spl: allow board_spl_fit_post_load() to fail

Heinrich Schuchardt xypron.glpk at gmx.de
Sat May 9 18:38:33 CEST 2020


On 5/9/20 6:13 PM, Patrick Wildt wrote:
> On i.MX platforms board_spl_fit_post_load() can check the loaded
> SPL image for authenticity using its HAB engine.  U-Boot's SPL
> mechanism allows booting images from other sources as well, but
> in the current setup the SPL would just hang if it encounters an
> image that does not pass scrutiny.  Allowing the function to return
> an error, allows the SPL to try booting from another source as a
> fallback instead of ending up as a brick.
>
> Signed-off-by: Patrick Wildt <patrick at blueri.se>

Could an intruder abuse this by destroying a signed image and providing
an unsigned image on a source under his control?

Best regards

Heinrich


More information about the U-Boot mailing list