[PATCH] ARM: imx: hab: panic on authentication failure

Marek Vasut marex at denx.de
Sat May 30 22:29:19 CEST 2020


On 5/30/20 10:14 PM, Patrick Wildt wrote:
> On Sat, May 30, 2020 at 03:31:29PM -0300, Fabio Estevam wrote:
>> Hi Marek,
>>
>> [Adding Breno]
>>
>> On Sat, May 30, 2020 at 3:29 PM Marek Vasut <marex at denx.de> wrote:
>>>
>>> Instead of hang()ing the system and thus disallowing any automated
>>> recovery possibility from a HAB authentication failure, panic() .
>>> The panic() function can be configured to hang() the system after
>>> printing an error message, however the default is to reset the
>>> system instead.
>>>
>>> This allows redundant boot to work correctly. In case the primary
>>> or secondary image cannot be authenticated, the system reboots and
>>> bootrom can try to start the other one.
>>>
>>> Signed-off-by: Marek Vasut <marex at denx.de>
>>> Cc: Fabio Estevam <festevam at gmail.com>
>>> Cc: NXP i.MX U-Boot Team <uboot-imx at nxp.com>
>>> Cc: Peng Fan <peng.fan at nxp.com>
>>> Cc: Stefano Babic <sbabic at denx.de>
>>
>> This is a better behavior indeed:
>>
>> Reviewed-by: Fabio Estevam <festevam at gmail.com>
> 
> What about this?  Have you ignored this patch for a reason? :/
> 
> https://marc.info/?l=u-boot&m=159069441005730&w=2

Yes, and the reason is I was not even aware of your patch, sorry. The CC
list in this mail should cover all the interested parties, so use it
when sending V2, or use patman.

The patch looks fine, one nit is that you should return errno.h return
value and another is that it changes the current behavior. Now that I
look at this imx code, board_spl_fit_post_load() should not even be in
arch/ , sigh, but that's for separate patch either way.

So I think if you want to support this sort of fallback, you should make
the board_spl_fit_post_load() be in board/ files, with default __weak
implementation calling some arch_hab_authenticate...() which implements
current content of board_spl_fit_post_load(), and let boards decide how
to handle the fallback if it needs to be altered.

Would that work ?


More information about the U-Boot mailing list