Version14.6 of FSBL contains Security Risks which need to be addressed.
The Partition Header used by FSBL is not authenticated
The Partition Header contains details about the partition attributes which are used by FSBL to determine whether the partition needs to be authenticated or not.
A hacker could change the RSA attribute values in the Partition header and make FSBL skip the authentication of those partitions.
This could results in partitions of the hackers choosing being loaded.
FSBL does not use PPK authenticated by Boot ROM for authenticating the Partition images
FSBL must use the same PPK as in the FSBL certificate which BootROM has authenticated.
FSBL always trusts the PPK that was attached with the authentication certificate of that Partition.
A Hacker could create their own authentication certificate which contains their own PPK and SPK.