Hi all, question, is anyone using the U-Boot verified-boot in production? I am using configuration verification for several OpenCompute/OpenBMC boards. After a deep-dive review I found some edge cases that in rare circumstances could lead to a signature check bypass. I think this is low-risk at best since the scenario requires special hardware behavior to exist. Our board were susceptible in the general sense, but we had implemented some additional sanity checks on the FIT structures that prevented this.
There are some proposed changes that attempt to mitigate this [1], [2], [3]. Any one of these changes mitigates the bypass scenario. If you don't mind reaching out to me I can share the exact situation/details. [1] https://lists.denx.de/pipermail/u-boot/2018-June/330454.html [2] https://lists.denx.de/pipermail/u-boot/2018-June/330487.html [3] https://lists.denx.de/pipermail/u-boot/2018-June/330599.html Thanks, -Teddy _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
