On 03/11/2016 06:02 PM, Jimmy Zhang wrote:
This feature allows user to download signed messages to devices
secured with PKC.
Example:
tegrarcm --download-signed-msgs --signed-msgs-file rel_1001.bin \
--bct=jetson-tk1-bct.bct --bootloader=u-boot.bin --loadaddr=0x83d88000
Where the following blob files are downloaded to device sequentially:
a) rel_1001.bin.qry
b) rel_1001.bin.ml
c) rel_1001.bin.bl
@@ -1083,14 +1198,24 @@ static int download_bootloader(nv3p_handle_t h3p, char *filename,
}
ret = nv3p_data_send(h3p, rsa_pss_sig, sizeof(rsa_pss_sig));
- if (ret) {
- dprintf("error sending bootloader signature\n");
+ }
Doesn't this change (moving that error dprintf later) mean that any
error there potentially won't be reported, since the code below can
overwrite "ret" before the moved copy of that check? I'm not convinced
the code should be moved.
+ /* download bl's rsa_pss_sig */
+ if (signed_msgs_file) {
+ char signature_filename[FILENAME_MAX_SIZE];
+
+ ret = create_name_string(signature_filename,
+ signed_msgs_file, ".bl");
+ if (ret)
return ret;
+
+ // send the bootloader file
+ ret = send_file(h3p, signature_filename);
+ }
+
+ if (ret) {
+ dprintf("error sending bootloader signature\n");
+ return ret;
}
}
The resultant logic here seems to do the following for chips in
SECURE_PKC mode:
a) Always calculate and send the PKC.
b) if (signed_msgs_file), send the content of that file
c) continue to send the bootloader
I would have expected either (a) or (b) to happen, but never both.
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
