[PATCH 3/3] ARM: i.MX: HABv3: Set to production mode

Sascha Hauer s.hauer at pengutronix.de
Tue May 17 02:04:14 PDT 2016

The HABv3 images for engineering mode do not work on a production device
and the images for production mode do not work on an engineering device.

When in engineering mode the ROM checks the images, but does not stop
booting when the signatures are wrong. This means a production image
can still be booted on an engineering device. This device can be
temporarily put into production mode by writing to the HAB_TYPE shadow
fuse register. After a reset the device will come up in production mode
and the image can be tested for validity. This means that if we have to
decide between production mode images and engineering images, the
production images are a better decision. Change this accordingly.

Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
 arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
index 4b81d49..f4804fe 100644
--- a/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
+++ b/arch/arm/mach-imx/include/mach/habv3-imx25-gencsf.h
@@ -11,7 +11,7 @@ super_root_key CONFIG_HABV3_SRK_PEM
 hab [Header]
 hab Version = 3.0
-hab Security Configuration = Engineering
+hab Security Configuration = Production
 hab Hash Algorithm = SHA256
 hab Engine = RTIC
 hab Certificate Format = WTLS

More information about the barebox mailing list