[PATCH v3] spl: allow board_spl_fit_post_load() to fail
Marek Vasut
marex at denx.de
Mon Jun 1 12:08:45 CEST 2020
On 6/1/20 4:30 AM, Peng Fan wrote:
>> Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail
>>
>> On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image
>> for authenticity using its HAB engine. U-Boot's SPL mechanism allows
>> booting images from other sources as well, but in the current setup the SPL
>> would just hang if it encounters an image that does not pass scrutiny.
>
> security.
>
>> Allowing the function to return an error, allows the SPL to try booting from
>> another source as a fallback instead of ending up as a brick.
>
> This will break secure boot chain.
How? Please elaborate.
jump_to_image_no_args() will authenticate the image before starting it,
so I don't think so. However, that is still prone to
time-of-check/time-of-use attack anyway.
More information about the U-Boot
mailing list