Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

uEnv can bypass verified boot #17

Open
Ham22 opened this issue Nov 22, 2016 · 1 comment
Open

uEnv can bypass verified boot #17

Ham22 opened this issue Nov 22, 2016 · 1 comment
Labels
s: backlog
Milestone
ci40 verified boo...

Comments

@Ham22
Copy link
Member

Ham22 commented Nov 22, 2016
edited by Shpinkso
Loading

The proof of concept boots using uboot scripting and environment variables. Currently these variables are writable meaning that someone could easily bypass verified boot by running a few simple commands.

We need to either lock down the uEnv to RO (some things might break if we do this) or modify the verified boot mechanism so that security is not effected by env variables.
@Ham22 Ham22 added this to the ci40 verified boot support milestone Nov 22, 2016
@Ham22 Ham22 self-assigned this Dec 12, 2016
@Ham22
Copy link
Member Author

Ham22 commented Dec 12, 2016

Agreed, this board is for POC only anyway so just make it easy to enable/disable. There is a bootstrap pin for enabling/disabling verified boot so use this to force (as much as it can) verified boot when pulled.

Verified boot should still work when not forced on HW if configured in SW.

@Ham22 Ham22 removed their assignment Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
s: backlog
Projects
None yet
Milestone
ci40 verified boot support
Development

No branches or pull requests
2 participants
@Ham22 @Shpinkso