AnsweredAssumed Answered

HAB vulnerability - IMX7D

Question asked by Hendrik Beijeman on Nov 20, 2018
Latest reply on Nov 21, 2018 by Yuri Muhin

Dear NXP,

 

Regarding ERR010873 - Secure boot vulnerability when authenticating a certificate.

Does the IMX7 contain a new boot ROM which fixes this vulnerability? If so, which silicon revisions / markings?

 

Finally, all publicly available information only mentions that it is possible to bypass secure boot and to run "unauthorized, unsigned" images.


However, in case such an "unauthorized, unsigned" image is being run successfully, is the CPU still in Secure Mode or not? For instance, in this hacked u-boot, does "hab_status"

 

=> hab_status
Secure boot disabled

 

or this,

 

=> hab_status
Secure boot enabled

Outcomes