On Thu, May 25, 2023 at 11:21:44AM +0530, Manorit Chawdhry wrote:
Hi Tom,
On 11:30-20230516, Tom Rini wrote:
On Tue, May 16, 2023 at 12:11:24PM +0530, Manorit Chawdhry wrote:
Hi All,
I recently came upon a discussion that had happened a while back [0]. I want to continue the discussion as I believe the issue still persists and the checks around fit signature booting are still the same, that allows booting the fit without changing the uboot dtb.
Allowing the signed fit image without this seems to be a bypass that is available and should not be allowed without any gate to it for people who'd like to enforce these signing checks. Let me know if there is a config already available for it and if not, are there any plans to enable such a config in future. Would like to hear your opinions on this as I believe this should be fixed as soon as possible.
Yes, can you please reproduce the issue in question on the current tree, with a supported platform and provide the defconfig and steps you used for this issue? Thanks.
--
I've created a branch with some custom patches to make the fitimage booting currently, please try with the branch and the fitimage that are also committed [0].
The devices that I've tested this with is j721e-hs-evm, the defconfig to use for the builds are j721e_evm_r5_defconfig and j721e_evm_a72_defconfig. Although not synced up with the latest changes but for reference the SDK documentation can help if required [1].
Attached the logs for reference with the signed fitimage and an unsigned uboot without any modifications[2].
I don't see the problem there, but please go and investigate what problem you're seeing. The intention is that yes, with the appropriate CONFIG settings, you can set U-Boot to only boot signed FIT configurations and unsigned ones should not boot.