[PATCH] imx: hab: Make imx_hab_is_enabled dependent on FIELD_RETURN
Marek Vasut
marex at denx.de
Tue Jun 25 04:13:26 CEST 2024
On 6/24/24 10:20 AM, Paul Geurts wrote:
>>> The decision on whether HAB is enabled is solely based on the SEC_CONFIG
>>> fuse. The HAB FIELD_RETURN feature is able to permanently disable HAB on
>>> a CPU, after which it is able to boot unsigned firmware. U-Boot however
>>> does not take into account the FIELD_RETURN mode, and refuses to boot
>>> unsigned software when the feature is enabled.
>>>
>>> Also take the FIELD_RETURN fuse into account when deciding whether HAB
>>> is enabled. When The FIELD_RETURN fuse is blown, HAB is not enabled.
>>>
>>> Tested on i.MX8M Mini, i.MX8M Plus, i.MX8M Nano and i.MX6ULL
>>
>> The purpose of the field return fuse is to unlock a system when it is
>> returned to factory, right ?
>
> That is the intention of the field return mode indeed.
>
>>
>> Can the system be re-locked afterward too ?
>
> No, the field return is enabled by a fuse, which cannot be reverted. The
> mode is intended to be able to perform investigations on broken devices,
> but these devices are not intended to go back into the field.
Understood, thanks for clarifying.
More information about the U-Boot
mailing list