Skip to content
Snippets Groups Projects

Add FIT image verification with i.MX HAB

Merged Add FIT image verification with i.MX HAB
wip/d4s/T6729 into apertis/v2021dev1
Merged Denis Pynkin requested to merge wip/d4s/T6729 into apertis/v2021dev1

Add patches allowing to use HAB for FIT image verification.

Current implementation doesn't stop the boot but throws a message with the image verification status.

Tested with OBS build and SabreLite boot.

Edited by Denis Pynkin

Merge request reports

Merge request pipeline #123805 passed

Stage: build

Merge request pipeline passed for a8ba74df

Approval is optional

Merged by Sjoerd SimonsSjoerd Simons 5 years ago (Mar 3, 2020 10:55am UTC)

Merge details

  • Changes merged into apertis/v2021dev1 with a8ba74df.
  • Deleted the source branch.

Pipeline #123811 passed

Stage: build
Stage: postbuild
Stage: release

Pipeline passed for a8ba74df on apertis/v2021dev1

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Sjoerd Simons
  • Denis Pynkin changed title from Add kernel verification with i.MX HAB to Add FIT image verification with i.MX HAB

    changed title from Add kernel verification with i.MX HAB to Add FIT image verification with i.MX HAB

  • Denis Pynkin changed the description

    changed the description

  • Denis Pynkin added 2 commits

    added 2 commits

    • 5950d6cf - Add FIT image verification with i.MX HAB
    • 9a85da9b - Release u-boot 2019.01+dfsg-7co3

    Compare with previous version

  • Denis Pynkin added 2 commits

    added 2 commits

    • 873b3627 - Add FIT image verification with i.MX HAB
    • 9b825230 - Release u-boot 2019.01+dfsg-7co3

    Compare with previous version

  • Denis Pynkin added 2 commits

    added 2 commits

    • 801b5e21 - Add FIT image verification with i.MX HAB
    • 7d51b8e9 - Release u-boot 2019.01+dfsg-7co3

    Compare with previous version

  • Denis Pynkin resolved all threads

    resolved all threads

  • Sjoerd Simons
  • Sjoerd Simons
  • Sjoerd Simons
    Sjoerd Simons @sjoerd ·
    Owner

    This still has issues; Afaict a closed device will still happily boot an unsigned uImage and if booting a zimage the initramfs + dtb aren't checked which is problematic

    • Denis Pynkin
      Denis Pynkin @d4s ·
      Author Owner
      Resolved by Sjoerd Simons

      mmm... you can't boot unsigned uImage -- it is covered by the same code as for checking the FIT image.

      correct, regarding initramfs and dtb -- but this is out of the scope of the initial task.

      PS I wanted to do separate verification of binaries, but as far as I remember we agreed it was out of the scope for the WIP I'm working with and move it to later imrovements.

  • Denis Pynkin added 2 commits

    added 2 commits

    • 8f4fe9f0 - Add FIT image verification with i.MX HAB
    • d2895ab6 - Release u-boot 2019.01+dfsg-7co3

    Compare with previous version

  • Denis Pynkin resolved all threads

    resolved all threads

  • Denis Pynkin added 2 commits

    added 2 commits

    • 21e681f9 - Add FIT image verification with i.MX HAB
    • c06fb335 - Release u-boot 2019.01+dfsg-7co3

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
    • Please register or sign in to reply
    Apertis Website Terms of Use Privacy Policy