On Fri, Dec 7, 2018 at 8:32 PM Breno Matheus Lima <[email protected]> wrote: > > The following NXP application notes and manual recommend to ensure the > IVT DCD pointer is Null prior to calling HAB API authenticate_image() > function: > > - AN12263: HABv4 RVT Guidelines and Recommendations > - AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using > HABv4 > - CST docs: High Assurance Boot Version 4 Application Programming > Interface Reference Manual > > Commit ca89df7dd46f ("imx: hab: Convert DCD non-NULL error to warning") > converted DCD non-NULL error to warning due to the lack of documentation > at the time of first patch submission. We have warned U-Boot users since > v2018.03, and it makes sense now to follow the NXP recommendation to > ensure the IVT DCD pointer is Null. > > DCD commands should only be present in the initial boot image loaded by > the SoC ROM. Starting in HAB v4.3.7 the HAB code will generate an error > if a DCD pointer is present in an image being authenticated by calling the > HAB RVT API. Older versions of HAB will process and run DCD if it is > present, and this could lead to an incorrect authentication boot flow. > > Signed-off-by: Breno Lima <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]> _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
