[1/1] tools: imagetool: Disable TOC0 anti-rollback protection
Commit Message
Allwinner devices which support TOC0 have anti-rollback protection
efuses that are sometimes blown to prevent downgrading firmware.
Since we don't currently support configuring an anti-rollback version
lets just set the max version in the TOC0 certificate so that the
sbrom will never reject our image due to the anti-rollback protections
having been used by BSP based firmware.
Note that while there are 32 efuse bits the SBROM will reject any
antirollback version above 31, as such setting 31 should ensure
maxiumum hardware compatibility.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
tools/sunxi_toc0.c | 10 ++++++++++
1 file changed, 10 insertions(+)
@@ -127,6 +127,11 @@ struct __packed toc0_cert_item {
struct __packed toc0_extension {
toc0_small_int tag_digest;
uint8_t digest[32];
+ toc0_small_seq tag_nvc_seq;
+ struct __packed toc0_nvc_seq {
+ int oid;
+ int nvc;
+ } nvc_seq;
} extension;
} explicit3;
} mainSequence;
@@ -174,6 +179,11 @@ static const struct toc0_cert_item cert_item_template = {
{
TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)),
{},
+ TOC0_SMALL_SEQ(sizeof(struct toc0_nvc_seq)),
+ {
+ 1,
+ 31,
+ },
},
},
},