From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tom Rini <trini@konsulko.com>
Date: Mon, 15 Feb 2021 22:36:19 -0500
Subject: [PATCH 6/8] image: Add an option to do a full check of the FIT
In-Reply-To: <20210216000812.2091481-7-sjg@chromium.org>
References: <20210216000812.2091481-1-sjg@chromium.org>
 <20210216000812.2091481-7-sjg@chromium.org>
Message-ID: <20210216033619.GS10169@bill-the-cat>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Mon, Feb 15, 2021 at 05:08:10PM -0700, Simon Glass wrote:

> Some strange modifications of the FIT can introduce security risks. Add an
> option to check it thoroughly, using libfdt's fdt_check_full() function.
> 
> Enable this by default if signature verification is enabled.
> 
> CVE-2021-27097
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reported-by: Bruce Monroe <bruce.monroe@intel.com>
> Reported-by: Arie Haenel <arie.haenel@intel.com>
> Reported-by: Julien Lenoir <julien.lenoir@intel.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210215/9ebc1aa8/attachment.sig>