Hi Patrick,
On 22.07.20 23:20, Patrick Wildt wrote:
On Fri, Jun 05, 2020 at 03:54:14PM -0400, Tom Rini wrote:
On Mon, Jun 01, 2020 at 12:08:45PM +0200, Marek Vasut wrote:
On 6/1/20 4:30 AM, Peng Fan wrote:
Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail
On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image for authenticity using its HAB engine. U-Boot's SPL mechanism allows booting images from other sources as well, but in the current setup the SPL would just hang if it encounters an image that does not pass scrutiny.
security.
Allowing the function to return an error, allows the SPL to try booting from another source as a fallback instead of ending up as a brick.
This will break secure boot chain.
How? Please elaborate.
jump_to_image_no_args() will authenticate the image before starting it, so I don't think so. However, that is still prone to time-of-check/time-of-use attack anyway.
Yes, please elaborate, thanks!
Ping? How will this break the secure boot chain?
To be honest: I had merged this one (after the discussion with Marek and his patch calling panic()), but I worried if there is a hidden reason to break secure boot. I do not know the reason, I am curious, too, which is the reason because I will see this patch in (this helps to provide a safe update of bootloader).
Best regards, Stefano