From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH 1/2] ARM: i.MX6: Enable PBL_VERIFY_PIGGY with HABV4 support
Date: Tue, 18 Feb 2025 15:04:06 +0100 [thread overview]
Message-ID: <20250218140407.1224499-1-s.hauer@pengutronix.de> (raw)
Some i.MX6 configurations use the xload mechanism. With this the ROM
only loads and verifies the PBL. The PBL will then load barebox proper.
Without verification the barebox proper binary is untrusted and could be
modified. Select PBL_VERIFY_PIGGY when HABV4 is enabled to ensure the
barebox proper binary has not been tempered with.
boards not using the xload mechanism don't need this option, but there
is no good way to detect currently if the xload mechanism is used, so
these boards will have to live with a slightly increased binary size
for now.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/mach-imx/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
index 58b32b8e91..424c7d71a6 100644
--- a/arch/arm/mach-imx/Kconfig
+++ b/arch/arm/mach-imx/Kconfig
@@ -127,6 +127,7 @@ config ARCH_IMX6
select PINCTRL_IMX_IOMUX_V3
select COMMON_CLK_OF_PROVIDER
select HW_HAS_PCI
+ select PBL_VERIFY_PIGGY if HABV4
config ARCH_IMX6SL
bool
--
2.39.5
next reply other threads:[~2025-02-18 14:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 14:04 Sascha Hauer [this message]
2025-02-18 14:04 ` [PATCH 2/2] ARM: i.MX9: Enable PBL_VERIFY_PIGGY with non INSECURE Sascha Hauer
2025-02-19 10:43 ` [PATCH 1/2] ARM: i.MX6: Enable PBL_VERIFY_PIGGY with HABV4 support Marco Felsch
2025-02-19 12:13 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250218140407.1224499-1-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox