From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH 3/3] ARM: i.MX: HABv3: Set to production mode
Date: Tue, 17 May 2016 11:04:14 +0200 [thread overview]
Message-ID: <1463475854-30224-3-git-send-email-s.hauer@pengutronix.de> (raw)
In-Reply-To: <1463475854-30224-1-git-send-email-s.hauer@pengutronix.de>
The HABv3 images for engineering mode do not work on a production device
and the images for production mode do not work on an engineering device.
When in engineering mode the ROM checks the images, but does not stop
booting when the signatures are wrong. This means a production image
can still be booted on an engineering device. This device can be
temporarily put into production mode by writing to the HAB_TYPE shadow
fuse register. After a reset the device will come up in production mode
and the image can be tested for validity. This means that if we have to
decide between production mode images and engineering images, the
production images are a better decision. Change this accordingly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
index 4b81d49..f4804fe 100644
--- a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
+++ b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
@@ -11,7 +11,7 @@ super_root_key CONFIG_HABV3_SRK_PEM
hab [Header]
hab Version = 3.0
-hab Security Configuration = Engineering
+hab Security Configuration = Production
hab Hash Algorithm = SHA256
hab Engine = RTIC
hab Certificate Format = WTLS
--
2.8.0.rc3
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
prev parent reply other threads:[~2016-05-17 9:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-17 9:04 [PATCH 1/3] ARM: i.MX: IIM: Add functions to access fuses field wise Sascha Hauer
2016-05-17 9:04 ` [PATCH 2/3] ARM: i.MX: IIM: Add function to enable permanent write Sascha Hauer
2016-05-17 9:04 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1463475854-30224-3-git-send-email-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox