Re: [PATCH 00/13] am625: support secure loading of full barebox

[Marco Felsch <m.felsch@pengutronix.de>]

On 25-03-11, Sascha Hauer wrote:
> On Mon, Mar 10, 2025 at 06:40:58PM +0100, Marco Felsch wrote:
> > Hi Sascha,
> > 
> > On 25-02-28, Sascha Hauer wrote:
> > > On K3 SoCs only a small barebox is loaded by the ROM into SRAM. This
> > > barebox then loads the full barebox from SD/eMMC or USB DFU. In a secure
> > > boot environment the full barebox must be authenticated. This series
> > > implements two ways for accomplishing this.
> > > 
> > > First way is to utilize the ROM API to authenticate images. The other
> > > way is to compile a secure hash into the first stage binary and check
> > > if the full barebox image matches the hash. Using the ROM API means
> > > different first stage and second stage images can be combined whereas
> > > hashing binds specific builds together avoiding mix and match attacks.
> > 
> > before having a closer look on your patchset, do we really want to have
> > the 2nd case to be available?
> 
> Yes, as explained to avoid mix-and-match attacks.

Argh.. sorry, I meant the first case, the ROM API one. If the ROM API
allows mix-and-match attacks, we need to mark it as INSECURE. Sorry for
the confusion.

Regards,
  Marco

> > If we really want the 2nd case to be
> > available we should bound it to CONFIG_INSECURE (if not already done).
> 
> Ok, will do.
> 
> Sascha
> 
> -- 
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
>