Re: [PATCH 00/13] am625: support secure loading of full barebox

[Sascha Hauer <s.hauer@pengutronix.de>]

On Tue, Mar 11, 2025 at 09:48:33AM +0100, Marco Felsch wrote:
> On 25-03-11, Sascha Hauer wrote:
> > On Mon, Mar 10, 2025 at 06:40:58PM +0100, Marco Felsch wrote:
> > > Hi Sascha,
> > > 
> > > On 25-02-28, Sascha Hauer wrote:
> > > > On K3 SoCs only a small barebox is loaded by the ROM into SRAM. This
> > > > barebox then loads the full barebox from SD/eMMC or USB DFU. In a secure
> > > > boot environment the full barebox must be authenticated. This series
> > > > implements two ways for accomplishing this.
> > > > 
> > > > First way is to utilize the ROM API to authenticate images. The other
> > > > way is to compile a secure hash into the first stage binary and check
> > > > if the full barebox image matches the hash. Using the ROM API means
> > > > different first stage and second stage images can be combined whereas
> > > > hashing binds specific builds together avoiding mix and match attacks.
> > > 
> > > before having a closer look on your patchset, do we really want to have
> > > the 2nd case to be available?
> > 
> > Yes, as explained to avoid mix-and-match attacks.
> 
> Argh.. sorry, I meant the first case, the ROM API one. If the ROM API
> allows mix-and-match attacks, we need to mark it as INSECURE. Sorry for
> the confusion.

I wouldn't call using the ROM API insecure. In the end with the ROM API
the images are still signed and different people likely come to
different conclusions whether they want to sign or rather hash the
images.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |