On 6/6/19 9:54 AM, Peng Fan wrote:
[...]
>> We would not introduce cypto driver in SPL stage, that means HAB >> FIT and AHAB container needs to be dropped when SPL loading other
images.
>> ROM already provides API for bootloader to authenticate images, >> introducing complex crypto driver in SPL could enlarge code size >> and make things complicated. > > Ah I see, so it's all making the whole crypto simpler by > offloading the hard parts into the firmware, which just magically > handles everything , without having much extra code in the SPL ?
Yes. Use what ROM provides will make things easier for U-Boot.
Is it possible to perform a security audit on the ROM as easily as on U-Boot ? I mean, U-Boot is free software, the source is available, so security researchers can easily scrutinize it. Is the ROM ?
So, here's my two cents (and it may or may not seem contradictory with my opinions in the secure boot thread going on currently on the Linaro Boot Architecture list). Yes, it would and IMHO is better when we use free and open software to solve our problems (and an aside to the RISC-V folks as this is yet another area they can make the world a better place in). But I am a believe in dealing with the world as it stands at times too. The question isn't "can we get NXP to re-spin i.MX8 to use the FIT image format?" as that's obviously going to be "No.". The question is, "can we support this format in a clean manner?" and the answer is obviously "Yes.". So please lets keep that in mind with reviewing the code as at the end of the day it is more beneficial for this to be supported in mainline U-Boot than only
supported in the vendor tree.
Thanks. So I think you agree the current approach. Could I get any A-b or R-b tags from the list?
I would still like an answer to my question about the security auditing above.
Sorry. Missed your thread. I not work on ROM stuff, but I think answer is no to public.
I see.