[U-Boot] HAB and fuse reading

Vincent vincent.siles+uboot at gmail.com
Mon Jan 30 13:53:28 CET 2017


Hi !
I'm wondering why the is_hab_enabled function (see
arch/arm/imx-common/hab.c) is reading the fuses rather than the OCOTP
shadow registers ?
During my attempts at secure boot I realized two things:
- by default, if secure boot is not enabled, the HAB rom will block any
authenticate code
- if the secure boot fuse is not burnt, but the shadow register is written
by software before calling the HAB entry point, authenticate works fine.

Since the ROM seems to read the shadow register rather than the fuse, why
is u-boot doing differently ?

Best regards,
Vincent


More information about the U-Boot mailing list