From: Eduard Strehlau <edu...@lionizers.com>
CONFIG_SYS_BOOT_LOCKED means that a restricted boot environment will
be used. In this case, hab_auth_img_or_fail should be called to prevent
U-Boot to continue running when the fitImage authentication fails.
Fix the logic accordingly.
Additionally, select CONFIG_SYS_BOOT_LOCKED by default.
Signed-off-by: Eduard Strehlau <edu...@lionizers.com>
Signed-off-by: Fabio Estevam <feste...@denx.de>
---
Hi Tom,
We have just identified this bug.
Could you please pick this one directly for U-Boot 2023.10?
Thanks
board/storopack/smegw01/smegw01.env | 4 ++--
configs/smegw01_defconfig | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/board/storopack/smegw01/smegw01.env
b/board/storopack/smegw01/smegw01.env
index 528310dd81..93de866910 100644
--- a/board/storopack/smegw01/smegw01.env
+++ b/board/storopack/smegw01/smegw01.env
@@ -67,9 +67,9 @@ mmcboot=
run altbootcmd;
fi;
#ifdef CONFIG_SYS_BOOT_LOCKED
- hab_auth_img ${fileaddr} ${filesize};
-#else
hab_auth_img_or_fail ${fileaddr} ${filesize};
+#else
+ hab_auth_img ${fileaddr} ${filesize};
#endif
run mmcargs;
if bootm; then
diff --git a/configs/smegw01_defconfig b/configs/smegw01_defconfig
index 616038387e..03d403ddc8 100644
--- a/configs/smegw01_defconfig
+++ b/configs/smegw01_defconfig
@@ -7,7 +7,7 @@ CONFIG_ENV_OFFSET=0x100000
CONFIG_DM_GPIO=y
CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01"
CONFIG_TARGET_SMEGW01=y
-# CONFIG_SYS_BOOT_LOCKED is not set
+CONFIG_SYS_BOOT_LOCKED=y
CONFIG_ENV_OFFSET_REDUND=0x110000
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
# CONFIG_ARMV7_VIRT is not set
--
2.41.0
