In Zynq-7000, U-Boot does not authenticate the partition header. The partition header is used to tell U-Boot what crypto operation is to be done on the actual partition.
Because U-Boot is not authenticating the partition header, an adversary could simply change the contents of the partition header to not perform the desired crypto operation.
This issue will be fixed in the 2018.3 release.
AR# 71437 | |
---|---|
Date | 09/12/2018 |
Status | Active |
Type | Design Advisory |
Devices |