From c7bcb913890446bb71cf3a26fee70d7fccea2ab7 Mon Sep 17 00:00:00 2001
From: Bian Jin chen <kenjc.bian@rock-chips.com>
Date: Tue, 21 Apr 2020 10:44:11 +0800
Subject: [PATCH] libavb: Lock the device when the device init or writes the
 attestation_key.

Change-Id: I561a1eb6fad17bcb8241bcdc5065ef32cdde0919
Signed-off-by: Bian Jin chen <kenjc.bian@rock-chips.com>
---
 common/attestation_key.c              | 6 ++++++
 lib/avb/libavb_user/avb_ops_user.c    | 2 +-
 lib/avb/rk_avb_user/rk_avb_ops_user.c | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/common/attestation_key.c b/common/attestation_key.c
index 3e3ecb6..50914e2 100644
--- a/common/attestation_key.c
+++ b/common/attestation_key.c
@@ -10,6 +10,9 @@
 #include <common.h>
 #include <malloc.h>
 
+#include <android_avb/avb_ops_user.h>
+#include <android_avb/rk_avb_ops_user.h>
+
 #include <keymaster.h>
 
 /* attestation data offset */
@@ -389,6 +392,9 @@ atap_result load_attestation_key(struct blk_desc *dev_desc,
 		return ATAP_RESULT_ERROR_BLOCK_WRITE;
 	}
 
+	uint8_t lock_state = 0;
+	rk_avb_write_lock_state(lock_state);
+
 	return ATAP_RESULT_OK;
 }
 
diff --git a/lib/avb/libavb_user/avb_ops_user.c b/lib/avb/libavb_user/avb_ops_user.c
index 6761c40..15b4674 100644
--- a/lib/avb/libavb_user/avb_ops_user.c
+++ b/lib/avb/libavb_user/avb_ops_user.c
@@ -253,7 +253,7 @@ static AvbIOResult read_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked)
 		case TEE_ERROR_GENERIC:
 		case TEE_ERROR_NO_DATA:
 		case TEE_ERROR_ITEM_NOT_FOUND:
-			*out_is_unlocked = 1;
+			*out_is_unlocked = 0;
 			if (trusty_write_lock_state(*out_is_unlocked)) {
 				printf("%s: init lock state error\n", __FILE__);
 				ret = AVB_IO_RESULT_ERROR_IO;
diff --git a/lib/avb/rk_avb_user/rk_avb_ops_user.c b/lib/avb/rk_avb_user/rk_avb_ops_user.c
index 63a3d10..661ebcb 100644
--- a/lib/avb/rk_avb_user/rk_avb_ops_user.c
+++ b/lib/avb/rk_avb_user/rk_avb_ops_user.c
@@ -241,7 +241,7 @@ int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state)
 	case TEE_ERROR_GENERIC:
 	case TEE_ERROR_NO_DATA:
 	case TEE_ERROR_ITEM_NOT_FOUND:
-		*flash_lock_state = 1;
+		*flash_lock_state = 0;
 		if (trusty_write_flash_lock_state(*flash_lock_state)) {
 			avb_error("trusty_write_flash_lock_state error!");
 			ret = -1;
@@ -299,7 +299,7 @@ int rk_avb_read_lock_state(uint8_t *lock_state)
 	case TEE_ERROR_GENERIC:
 	case TEE_ERROR_NO_DATA:
 	case TEE_ERROR_ITEM_NOT_FOUND:
-		*lock_state = 1;
+		*lock_state = 0;
 		if (rk_avb_write_lock_state(*lock_state)) {
 			avb_error("avb_write_lock_state error!");
 			ret = -1;
-- 
2.7.4