[PATCH v3] spl: allow board_spl_fit_post_load() to fail
Patrick Wildt
patrick at blueri.se
Wed Jul 22 23:20:38 CEST 2020
On Fri, Jun 05, 2020 at 03:54:14PM -0400, Tom Rini wrote:
> On Mon, Jun 01, 2020 at 12:08:45PM +0200, Marek Vasut wrote:
> > On 6/1/20 4:30 AM, Peng Fan wrote:
> > >> Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail
> > >>
> > >> On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image
> > >> for authenticity using its HAB engine. U-Boot's SPL mechanism allows
> > >> booting images from other sources as well, but in the current setup the SPL
> > >> would just hang if it encounters an image that does not pass scrutiny.
> > >
> > > security.
> > >
> > >> Allowing the function to return an error, allows the SPL to try booting from
> > >> another source as a fallback instead of ending up as a brick.
> > >
> > > This will break secure boot chain.
> >
> > How? Please elaborate.
> >
> > jump_to_image_no_args() will authenticate the image before starting it,
> > so I don't think so. However, that is still prone to
> > time-of-check/time-of-use attack anyway.
>
> Yes, please elaborate, thanks!
Ping? How will this break the secure boot chain?
More information about the U-Boot
mailing list