A post by NCCGroup which covers an older vulnerability in NXP .iMX High Assurance Boot (HAB). A bit of background is helpful for understanding the bug and it’s impact.

Background The idea behind High Assurance Boot is that all software running on the SOC is verified by the root of trust, starting with the bootROM. The second stage boot image (u-boot) relies on two files read from non-volatile storage (NVS), the Device Configuration Data (DCD) and the Command Sequence File (CSF). While these files are signed and validated eventually, it seems some commands are executed using the DCD/CSF before they’re verified in the u-boot Secondary Program Loader (SPL).

Vulnerability While the fact that there’s a window where unvalidated data can be used and read from the DCD and CSF for reads/writes is design issue in and of itself, an allow-list is enforced to try to restrict writes to peripheral register regions only necessary for supporting boot time configuration. The problem is, this allow-list also permits writes to the memory region the second stage loader is executing from. An attacker can thus modify the executing loader and patch authentication failure handling logic or insert other unauthorized code to run. It’s worth noting you would need the ability to write to NVS as an attacker, so impact is limited; but it’s still valid considering the threat model for root of trust and trying to prevent unauthorized code from attackers with physical access or high level software access.