Skip to content
Snippets Groups Projects
Select Git revision
  • apertis/v2022dev0 default protected
  • wip/wlozano/agl-compositor-launch
  • agl-compositor-fix
  • apertis/v2019
  • apertis/v2020
  • apertis/v2021pre
  • apertis/v2021dev3
  • wip/fdanis/7252-v2020
  • pages
  • apertis/v2021dev2
  • apertis/v2021dev1
  • sagar/test
  • wip/d4s/test_sign
  • apertis/v2020pre
  • apertis/v2021dev0
  • apertis/v2020dev0
  • wip/sagar/sdk-persistent-test-improvements
  • apertis/v2019pre
  • wip/fredo/sdk-tools-tests
  • apertis/v2019dev0
  • apertis/1.1812.0
21 results
Search by author
  • Any Author
  • Walter Lozano Walter Lozano wlozano
1 author
  1. Apr 14, 2020
    • Denis Pynkin's avatar
      Add manual test of SabreLite secure boot · df2a0fcc
      Denis Pynkin authored 
      This test ensures:
- U-Boot is compiled with HAB and FIT support
- SRK hash is fused and U-Boot is signed ('hab_status' call)
- U-Boot is able to verify signed OS image in FIT format
- U-Boot hangs in case if we try to boot with unsigned binary

Unfortunately the DUT in "open" mode assume any signature as valid,
hence it is not possible to check the boot hang for FIT image signed
with incorrect key -- the HW return 'success' while checking signature.

If the system is in 'closed' state then it is able to use incorrect
signature for the image, for example taken from document
"High Assurance Boot (HAB) for dummies" by Boundary Devises:
https://boundarydevices.com/high-assurance-boot-hab-dummies/



To check if the system is in "closed" state:
  => fuse read 0 6
     Reading bank 0:

     Word 0x00000006: 00000012

the last digit must be "2".

Signed-off-by: default avatarDenis Pynkin <denis.pynkin@collabora.com>
Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
      df2a0fcc
Apertis Website Terms of Use Privacy Policy