[PATCH] image: Control FIT signature verification at runtime

Dhananjay Phadke dphadke at linux.microsoft.com
Sun Feb 13 09:54:51 AEDT 2022


On 2/8/2022 1:55 PM, Andrew Jeffery wrote:
> Right, just as strap pin controlling the SB ROM in the 2600 allows bypass.
> 
> It's just another one of these affecting a different boot stage.

Why would someone leave such external exploit open in production?
Fusing OTPCFG0[6]=1 would ignore external strap and OTPCFG0[1]=1 would 
enable secure boot with no way to bypass.

Regards,
Dhananjay


More information about the openbmc mailing list