Dear NXP Support,
We’d like to let you know about an issue we ran into while testing HAB4 with Mender on an imx8mp device.We were able to boot an unsigned kernel image on the signed/fused/closed u-boot 2022.04.
U-Boot boot cmd:
load mmc 2 ${loadaddr} EFI/BOOT/bootaa64.efi
load mmc 2 ${fdt_addr_r} device-tree-file.dtb
bootefi ${loadaddr} ${fdt_addr_r}
The bootloader hands over the control to the bootaa64.efi that loads and lets running an unsigned kernel Image.
Discovered: the u-boot does not issue the authenticate_image() function on bootefi.
I’d appreciate it if you could help in fixing that security issue.
Regards,
Valentin.
已解决! 转到解答。