HAB4

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
705件の閲覧回数
vraevsky
Contributor II

Dear NXP Support,

We’d like to let you know about an issue we ran into while testing HAB4 with Mender on an imx8mp device.We were able to boot an unsigned kernel image on the signed/fused/closed u-boot 2022.04.

U-Boot boot cmd:

load mmc 2 ${loadaddr} EFI/BOOT/bootaa64.efi
load mmc 2 ${fdt_addr_r} device-tree-file.dtb
bootefi ${loadaddr} ${fdt_addr_r}

The bootloader hands over the control to the bootaa64.efi that loads and lets running an unsigned kernel Image.

Discovered: the u-boot does not issue the authenticate_image() function on bootefi.
I’d appreciate it if you could help in fixing that security issue.

Regards,
Valentin.

0 件の賞賛
返信
1 解決策
597件の閲覧回数
vraevsky
Contributor II
0 件の賞賛
返信
2 返答(返信)
674件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @vraevsky ,

I hope you're doing well! 

I sent you an email regarding your case.

Thank you.

Best regards,
Hector.

0 件の賞賛
返信
598件の閲覧回数
vraevsky
Contributor II
0 件の賞賛
返信