[PATCH v3] spl: allow board_spl_fit_post_load() to fail
Stefano Babic
sbabic at denx.de
Thu Jul 23 08:45:11 CEST 2020
Hi Patrick,
On 22.07.20 23:20, Patrick Wildt wrote:
> On Fri, Jun 05, 2020 at 03:54:14PM -0400, Tom Rini wrote:
>> On Mon, Jun 01, 2020 at 12:08:45PM +0200, Marek Vasut wrote:
>>> On 6/1/20 4:30 AM, Peng Fan wrote:
>>>>> Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail
>>>>>
>>>>> On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image
>>>>> for authenticity using its HAB engine. U-Boot's SPL mechanism allows
>>>>> booting images from other sources as well, but in the current setup the SPL
>>>>> would just hang if it encounters an image that does not pass scrutiny.
>>>>
>>>> security.
>>>>
>>>>> Allowing the function to return an error, allows the SPL to try booting from
>>>>> another source as a fallback instead of ending up as a brick.
>>>>
>>>> This will break secure boot chain.
>>>
>>> How? Please elaborate.
>>>
>>> jump_to_image_no_args() will authenticate the image before starting it,
>>> so I don't think so. However, that is still prone to
>>> time-of-check/time-of-use attack anyway.
>>
>> Yes, please elaborate, thanks!
>
> Ping? How will this break the secure boot chain?
To be honest: I had merged this one (after the discussion with Marek and
his patch calling panic()), but I worried if there is a hidden reason to
break secure boot. I do not know the reason, I am curious, too, which is
the reason because I will see this patch in (this helps to provide a
safe update of bootloader).
Best regards,
Stefano
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
More information about the U-Boot
mailing list