[PATCH] i.MX: hab: always lock SRK hash after fusing
Sascha Hauer
s.hauer at pengutronix.de
Mon Mar 9 00:50:38 PDT 2026
On Fri, 06 Mar 2026 11:38:12 +0100, Ulrich Ölmann wrote:
> The flag IMX_SRK_HASH_WRITE_LOCK has been present since the introduction of
> barebox' hab command in [1], but only got its first user recently. Keeping SRK
> hash locking optional is dangerous though: after programming the SRK hash,
> leaving it writable allows later manipulations which can render a device
> unbootable.
>
> Make SRK hash programming always burn the corresponding lock fuses on all
> supported i.MX variants (IIM/OCOTP), and remove IMX_SRK_HASH_WRITE_LOCK.
>
> [...]
Applied, thanks!
[1/1] i.MX: hab: always lock SRK hash after fusing
https://git.pengutronix.de/cgit/barebox/commit/?id=1f4d4a2b75b7 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer at pengutronix.de>
More information about the barebox
mailing list