On Tue, Jun 03, 2025 at 07:54:42PM +0530, Anshul Dalal wrote: > In the secure OS_BOOT spl execution code path, CMD_BOOTZ enables loading > of a zImage which might allow an attacker to bypass the authenticated > boot with fitImage by replacing it with a malicious image with header > identical to zImage. > > Disabling CMD_BOOTZ ensures this code path is never hit inside > spl_parse_image_header. > > Signed-off-by: Anshul Dalal <[email protected]>
Reviewed-by: Tom Rini <[email protected]> -- Tom
signature.asc
Description: PGP signature
