In Zynq-7000, U-Boot does not use the RSA Primary Public Key (PPK) that was authenticated by the BootROM and stored in OCM, to authenticate the SPK (Secondary Public Key) when loading partitions.
This results in a situation where an adversary could substitute their PPK/SPK pair and have U-Boot successfully authenticate an image that should not have been authenticated.
This issue is fixed in the 2018.3 release.
| AR# 71436 | |
|---|---|
| Date | 09/12/2018 |
| Status | Active |
| Type | Design Advisory |
| Devices | |