[RFC PATCH 0/1] Anti rollback protection for FIT Images
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Tue Sep 8 08:15:43 CEST 2020
On 02/09/2020 09.58, Rasmus Villemoes wrote:
> On 01/09/2020 22.48, Thirupathaiah Annapureddy wrote:
>> Anti rollback protection is required when there is a need to retire
>> previous versions of FIT images due to security flaws in them.
>> Currently U-Boot Verified boot does not have rollback protection to
>> protect against known security flaws.
>
> This is definitely something we've had on our todo-list/wishlist. But we
> haven't had the time to sit down and work out the semantics and
> implementation, so thanks for doing this.
...
> The board callbacks would simply be given a pointer to the data part of
> that node; that would make the versioning scheme rather flexible instead
> of being limited to a single monotonically increasing u32 (hence also
> the comparison logic should be in the board callbacks, instead of a
> "get/set" interface).
Oh, and another reason for having the board callbacks being responsible
for the Yay/Nay verdict is that that makes it possible to hook up a gpio
that can be used to say "ignore rollback version check" - immensely
useful during development, and might also come in handy for the end
products.
Rasmus
More information about the U-Boot
mailing list