- User Since
- Aug 7 2019, 12:31 PM (58 w, 2 d)
Sep 9 2019
Verified boot in itself already proves the boot integrity of all firmware images from BL1 up to BL33.
BL1 is the root of trust and cannot be tampered with, as it is hardware-protected. All other BL image are signed and their signature is verified before they get executed: BL1 verifies the signature of BL2, and BL2 does the same for all subsequent BL3x images. If one of the signatures is invalid then TF-A refuses to execute the corresponding image. This is treated as a fatal error that the firmware cannot recover from and the platform will typically panic in this case.
Sep 6 2019
Hi @soby-mathew !
Aug 7 2019