diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-bsp/u-boot/files | |
parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-bsp/u-boot/files')
4 files changed, 202 insertions, 70 deletions
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch b/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch deleted file mode 100644 index da7e27c64..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5c2e24a9ed54dfee77d1844a080e998b4affe916 Mon Sep 17 00:00:00 2001 -From: Heinrich Schuchardt <xypron.glpk@gmx.de> -Date: Sat, 2 Jun 2018 19:00:41 +0200 -Subject: [PATCH] efi_loader: avoid make race condition - -When U-Boot is built with 'make -j' there is not guarantee that targets in -directory arch/ are built before targets in directory lib/. The current -build instruction for EFI binaries in lib/ rely on dependencies in arch/. -If $(EFI_CRT0) or $(EFI_RELOC) is not yet built before trying to build -%.efi an error - *** No rule to make target '%.efi' -occurs. - -With the patch separate copies of $(EFI_CRT0) and $(EFI_RELOC) named -efi_crt0.o and efi_reloc.o are built in lib/efi_loader and -lib/efi_selftest. - -Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> -Signed-off-by: Alexander Graf <agraf@suse.de> - -Upstream-Status: Backport from 2018.07 - -Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> ---- - scripts/Makefile.lib | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib -index 8f19b2db56..f2f398c935 100644 ---- a/scripts/Makefile.lib -+++ b/scripts/Makefile.lib -@@ -404,8 +404,14 @@ cmd_efi_ld = $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared \ - - EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS) - --$(obj)/%_efi.so: $(obj)/%.o arch/$(ARCH)/lib/$(EFI_CRT0) \ -- arch/$(ARCH)/lib/$(EFI_RELOC) -+$(obj)/efi_crt0.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_CRT0:.o=.S) -+ $(call if_changed_dep,as_o_S) -+ -+$(obj)/efi_reloc.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_RELOC:.o=.c) $(recordmcount_source) FORCE -+ $(call cmd,force_checksrc) -+ $(call if_changed_rule,cc_o_c) -+ -+$(obj)/%_efi.so: $(obj)/%.o $(obj)/efi_crt0.o $(obj)/efi_reloc.o - $(call cmd,efi_ld) - - # ACPI --- -2.17.1 - diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch new file mode 100644 index 000000000..fed3c3dcb --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch @@ -0,0 +1,59 @@ +From 7346c1e192d63cd35f99c7e845e53c5d4d0bdc24 Mon Sep 17 00:00:00 2001 +From: Teddy Reed <teddy.reed@gmail.com> +Date: Sat, 9 Jun 2018 11:45:20 -0400 +Subject: [PATCH] vboot: Do not use hashed-strings offset + +The hashed-strings signature property includes two uint32_t values. +The first is unneeded as there should never be a start offset into the +strings region. The second, the size, is needed because the added +signature node appends to this region. + +See tools/image-host.c, where a static 0 value is used for the offset. + +Signed-off-by: Teddy Reed <teddy.reed@gmail.com> +Reviewed-by: Simon Glass <sjg@chromium.org> + +Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; + h=7346c1e192d63cd35f99c7e845e53c5d4d0bdc24] + +CVE: CVE-2018-1000205 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + common/image-sig.c | 7 +++++-- + tools/image-host.c | 1 + + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index 8d2fd10..5a269d3 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -377,8 +377,11 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode, + /* Add the strings */ + strings = fdt_getprop(fit, noffset, "hashed-strings", NULL); + if (strings) { +- fdt_regions[count].offset = fdt_off_dt_strings(fit) + +- fdt32_to_cpu(strings[0]); ++ /* ++ * The strings region offset must be a static 0x0. ++ * This is set in tool/image-host.c ++ */ ++ fdt_regions[count].offset = fdt_off_dt_strings(fit); + fdt_regions[count].size = fdt32_to_cpu(strings[1]); + count++; + } +diff --git a/tools/image-host.c b/tools/image-host.c +index 8e43671..be2d59b 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -135,6 +135,7 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, + + ret = fdt_setprop(fit, noffset, "hashed-nodes", + region_prop, region_proplen); ++ /* This is a legacy offset, it is unused, and must remain 0. */ + strdata[0] = 0; + strdata[1] = cpu_to_fdt32(string_size); + if (!ret) { +-- +2.7.4 + diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch new file mode 100644 index 000000000..bb79af1c7 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch @@ -0,0 +1,143 @@ +From 72239fc85f3eda078547956608c063ab965e90e9 Mon Sep 17 00:00:00 2001 +From: Teddy Reed <teddy.reed@gmail.com> +Date: Sat, 9 Jun 2018 11:38:05 -0400 +Subject: [PATCH] vboot: Add FIT_SIGNATURE_MAX_SIZE protection + +This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the +max size of a FIT header's totalsize field. The field is checked before +signature checks are applied to protect from reading past the intended +FIT regions. + +This field is not part of the vboot signature so it should be sanity +checked. If the field is corrupted then the structure or string region +reads may have unintended