls1088ardb.h | 3 ++- include/configs/ls2080ardb.h | 3 ++- 7 files changed, 15 insertions(+), 8 deletions(-) diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h index ebb1df41c7..12e6437a05 100644 --- a/include/configs/ls1012afrwy.h +++ b/include/configs/ls1012afrwy.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h index f149a604cf..f6640fa499 100644 --- a/include/configs/ls1012ardb.h +++ b/include/configs/ls1012ardb.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h index da55bf2f43..2616f4aa5c 100644 --- a/include/configs/ls1021atwr.h +++ b/include/configs/ls1021atwr.h @@ -364,7 +364,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index 2e9d476483..8618a5f182 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -275,7 +275,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index 24ff2d1547..e4e71b24d4 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -256,8 +256,9 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ - "&& esbc_validate ${scripthdraddr};" \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ + "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ "sf probe && sf read $load_addr " \ diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 45af087dc6..322adb530a 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -398,7 +398,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; "\ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index e41ace6685..2e8a8bbdb7 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -495,7 +495,8 @@ unsigned long get_board_sys_clk(void); "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ -- 2.17.1 _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
