On 6/1/20 4:30 AM, Peng Fan wrote: >> Subject: [PATCH v3] spl: allow board_spl_fit_post_load() to fail >> >> On i.MX platforms board_spl_fit_post_load() can check the loaded SPL image >> for authenticity using its HAB engine. U-Boot's SPL mechanism allows >> booting images from other sources as well, but in the current setup the SPL >> would just hang if it encounters an image that does not pass scrutiny. > > security. > >> Allowing the function to return an error, allows the SPL to try booting from >> another source as a fallback instead of ending up as a brick. > > This will break secure boot chain.
How? Please elaborate. jump_to_image_no_args() will authenticate the image before starting it, so I don't think so. However, that is still prone to time-of-check/time-of-use attack anyway.
