On 25-03-11, Sascha Hauer wrote: > On Mon, Mar 10, 2025 at 06:40:58PM +0100, Marco Felsch wrote: > > Hi Sascha, > > > > On 25-02-28, Sascha Hauer wrote: > > > On K3 SoCs only a small barebox is loaded by the ROM into SRAM. This > > > barebox then loads the full barebox from SD/eMMC or USB DFU. In a secure > > > boot environment the full barebox must be authenticated. This series > > > implements two ways for accomplishing this. > > > > > > First way is to utilize the ROM API to authenticate images. The other > > > way is to compile a secure hash into the first stage binary and check > > > if the full barebox image matches the hash. Using the ROM API means > > > different first stage and second stage images can be combined whereas > > > hashing binds specific builds together avoiding mix and match attacks. > > > > before having a closer look on your patchset, do we really want to have > > the 2nd case to be available? > > Yes, as explained to avoid mix-and-match attacks. Argh.. sorry, I meant the first case, the ROM API one. If the ROM API allows mix-and-match attacks, we need to mark it as INSECURE. Sorry for the confusion. Regards, Marco > > If we really want the 2nd case to be > > available we should bound it to CONFIG_INSECURE (if not already done). > > Ok, will do. > > Sascha > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | >
