Skip to content
Snippets Groups Projects
Commit df2a0fcc authored by Denis Pynkin's avatar Denis Pynkin
Browse files

Add manual test of SabreLite secure boot 

This test ensures:
- U-Boot is compiled with HAB and FIT support
- SRK hash is fused and U-Boot is signed ('hab_status' call)
- U-Boot is able to verify signed OS image in FIT format
- U-Boot hangs in case if we try to boot with unsigned binary

Unfortunately the DUT in "open" mode assume any signature as valid,
hence it is not possible to check the boot hang for FIT image signed
with incorrect key -- the HW return 'success' while checking signature.

If the system is in 'closed' state then it is able to use incorrect
signature for the image, for example taken from document
"High Assurance Boot (HAB) for dummies" by Boundary Devises:
https://boundarydevices.com/high-assurance-boot-hab-dummies/



To check if the system is in "closed" state:
  => fuse read 0 6
     Reading bank 0:

     Word 0x00000006: 00000012

the last digit must be "2".

Signed-off-by: default avatarDenis Pynkin <denis.pynkin@collabora.com>
Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
parent 46f8a77e
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
Apertis Website Terms of Use Privacy Policy