Hello,
I am implementing Secure Boot (ISBC/ESBC) chain of trust on my T1042 device. Reading over the documentation it states that the RCW/PBI commands are executed prior to the CSF/ISBC stages being executes. These RCW/PBI commands are loaded from flash (NAND/NOR/SPI) and executed via the PBL.
These commands must be stored raw on the flash device as they are executed prior to any signature verification. However, what is to stop these commands being used to subvert the boot process? Could a malicious party generate a set of RCW/PBI commands, inject them on to the flash of a device and then use this to disable secure boot, or otherwise corrupt the boot process to run an unauthorised binary?
Kind regards,
There is no way to disable Secure Boot if ITS fuse is blown and there are additional access restrictions in Secure Boot mode. See details in T1040RM, Sections 27.4.2.1 and 26.5.3.1
Have a great day,
Platon