On Fri, Jun 05, 2020 at 03:54:14PM -0400, Tom Rini wrote: > On Mon, Jun 01, 2020 at 12:08:45PM +0200, Marek Vasut wrote: > > On 6/1/20 4:30 AM, Peng Fan wrote: > > >> Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail > > >> > > >> On i.MX platforms board_spl_fit_post_load() can check the loaded SPL > > >> image > > >> for authenticity using its HAB engine. U-Boot's SPL mechanism allows > > >> booting images from other sources as well, but in the current setup the > > >> SPL > > >> would just hang if it encounters an image that does not pass scrutiny. > > > > > > security. > > > > > >> Allowing the function to return an error, allows the SPL to try booting > > >> from > > >> another source as a fallback instead of ending up as a brick. > > > > > > This will break secure boot chain. > > > > How? Please elaborate. > > > > jump_to_image_no_args() will authenticate the image before starting it, > > so I don't think so. However, that is still prone to > > time-of-check/time-of-use attack anyway. > > Yes, please elaborate, thanks!
Ping? How will this break the secure boot chain?
