Home
last modified time | relevance | path

Searched hist:"72239 fc85f3eda078547956608c063ab965e90e9" (Results 1 – 4 of 4) sorted by relevance

/openbmc/u-boot/test/py/tests/
H A Dtest_vboot.py72239fc85f3eda078547956608c063ab965e90e9 Sat Jun 09 10:38:05 CDT 2018 Teddy Reed <teddy.reed@gmail.com> vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
/openbmc/u-boot/common/
H A Dimage-sig.c72239fc85f3eda078547956608c063ab965e90e9 Sat Jun 09 10:38:05 CDT 2018 Teddy Reed <teddy.reed@gmail.com> vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
/openbmc/u-boot/
H A DKconfig72239fc85f3eda078547956608c063ab965e90e9 Sat Jun 09 10:38:05 CDT 2018 Teddy Reed <teddy.reed@gmail.com> vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
/openbmc/u-boot/tools/
H A DMakefile72239fc85f3eda078547956608c063ab965e90e9 Sat Jun 09 10:38:05 CDT 2018 Teddy Reed <teddy.reed@gmail.com> vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>