MT6771/6761/6762 dconfig控制mrdump开关去除SOCID绑定

tangh

[DESCRIPTION]
mrdump如果设定为dconfig控制（参考【FAQ13786】ramdump如何开启？），那么boot_para.img生成是需要绑定SOCID，也就是说，这个boot_para.img只能下载到某一台手机上，其他手机无效。
有时需要放开这个设定，方法如下

[SOLUTION]
去除SOCID绑定：

1. static int mrdump_get_socid_cert(void)
   
2. {
   
3. ......
   
4. <font color="Red"> //uint32_t sec_ret = sec_img_auth_init(DCONFIG_PART, DCONFIG_1STIMG_NAME, GET_SOCID_FROM_CERT2); //============注释这行代码============
   
5. uint32_t sec_ret = sec_img_auth_init(DCONFIG_PART, DCONFIG_1STIMG_NAME, 0); //============增加这行代码============</font>
   
6. if (sec_ret) {
   
7. pal_log_err("%s: dconfig image auth init failed (0x%x)\n", __func__, sec_ret);
   
8. return MRDUMP_SEC_IMG_AUTH_INIT_ERROR;
   
9. }
   
10. #endif
    
11. dconfig_hdr = malloc(DCONFIG_HEADER_SIZE + DCONFIG_PLENV_SIZE);
    
12. if (dconfig_hdr == NULL) {
    
13. pal_log_err("%s: not enough memory\n", __func__);
    
14. return MRDUMP_DCONFIG_MALLOC_ERROR;
    
15. }
    
16. len = mboot_common_load_part(DCONFIG_PART, DCONFIG_1STIMG_NAME, (unsigned long)dconfig_hdr);
    
17. if (len <= 0) {
    
18. pal_log_err("%s: partition_read failed, return value %d\n", __func__, len);
    
19. free(dconfig_hdr);
    
20. return MRDUMP_MBOOT_LOAD_PART_ERROR;
    
21. }
    
22. #ifdef MTK_SECURITY_SW_SUPPORT
    
23. sec_ret = sec_img_auth(dconfig_hdr, len);
    
24. if (sec_ret) {
    
25. pal_log_err("%s: dconfig image verify failed (0x%x)\n", __func__, sec_ret);
    
26. free(dconfig_hdr);
    
27. return MRDUMP_DCONFIG_IMG_VERIFY_ERROR;
    
28. }
    
29. <font color="Red">#if 0 //============注释这块代码============
    
30. uint8_t socid_cert[SOC_ID_LEN] = {0};
    
31. sec_ret = get_socid_cert(socid_cert, SOC_ID_LEN);
    
32. if (sec_ret) {
    
33. pal_log_err("%s: unable to get socid from certed image (0x%x)\n", __func__, sec_ret);
    
34. free(dconfig_hdr);
    
35. return MRDUMP_DCONFIG_SOCID_CERT_ERROR;
    
36. }
    
37. if (strncmp((char *)socid_chip, (char *)socid_cert, SOC_ID_LEN) != 0) {
    
38. pal_log_err("%s: socid mismatched\n", __func__);
    
39. free(dconfig_hdr);
    
40. return MRDUMP_DCNFIG_SOCID_MISMATCH;
    
41. }
    
42. #endif //============注释这块代码============</font>
    
43. #endif
    
44. ......
    
45. }

复制代码

如果想根据分区属性（是否是secboot，是否是unlock）判断是否需要开mrdump，可以增加修改：

1. static int mrdump_get_socid_cert(void)
   
2. {
   
3. uint8_t *dconfig_hdr = NULL;
   
4. uint8_t *plenv = NULL;
   
5. int len = 0;
   
6. 
   
7. #ifdef MTK_SECURITY_SW_SUPPORT
   
8. <font color="Red">#if 1 //============增加这块代码============
   
9. unsigned int policy_entry_idx = 0;
   
10. unsigned int img_auth_required = 0;
    
11. 
    
12. seclib_image_buf_init();
    
13. policy_entry_idx = get_policy_entry_idx(“boot_para”);
    
14. img_auth_required = get_vfy_policy(policy_entry_idx);
    
15. seclib_image_buf_free();
    
16. if (!img_auth_required) /* 这个img_auth_required只有chip secboot、unlock状态对应到boot_para的security属性得到。 */
    
17. return MRDUMP_SUCCESS_ENABLE;
    
18. #endif //============增加这块代码============</font>
    
19. ......
    
20. }
    
21. 
    

复制代码