[U-Boot] [PATCH] imx: hab: Convert non-NULL IVT DCD pointer warning to an error

Fabio Estevam festevam at gmail.com
Wed Jan 16 12:00:59 UTC 2019


On Fri, Dec 7, 2018 at 8:32 PM Breno Matheus Lima <breno.lima at nxp.com> wrote:
>
> The following NXP application notes and manual recommend to ensure the
> IVT DCD pointer is Null prior to calling HAB API authenticate_image()
> function:
>
> - AN12263: HABv4 RVT Guidelines and Recommendations
> - AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using
>   HABv4
> - CST docs: High Assurance Boot Version 4 Application Programming
>   Interface Reference Manual
>
> Commit ca89df7dd46f ("imx: hab: Convert DCD non-NULL error to warning")
> converted DCD non-NULL error to warning due to the lack of documentation
> at the time of first patch submission. We have warned U-Boot users since
> v2018.03, and it makes sense now to follow the NXP recommendation to
> ensure the IVT DCD pointer is Null.
>
> DCD commands should only be present in the initial boot image loaded by
> the SoC ROM. Starting in HAB v4.3.7 the HAB code  will generate an error
> if a DCD pointer is present in an image being authenticated by calling the
> HAB RVT API. Older versions of HAB will process and run DCD if it is
> present, and this could lead to an incorrect authentication boot flow.
>
> Signed-off-by: Breno Lima <breno.lima at nxp.com>

Reviewed-by: Fabio Estevam <festevam at gmail.com>


More information about the U-Boot mailing list