[PATCH 3/3] ARM: i.MX: HABv3: Set to production mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The HABv3 images for engineering mode do not work on a production device
and the images for production mode do not work on an engineering device.

When in engineering mode the ROM checks the images, but does not stop
booting when the signatures are wrong. This means a production image
can still be booted on an engineering device. This device can be
temporarily put into production mode by writing to the HAB_TYPE shadow
fuse register. After a reset the device will come up in production mode
and the image can be tested for validity. This means that if we have to
decide between production mode images and engineering images, the
production images are a better decision. Change this accordingly.

Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
 arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
index 4b81d49..f4804fe 100644
--- a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
+++ b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
@@ -11,7 +11,7 @@ super_root_key CONFIG_HABV3_SRK_PEM
 
 hab [Header]
 hab Version = 3.0
-hab Security Configuration = Engineering
+hab Security Configuration = Production
 hab Hash Algorithm = SHA256
 hab Engine = RTIC
 hab Certificate Format = WTLS
-- 
2.8.0.rc3


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux