On 21.11.2018 16:48, Simon Goldschmidt wrote:
On 21.11.2018 16:41, Wolfgang Denk wrote:
Dear Simon,
In message CAAh8qsyopV-HftdCWMbMu+fdcpqWWQtBnZDDyqFyv6iC1eoCDA@mail.gmail.com you wrote:
Only if you use signed images. With plain U-Boot, there is not even a checksum for it...
When SPL loads U-Boot from a legacy image, isn't there a CRC involved over the full image including the environment?
Yes, but when - for example - the compiled in default environment gets corrupted while loading from the storage device or while writing it to RAM, there will be zero check when reading it.
Hmm, on my board, SPL loads U-Boot from NOR to SDRAM, then checks the uimage CRC. I'd say this is enough checks. That might not hold for all boards though.
Oops, I'll have to take that back. I just checked and SPL *does* boot the uImage U-Boot also if I deliberately corrupt the CRC of the image. So you're right, it seems to be not protected at all!
Is that expected behaviour or a bug?
Simon