[U-Boot] [PATCH 3/3] imx: hab: Convert DCD non-NULL error to warning

Fabio Estevam festevam at gmail.com
Mon Mar 12 20:53:05 UTC 2018


On Fri, Mar 9, 2018 at 10:07 AM, Bryan O'Donoghue
<bryan.odonoghue at linaro.org> wrote:
> commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior
> to calling HAB authenticate function.") makes the DCD field being NULL a
> dependency.
>
> This change though will break loading and executing of existing pre-signed
> binaries on a u-boot update i.e. if this change is deployed on a board you
> will be forced to redo all images on that board to NULL out the DCD.
>
> There is no prior guidance from NXP that the DCD must be NULL similarly
> public guidance on usage of the HAB doesn't call out this NULL dependency
> (see boundary devices link).
>
> Since later SoCs will reject a non-NULL DCD there's no reason to make a
> NULL DCD a requirement, however if there is an actual dependency for later
> SoCs the appropriate fix would be to do SoC version checking.
>
> Earlier SoCs are capable (and happy) to authenticate images with non-NULL
> DCDs, we should not be forcing this change on downstream users -
> particularly if it means those users now must rewrite their build systems
> and/or redeploy signed images in the field.
>
> Fixes: 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior
> to calling HAB authenticate function.")
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
> Cc: Utkarsh Gupta <utkarsh.gupta at nxp.com>
> Cc: Breno Lima <breno.lima at nxp.com>
> Cc: Fabio Estevam <fabio.estevam at nxp.com>
> Link: https://boundarydevices.com/high-assurance-boot-hab-dummies

In order to avoid regression, better apply this one for v2018.03:

Reviewed-by: Fabio Estevam <fabio.estevam at nxp.com>


More information about the U-Boot mailing list