Hi Bill,
On 05/11/2014 17:06, Bill Pringlemeir wrote:
This seems true that the SPL is another way to implement the 'plug-in' features as they relate to DCD.
Right.
I think a portion not taken care of by SPL is 2nd and subsequent image verification.
Not for subsequent images, if the second image is U-Boot. U-Boot supports secure boot via FIT images. Kernel and, generally, other images can be authenticated. This is done without HAB.
If we are talking about SPL, that is true. SPL does not *yet* support to authenticate the u-boot image.
The HAB ROM loader will use the 'plug-in' to initialize and load to alternate media. However, when control returns, I think that the 2nd image is authenticated. In order to do the same in the SPL, you need to restrict the IRAM locations used and make calls to the ROM code or implement some other 2nd image authentication.
commit 36c1ca4d46ef11ac7b3c0afb5c42dadb4e8773f3 is supposed to do what you are looking for. The authenticate_image() function is called to verify an image via HAB.
For non-secure boots, the SPL seems equivalent. With secondary image verification in the SPL, then I think it would be equivalent to the 'plug-in'. The SPL would be supported in all HAB versions. I don't know if the 'plug-in' is supported with earlier iMx series like the iMx2/3x series using HABv3.
It is not, as far as I know, and even not in MX51.
So an SPL with image verification seems superior, even for the iMx series by itself.
Yes, fully agree.
Best regards, Stefano Babic