AR# 71437

Design Advisory for Zynq-7000: 2018.2 (and earlier) U-Boot does not authenticate the partition header.

Description

In Zynq-7000, U-Boot does not authenticate the partition header. The partition header is used to tell U-Boot what crypto operation is to be done on the actual partition.

Because U-Boot is not authenticating the partition header, an adversary could simply change the contents of the partition header to not perform the desired crypto operation.

Solution

This issue will be fixed in the 2018.3 release.

AR# 71437
Date 09/12/2018
Status Active
Type Design Advisory
Devices