From mboxrd@z Thu Jan 1 00:00:00 1970 From: sbabic at denx.de Date: Wed, 30 Jan 2019 09:05:21 +0000 (UTC) Subject: [U-Boot] imx: hab: Convert non-NULL IVT DCD pointer warning to an error In-Reply-To: <20181207223705.12287-1-breno.lima@nxp.com> Breno Matheus Lima Message-ID: <20190130090710.72398C21DF8@lists.denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de > The following NXP application notes and manual recommend to ensure the > IVT DCD pointer is Null prior to calling HAB API authenticate_image() > function: > - AN12263: HABv4 RVT Guidelines and Recommendations > - AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using > HABv4 > - CST docs: High Assurance Boot Version 4 Application Programming > Interface Reference Manual > Commit ca89df7dd46f ("imx: hab: Convert DCD non-NULL error to warning") > converted DCD non-NULL error to warning due to the lack of documentation > at the time of first patch submission. We have warned U-Boot users since > v2018.03, and it makes sense now to follow the NXP recommendation to > ensure the IVT DCD pointer is Null. > DCD commands should only be present in the initial boot image loaded by > the SoC ROM. Starting in HAB v4.3.7 the HAB code will generate an error > if a DCD pointer is present in an image being authenticated by calling the > HAB RVT API. Older versions of HAB will process and run DCD if it is > present, and this could lead to an incorrect authentication boot flow. > Signed-off-by: Breno Lima > Reviewed-by: Fabio Estevam Applied to u-boot-imx, master, thanks ! Best regards, Stefano Babic -- ===================================================================== DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de =====================================================================