Hello,
I'd like to ask whether i.MX6DL parts with updated ROM that fixes mentioned vulnerability [1] are already available? I came across some links [2], [3] but it is still not clear to me.
Second question is how can I be sure that bought part has this ROM update included? I'd like to know which ROM version fixes this issue. I would also need a reliable way of checking ROM version of my hardware - is there such possibility?
Thanks
[1] Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors
[2] i.MX & Vybrid Security Vulnerability Errata - ERR010872, ERR010873
Hello, can I please get information about the same vulnerability in i.MX 6ULL? There seem to be no official information if it was fixed in this model of the SoC.
The Chip Errata (IMX6ULLCE)[1] document states that 6ULL revisions 1.2, 1.3 and 2 of the SoC were release after ERR010872 and ERR01073 were disclosed, but it does not mention if any of these revisions fix that vulnerabilities. The same errata states that the new revisions are not printed on the SoC enclosure (only rev 1.0 and 1.1 are marked with letters A and B). Therefore I find it impossible to determine the exact 6ULL version I use.
Toradex[1], who seems to be manufacturer of NXP-based devices, states that this vulnerability is fixed since HAB version 4.2.5. I found similar information in comments of a blog post describing said vulnerabilities[3]. However, u-boot `hab_version` command reports only `4.2`, without the minor number, which is the value stored in HAB vector table under 0x100. Therefore I'm unable to state if my HAB version is 4.2.5 or higher/lower.
Kindly please provide official information how to determine which i.MX 6ULL devices are patched for ERR010872 and ERR01073 HAB vulnerabilities.
--
@wzmuda
Hello,
please create request to get more details about the issue.
https://www.nxp.com/support/support:SUPPORTHOME?tid=sbmenu
Regards,
Yuri.
Hello,
Sorry, but the information you are requesting is treated as confidential info at this time;
we cannot discuss this with you in public anyway, this requires to be handled as a Service
Request (SR) / ticket.
Have a great day,
Yuri
-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------
Is this information still considered confidential? I opened a service request asking for similar information and was redirected to the community.
Hello,
use the recent i.MX6 device silicon revisions: for i.MX 6S/DL - Rev 1.4 (Maskset ID: 4N81E).
Regards,
Yuri.