Teddy, All, >> On Thu, Jun 7, 2018 at 12:27 PM, Teddy Reed <[email protected]> wrote: >>> >>> Hi all, question, is anyone using the U-Boot verified-boot in production? >> >> I have been digging into this lately as well, and actually noticed a >> few other things on top of what you are seeing, mentioned below. I >> don't want to derail this email thread too much, but there is another >> patch working on signature-key fallback sequencing as well (which >> claims to be supported). > > No worries, any/all attention on the verified-boot implementation is great!
I agree, its a pretty handy feature. >> >>> I am using configuration verification for several OpenCompute/OpenBMC >>> boards. After a deep-dive review I found some edge cases that in rare >>> circumstances could lead to a signature check bypass. >> >> Slightly related: if you use two fit images to boot it seems that the >> second will never be verified. Once the first is deemed OK it just >> lets the boot happen. > > Good find, this sounds like a limitation of the signature checking. > But this can be dangerous if you expected the secondary FIT to be > checked. I hope no one is using this scenario for production boards. > > Curious if your planned patch is also addressing this limitation? The patch I have out right now only focuses on the fallback mechanism mentioned earlier, I wasn't able to go into the details on this one as it may have fallen out of our scope. I will likely drop an RFC at some point to try to get the conversation moving, however. Thanks, Sam _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
