[PATCH 1/2] ARM: i.MX6: Enable PBL_VERIFY_PIGGY with HABV4 support
Sascha Hauer
s.hauer at pengutronix.de
Wed Feb 19 04:13:45 PST 2025
On Wed, Feb 19, 2025 at 11:43:29AM +0100, Marco Felsch wrote:
> Hi Sascha,
>
> On 25-02-18, Sascha Hauer wrote:
> > Some i.MX6 configurations use the xload mechanism. With this the ROM
> > only loads and verifies the PBL. The PBL will then load barebox proper.
> > Without verification the barebox proper binary is untrusted and could be
> > modified. Select PBL_VERIFY_PIGGY when HABV4 is enabled to ensure the
> > barebox proper binary has not been tempered with.
> >
> > boards not using the xload mechanism don't need this option, but there
> > is no good way to detect currently if the xload mechanism is used, so
> > these boards will have to live with a slightly increased binary size
> > for now.
>
> I hav no objections but do you have numbers? There are many i.MX6 based
> systems which do use a spi-nor with limited amount of space already
> facing size issues since barebox is becoming bigger and bigger.
Enabling PBL_VERIFY_PIGGY increases the PBL by about ~6k on ARM/ARM64.
We could add the select to MCI_IMX_ESDHC_PBL instead. The SPI xload
code doesn't have a corresponding Kconfig symbol though, so we would
have to add that first.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list