Dear Simon, In message <20181124124641.6605-1-simon.k.r.goldschm...@gmail.com> you wrote: > SPL currently does not check uImage CRCs when loading U-Boot. > > This patch adds checking the uImage CRC when SPL loads U-Boot. It does > this by reusing the existing config option SPL_CRC32_SUPPORT to allow > leaving out the CRC check on boards where the additional code size or > boot time is a problem (adding the CRC check currently adds ~1.4 kByte > to flash). > > The SPL_CRC32_SUPPORT config option now gets enabled by default if SPL > support for legacy images is enabled to check the CRC on all boards > that don't actively take countermeasures.
The new features is definitive useful, but I have a few comments. First, I am not sure if mandatorily binding this feature to SPL_CRC32_SUPPORT is a good idea? Might there not be reasons to have SPL_CRC32_SUPPORT enabled but still wanting to keep the boot time minimal, and to intentionally NOT check the CRC (similar to what setting "verify=no" would do)? [This is commonly used when trading boot speed for reliability/securi- ty...] Second, may I please ask you to change the code such that the CRC is checked "in-flight", i. e. while reading from the boot device and writing it to the RAM, instead of re-reading the image from RAM? Again, the reason is boot time. We will not reach a zero-copy boot, but at least we should avoid an additional reading of what we just wrote. Yes, this would catch memory corruptions in RAM, but the whole operation of U-Boot is based on the assumption that RAM is working reliable and error-free. [If you drop this assumption, you cannot guaranteee anything, i. e. you would have to fear that the memory content might even get corrupted when reading it for the CRC calculation - if you have such concerns, you should switch to hardware with ECC RAM.] Thanks! Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Anything free is worth what you pay for it. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
