mach-k3: security: improve the checks around authentication
The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
index 6038c96..89659f4 100644
--- a/arch/arm/mach-k3/security.c
+++ b/arch/arm/mach-k3/security.c
@@ -67,14 +67,6 @@
return;
}
-
- if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
- !ti_secure_cert_detected(*p_image)) {
- printf("Warning: Did not detect image signing certificate. "
- "Skipping authentication to prevent boot failure. "
- "This will fail on Security Enforcing(HS-SE) devices\n");
- return;
- }
}
void ti_secure_image_post_process(void **p_image, size_t *p_size)
@@ -91,11 +83,17 @@
return;
}
- if (get_device_type() == K3_DEVICE_TYPE_GP &&
- (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
- !ti_secure_cert_detected(*p_image)))
+ if (get_device_type() == K3_DEVICE_TYPE_GP)
return;
+ if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
+ !ti_secure_cert_detected(*p_image)) {
+ printf("Warning: Did not detect image signing certificate. "
+ "Skipping authentication to prevent boot failure. "
+ "This will fail on Security Enforcing(HS-SE) devices\n");
+ return;
+ }
+
/* Clean out image so it can be seen by system firmware */
image_addr = dma_map_single(*p_image, *p_size, DMA_BIDIRECTIONAL);