The HABv3 images for engineering mode do not work on a production device and the images for production mode do not work on an engineering device. When in engineering mode the ROM checks the images, but does not stop booting when the signatures are wrong. This means a production image can still be booted on an engineering device. This device can be temporarily put into production mode by writing to the HAB_TYPE shadow fuse register. After a reset the device will come up in production mode and the image can be tested for validity. This means that if we have to decide between production mode images and engineering images, the production images are a better decision. Change this accordingly. Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> --- arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h index 4b81d49..f4804fe 100644 --- a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h +++ b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h @@ -11,7 +11,7 @@ super_root_key CONFIG_HABV3_SRK_PEM hab [Header] hab Version = 3.0 -hab Security Configuration = Engineering +hab Security Configuration = Production hab Hash Algorithm = SHA256 hab Engine = RTIC hab Certificate Format = WTLS -- 2.8.0.rc3 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
