[PATCH v3] spl: allow board_spl_fit_post_load() to fail
Tom Rini
trini at konsulko.com
Fri Jun 5 21:54:14 CEST 2020
On Mon, Jun 01, 2020 at 12:08:45PM +0200, Marek Vasut wrote:
> On 6/1/20 4:30 AM, Peng Fan wrote:
> >> Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail
> >>
> >> On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image
> >> for authenticity using its HAB engine. U-Boot's SPL mechanism allows
> >> booting images from other sources as well, but in the current setup the SPL
> >> would just hang if it encounters an image that does not pass scrutiny.
> >
> > security.
> >
> >> Allowing the function to return an error, allows the SPL to try booting from
> >> another source as a fallback instead of ending up as a brick.
> >
> > This will break secure boot chain.
>
> How? Please elaborate.
>
> jump_to_image_no_args() will authenticate the image before starting it,
> so I don't think so. However, that is still prone to
> time-of-check/time-of-use attack anyway.
Yes, please elaborate, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200605/d007f6de/attachment.sig>
More information about the U-Boot
mailing list