HAB4

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
662 Views
vraevsky
Contributor II

Dear NXP Support,

We’d like to let you know about an issue we ran into while testing HAB4 with Mender on an imx8mp device.We were able to boot an unsigned kernel image on the signed/fused/closed u-boot 2022.04.

U-Boot boot cmd:

load mmc 2 ${loadaddr} EFI/BOOT/bootaa64.efi
load mmc 2 ${fdt_addr_r} device-tree-file.dtb
bootefi ${loadaddr} ${fdt_addr_r}

The bootloader hands over the control to the bootaa64.efi that loads and lets running an unsigned kernel Image.

Discovered: the u-boot does not issue the authenticate_image() function on bootefi.
I’d appreciate it if you could help in fixing that security issue.

Regards,
Valentin.

0 Kudos
Reply
1 Solution
554 Views
vraevsky
Contributor II
0 Kudos
Reply
2 Replies
631 Views
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @vraevsky ,

I hope you're doing well! 

I sent you an email regarding your case.

Thank you.

Best regards,
Hector.

0 Kudos
Reply
555 Views
vraevsky
Contributor II
0 Kudos
Reply