Hi Patrick,
On 22.07.20 23:20, Patrick Wildt wrote:
On Fri, Jun 05, 2020 at 03:54:14PM -0400, Tom Rini wrote:
On Mon, Jun 01, 2020 at 12:08:45PM +0200, Marek Vasut wrote:
On 6/1/20 4:30 AM, Peng Fan wrote:
Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail
On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image
for authenticity using its HAB engine. U-Boot's SPL mechanism allows
booting images from other sources as well, but in the current setup the SPL
would just hang if it encounters an image that does not pass scrutiny.
security.
Allowing the function to return an error, allows the SPL to try booting from
another source as a fallback instead of ending up as a brick.
This will break secure boot chain.
How? Please elaborate.
jump_to_image_no_args() will authenticate the image before starting it,
so I don't think so. However, that is still prone to
time-of-check/time-of-use attack anyway.
Yes, please elaborate, thanks!
Ping? How will this break the secure boot chain?
To be honest: I had merged this one (after the discussion with Marek and
his patch calling panic()), but I worried if there is a hidden reason to
break secure boot. I do not know the reason, I am curious, too, which is
the reason because I will see this patch in (this helps to provide a
safe update of bootloader).
Best regards,
Stefano
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: [email protected]
=====================================================================