behavior, such as reading from device memory. +A default value of 256MB is set and intended to support most max storage +sizes. + +Suggested-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Teddy Reed <teddy.reed@gmail.com> +Reviewed-by: Simon Glass <sjg@chromium.org> + +Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; + h=72239fc85f3eda078547956608c063ab965e90e9] + +CVE: CVE-2018-1000205 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + Kconfig | 10 ++++++++++ + common/image-sig.c | 5 +++++ + test/py/tests/test_vboot.py | 33 +++++++++++++++++++++++++++++++++ + tools/Makefile | 1 + + 4 files changed, 49 insertions(+) + +diff --git a/Kconfig b/Kconfig +index 5a82c95..c8b86cd 100644 +--- a/Kconfig ++++ b/Kconfig +@@ -267,6 +267,16 @@ config FIT_SIGNATURE + format support in this case, enable it using + CONFIG_IMAGE_FORMAT_LEGACY. + ++config FIT_SIGNATURE_MAX_SIZE ++ hex "Max size of signed FIT structures" ++ depends on FIT_SIGNATURE ++ default 0x10000000 ++ help ++ This option sets a max size in bytes for verified FIT uImages. ++ A sane value of 256MB protects corrupted DTB structures from overlapping ++ device memory. Assure this size does not extend past expected storage ++ space. ++ + config FIT_VERBOSE + bool "Show verbose messages when FIT images fail" + help +diff --git a/common/image-sig.c b/common/image-sig.c +index f65d883..8d2fd10 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -156,6 +156,11 @@ static int fit_image_setup_verify(struct image_sign_info *info, + { + char *algo_name; + ++ if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) { ++ *err_msgp = "Total size too large"; ++ return 1; ++ } ++ + if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { + *err_msgp = "Can't get hash algo property"; + return -1; +diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py +index ee939f2..3d25ec3 100644 +--- a/test/py/tests/test_vboot.py ++++ b/test/py/tests/test_vboot.py +@@ -26,6 +26,7 @@ Tests run with both SHA1 and SHA256 hashing. + + import pytest + import sys ++import struct + import u_boot_utils as util + + @pytest.mark.boardspec('sandbox') +@@ -105,6 +106,26 @@ def test_vboot(u_boot_console): + util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb, + '-r', fit]) + ++ def replace_fit_totalsize(size): ++ """Replace FIT header's totalsize with something greater. ++ ++ The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE. ++ If the size is greater, the signature verification should return false. ++ ++ Args: ++ size: The new totalsize of the header ++ ++ Returns: ++ prev_size: The previous totalsize read from the header ++ """ ++ total_size = 0 ++ with open(fit, 'r+b') as handle: ++ handle.seek(4) ++ total_size = handle.read(4) ++ handle.seek(4) ++ handle.write(struct.pack(">I", size)) ++ return struct.unpack(">I", total_size)[0] ++ + def test_with_algo(sha_algo): + """Test verified boot with the given hash algorithm. + +@@ -146,6 +167,18 @@ def test_vboot(u_boot_console): + util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir, + '-k', dtb]) + ++ # Replace header bytes ++ bcfg = u_boot_console.config.buildconfig ++ max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0) ++ existing_size = replace_fit_totalsize(max_size + 1) ++ run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False) ++ cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo) ++ ++ # Replace with existing header bytes ++ replace_fit_totalsize(existing_size) ++ run_bootm(sha_algo, 'signed config', 'dev+', True) ++ cons.log.action('%s: Check default FIT header totalsize' % sha_algo) ++ + # Increment the first byte of the signature, which should cause failure + sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' % + (fit, sig_node)) +diff --git a/tools/Makefile b/tools/Makefile +index 5dd33ed..0c3341e 100644 +--- a/tools/Makefile ++++ b/tools/Makefile +@@ -133,6 +133,7 @@ ifdef CONFIG_FIT_SIGNATURE + # This affects include/image.h, but including the board config file + # is tricky, so manually define this options here. + HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE ++HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=$(CONFIG_FIT_SIGNATURE_MAX_SIZE) + endif + + ifdef CONFIG_SYS_U_BOOT_OFFS +-- +2.7.4 + diff --git a/poky/meta/recipes-bsp/u-boot/files/MPC8315ERDB-enable-DHCP.patch b/poky/meta/recipes-bsp/u-boot/files/MPC8315ERDB-enable-DHCP.patch deleted file mode 100644 index ecaa1796a..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/MPC8315ERDB-enable-DHCP.patch +++ /dev/null @@ -1,19 +0,0 @@ -Enabled dhcp client functionality for Yocto reference -hardware MPC8315E-RDB. - -Upstream-Status: Pending - -Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> - -Index: git/configs/MPC8315ERDB_defconfig -=================================================================== ---- git.orig/configs/MPC8315ERDB_defconfig -+++ git/configs/MPC8315ERDB_defconfig -@@ -12,6 +12,7 @@ CONFIG_CMD_PCI=y - CONFIG_CMD_SATA=y - CONFIG_CMD_USB=y - # CONFIG_CMD_SETEXPR is not set -+CONFIG_CMD_DHCP=y - CONFIG_CMD_MII=y - CONFIG_CMD_PING=y - CONFIG_CMD_DATE=y |