I’d like to make sure I understand this correctly. Are you saying that it’s not even worth properly signing the image on the FP3 because it somehow exposes this “EDL/QDL” mode?
I thought that the “built-in root of trust” was protected in hardware with a fuse. Wouldn’t that protect against EDL/ODL mode? Or does the EDL/ODL mode make the “custom root of trust” useless but not the built-in one?
I never had a go at this - so this is heresay. What I remember from the threads when the FP3 was ported. The issue isn’t EDL, but -
Since the fuse wasn’t burnt in, it CAN’T verify the signatures.
and Calyx people commented then on why they won’t support the FP3. Here’s a fp forum user poking at FP3 custom keys too. So while it will verify the custom keys, as long as test keys verify, it’s still a weakness?
Edit, to clarify: useless against evil maid, useful still to signal relock to play-integrity et al.
Could someone elaborate on this a bit? If test keys are used, what element of security is lost? Is evil maid the only concern?