From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>,
Sascha Hauer <s.hauer@pengutronix.de>
Subject: Re: [PATCH 1/2] ARM: i.MX6: Enable PBL_VERIFY_PIGGY with HABV4 support
Date: Fri, 28 Feb 2025 13:14:27 +0100 [thread overview]
Message-ID: <174074486730.2603876.9589199751001079496.b4-ty@pengutronix.de> (raw)
In-Reply-To: <20250218140407.1224499-1-s.hauer@pengutronix.de>
On Tue, 18 Feb 2025 15:04:06 +0100, Sascha Hauer wrote:
> Some i.MX6 configurations use the xload mechanism. With this the ROM
> only loads and verifies the PBL. The PBL will then load barebox proper.
> Without verification the barebox proper binary is untrusted and could be
> modified. Select PBL_VERIFY_PIGGY when HABV4 is enabled to ensure the
> barebox proper binary has not been tempered with.
>
> boards not using the xload mechanism don't need this option, but there
> is no good way to detect currently if the xload mechanism is used, so
> these boards will have to live with a slightly increased binary size
> for now.
>
> [...]
Applied, thanks!
[1/2] ARM: i.MX6: Enable PBL_VERIFY_PIGGY with HABV4 support
https://git.pengutronix.de/cgit/barebox/commit/?id=c2cf17685bf6 (link may not be stable)
[2/2] ARM: i.MX9: Enable PBL_VERIFY_PIGGY with non INSECURE
https://git.pengutronix.de/cgit/barebox/commit/?id=cab919df26f5 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
prev parent reply other threads:[~2025-02-28 12:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 14:04 Sascha Hauer
2025-02-18 14:04 ` [PATCH 2/2] ARM: i.MX9: Enable PBL_VERIFY_PIGGY with non INSECURE Sascha Hauer
2025-02-19 10:43 ` [PATCH 1/2] ARM: i.MX6: Enable PBL_VERIFY_PIGGY with HABV4 support Marco Felsch
2025-02-19 12:13 ` Sascha Hauer
2025-02-28 12:14 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=174074486730.2603876.9589199751001079496.b4-ty@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox