From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [PATCH 5/8] image: Adjust the workings of fit_check_format()
Date: Mon, 15 Feb 2021 22:36:14 -0500 [thread overview]
Message-ID: <20210216033614.GR10169@bill-the-cat> (raw)
In-Reply-To: <20210216000812.2091481-6-sjg@chromium.org>
On Mon, Feb 15, 2021 at 05:08:09PM -0700, Simon Glass wrote:
> At present this function does not accept a size for the FIT. This means
> that it must be read from the FIT itself, introducing potential security
> risk. Update the function to include a size parameter, which can be
> invalid, in which case fit_check_format() calculates it.
>
> For now no callers pass the size, but this can be updated later.
>
> Also adjust the return value to an error code so that all the different
> types of problems can be distinguished by the user.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reported-by: Bruce Monroe <bruce.monroe@intel.com>
> Reported-by: Arie Haenel <arie.haenel@intel.com>
> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210215/9ff98505/attachment.sig>
next prev parent reply other threads:[~2021-02-16 3:36 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-16 0:08 [PATCH 0/8] vboot: Correct vulnerabilities identified by Intel Simon Glass
2021-02-16 0:08 ` [PATCH 1/8] fdt_region: Check for a single root node of the correct name Simon Glass
2021-02-16 3:35 ` Tom Rini
2021-02-16 0:08 ` [PATCH 2/8] fit: Don't allow verification of images with @ nodes Simon Glass
2021-02-16 3:35 ` Tom Rini
2021-02-16 0:08 ` [PATCH 3/8] test: Add vboot_evil implementation Simon Glass
2021-02-16 3:36 ` Tom Rini
2021-02-16 0:08 ` [PATCH 4/8] test: Add tests for the 'evil' vboot attacks Simon Glass
2021-02-16 3:36 ` Tom Rini
2021-02-16 0:08 ` [PATCH 5/8] image: Adjust the workings of fit_check_format() Simon Glass
2021-02-16 3:36 ` Tom Rini [this message]
2021-02-17 13:30 ` Jesper Schmitz Mouridsen
2021-02-17 13:43 ` Tom Rini
2021-02-17 14:12 ` Jesper Schmitz Mouridsen
2021-02-16 0:08 ` [PATCH 6/8] image: Add an option to do a full check of the FIT Simon Glass
2021-02-16 3:36 ` Tom Rini
2021-02-16 0:08 ` [PATCH 7/8] libfdt: Check for multiple/invalid root nodes Simon Glass
2021-02-16 3:36 ` Tom Rini
2021-02-16 0:08 ` [PATCH 8/8] image: Check for unit addresses in FITs Simon Glass
2021-02-16 3:36 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210216033614.GR10169@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox