HAB4

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
703 次查看
vraevsky
Contributor II

Dear NXP Support,

We’d like to let you know about an issue we ran into while testing HAB4 with Mender on an imx8mp device.We were able to boot an unsigned kernel image on the signed/fused/closed u-boot 2022.04.

U-Boot boot cmd:

load mmc 2 ${loadaddr} EFI/BOOT/bootaa64.efi
load mmc 2 ${fdt_addr_r} device-tree-file.dtb
bootefi ${loadaddr} ${fdt_addr_r}

The bootloader hands over the control to the bootaa64.efi that loads and lets running an unsigned kernel Image.

Discovered: the u-boot does not issue the authenticate_image() function on bootefi.
I’d appreciate it if you could help in fixing that security issue.

Regards,
Valentin.

0 项奖励
回复
1 解答
595 次查看
vraevsky
Contributor II
0 项奖励
回复
2 回复数
672 次查看
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @vraevsky ,

I hope you're doing well! 

I sent you an email regarding your case.

Thank you.

Best regards,
Hector.

0 项奖励
回复
596 次查看
vraevsky
Contributor II
0 项奖励
回复