From e596cd7c8822680db95b1163ffd3c9778e2bb4a0 Mon Sep 17 00:00:00 2001
From: Jason Zhu <jason.zhu@rock-chips.com>
Date: Tue, 9 Mar 2021 17:13:01 +0800
Subject: [PATCH] init: panic the kernel when compare the ramdisk hash failed

Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Change-Id: I362eda9782f661d5faef85a773c358ad26fd4dcd
---
 init/initramfs.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/init/initramfs.c b/init/initramfs.c
index 4afd1987aeea..0bb9bbb97610 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -458,6 +458,12 @@ static char * __init unpack_to_rootfs(char *buf, unsigned long len)
 	state = Start;
 	this_header = 0;
 	message = NULL;
+
+#ifdef CONFIG_ROCKCHIP_THUNDER_BOOT_CRYPTO
+	if (rk_tb_crypto_sha256_wait_compare_done())
+		panic("Timeout, campare the sha256 digest fail, the ramdisk is untrusted.\n");
+#endif
+
 #if defined(CONFIG_ROCKCHIP_THUNDER_BOOT) && defined(CONFIG_ROCKCHIP_HW_DECOMPRESS) && defined(CONFIG_INITRD_ASYNC)
 	wait_initrd_hw_decom_done();
 #endif