[PATCH] imx: hab: Make imx_hab_is_enabled dependent on FIELD_RETURN
Paul Geurts
paul.geurts at prodrive-technologies.com
Mon Jun 24 10:20:20 CEST 2024
>> The decision on whether HAB is enabled is solely based on the SEC_CONFIG
>> fuse. The HAB FIELD_RETURN feature is able to permanently disable HAB on
>> a CPU, after which it is able to boot unsigned firmware. U-Boot however
>> does not take into account the FIELD_RETURN mode, and refuses to boot
>> unsigned software when the feature is enabled.
>>
>> Also take the FIELD_RETURN fuse into account when deciding whether HAB
>> is enabled. When The FIELD_RETURN fuse is blown, HAB is not enabled.
>>
>> Tested on i.MX8M Mini, i.MX8M Plus, i.MX8M Nano and i.MX6ULL
>
>The purpose of the field return fuse is to unlock a system when it is
>returned to factory, right ?
That is the intention of the field return mode indeed.
>
>Can the system be re-locked afterward too ?
No, the field return is enabled by a fuse, which cannot be reverted. The
mode is intended to be able to perform investigations on broken devices,
but these devices are not intended to go back into the field.
More information about the U-Boot
mailing list