[U-Boot] imx: hab: Convert non-NULL IVT DCD pointer warning to an error

sbabic at denx.de sbabic at denx.de
Wed Jan 30 09:05:21 UTC 2019


> The following NXP application notes and manual recommend to ensure the
> IVT DCD pointer is Null prior to calling HAB API authenticate_image()
> function:
> - AN12263: HABv4 RVT Guidelines and Recommendations
> - AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using
>   HABv4
> - CST docs: High Assurance Boot Version 4 Application Programming
>   Interface Reference Manual
> Commit ca89df7dd46f ("imx: hab: Convert DCD non-NULL error to warning")
> converted DCD non-NULL error to warning due to the lack of documentation
> at the time of first patch submission. We have warned U-Boot users since
> v2018.03, and it makes sense now to follow the NXP recommendation to
> ensure the IVT DCD pointer is Null.
> DCD commands should only be present in the initial boot image loaded by
> the SoC ROM. Starting in HAB v4.3.7 the HAB code  will generate an error
> if a DCD pointer is present in an image being authenticated by calling the
> HAB RVT API. Older versions of HAB will process and run DCD if it is
> present, and this could lead to an incorrect authentication boot flow.
> Signed-off-by: Breno Lima <breno.lima at nxp.com>
> Reviewed-by: Fabio Estevam <festevam at gmail.com>

Applied to u-boot-imx, master, thanks !

Best regards,
Stefano Babic

-- 
=====================================================================
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================



More information about the U-Boot mailing list