[DESCRIPTION]
mrdump 如果设定为 dconfig 控制(参考【FAQ13786】ramdump 如何开启?),那么 boot_para.img 生成是需要绑定 SOCID,也就是说,这个 boot_para.img 只能下载到某一台手机上,其他手机无效。
有时需要放开这个设定,方法如下
[SOLUTION]
去除 SOCID 绑定:
- static int mrdump_get_socid_cert(void)
- {
- ......
- //uint32_t sec_ret = sec_img_auth_init (DCONFIG_PART, DCONFIG_1STIMG_NAME, GET_SOCID_FROM_CERT2); //============ 注释这行代码 ============
- uint32_t sec_ret = sec_img_auth_init (DCONFIG_PART, DCONFIG_1STIMG_NAME, 0); //============ 增加这行代码 ============
- if (sec_ret) {
- pal_log_err("%s: dconfig image auth init failed (0x%x)
", __func__, sec_ret);
- return MRDUMP_SEC_IMG_AUTH_INIT_ERROR;
- }
- #endif
- dconfig_hdr = malloc(DCONFIG_HEADER_SIZE + DCONFIG_PLENV_SIZE);
- if (dconfig_hdr == NULL) {
- pal_log_err("%s: not enough memory
", __func__);
- return MRDUMP_DCONFIG_MALLOC_ERROR;
- }
- len = mboot_common_load_part(DCONFIG_PART, DCONFIG_1STIMG_NAME, (unsigned long)dconfig_hdr);
- if (len <= 0) {
- pal_log_err("%s: partition_read failed, return value %d
", __func__, len);
- free(dconfig_hdr);
- return MRDUMP_MBOOT_LOAD_PART_ERROR;
- }
- #ifdef MTK_SECURITY_SW_SUPPORT
- sec_ret = sec_img_auth(dconfig_hdr, len);
- if (sec_ret) {
- pal_log_err("%s: dconfig image verify failed (0x%x)
", __func__, sec_ret);
- free(dconfig_hdr);
- return MRDUMP_DCONFIG_IMG_VERIFY_ERROR;
- }
- #if 0 //============ 注释这块代码 ============
- uint8_t socid_cert[SOC_ID_LEN] = {0};
- sec_ret = get_socid_cert(socid_cert, SOC_ID_LEN);
- if (sec_ret) {
- pal_log_err("%s: unable to get socid from certed image (0x%x)
", __func__, sec_ret);
- free(dconfig_hdr);
- return MRDUMP_DCONFIG_SOCID_CERT_ERROR;
- }
- if (strncmp((char *)socid_chip, (char *)socid_cert, SOC_ID_LEN) != 0) {
- pal_log_err("%s: socid mismatched
", __func__);
- free(dconfig_hdr);
- return MRDUMP_DCNFIG_SOCID_MISMATCH;
- }
- #endif //============ 注释这块代码 ============
- #endif
- ......
- }
如果想根据分区属性(是否是 secboot,是否是 unlock)判断是否需要开 mrdump,可以增加修改:
- static int mrdump_get_socid_cert(void)
- {
- uint8_t *dconfig_hdr = NULL;
- uint8_t *plenv = NULL;
- int len = 0;
- #ifdef MTK_SECURITY_SW_SUPPORT
- #if 1 //============ 增加这块代码 ============
- unsigned int policy_entry_idx = 0;
- unsigned int img_auth_required = 0;
- seclib_image_buf_init();
- policy_entry_idx = get_policy_entry_idx(“boot_para”);
- img_auth_required = get_vfy_policy(policy_entry_idx);
- seclib_image_buf_free();
- if (!img_auth_required) /* 这个 img_auth_required 只有 chip secboot、unlock 状态对应到 boot_para 的 security 属性得到。 */
- return MRDUMP_SUCCESS_ENABLE;
- #endif //============ 增加这块代码 ============
- ......
- }
更多详细资料与相关方案了解,可咨询 ·新移科技技术论坛 - Powered by Discuz!
MTK核心板|MTK开发板|MTK模块|4G核心板|4G模块|5G核心板|5G模块|安卓核心板|安卓模块|高通核心板-深圳市新移科技有限公司・与您一同创建万物互联的世界
