diff options
Diffstat (limited to 'poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch')
-rw-r--r-- | poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch | 105 |
1 files changed, 0 insertions, 105 deletions
diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch deleted file mode 100644 index 86f7e8ce55..0000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 Mon Sep 17 00:00:00 2001 -From: Simon Glass <sjg@chromium.org> -Date: Mon, 15 Feb 2021 17:08:10 -0700 -Subject: [PATCH] image: Add an option to do a full check of the FIT - -Some strange modifications of the FIT can introduce security risks. Add an -option to check it thoroughly, using libfdt's fdt_check_full() function. - -Enable this by default if signature verification is enabled. - -CVE-2021-27097 - -Signed-off-by: Simon Glass <sjg@chromium.org> -Reported-by: Bruce Monroe <bruce.monroe@intel.com> -Reported-by: Arie Haenel <arie.haenel@intel.com> -Reported-by: Julien Lenoir <julien.lenoir@intel.com> - -CVE: CVE-2021-27097 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] -Signed-off-by: Scott Murray <scott.murray@konsulko.com> - ---- - common/Kconfig.boot | 20 ++++++++++++++++++++ - common/image-fit.c | 16 ++++++++++++++++ - 2 files changed, 36 insertions(+) - -diff --git a/common/Kconfig.boot b/common/Kconfig.boot -index 5eaabdfc27..7532e55edb 100644 ---- a/common/Kconfig.boot -+++ b/common/Kconfig.boot -@@ -63,6 +63,15 @@ config FIT_ENABLE_SHA512_SUPPORT - SHA512 checksum is a 512-bit (64-byte) hash value used to check that - the image contents have not been corrupted. - -+config FIT_FULL_CHECK -+ bool "Do a full check of the FIT before using it" -+ default y -+ help -+ Enable this do a full check of the FIT to make sure it is valid. This -+ helps to protect against carefully crafted FITs which take advantage -+ of bugs or omissions in the code. This includes a bad structure, -+ multiple root nodes and the like. -+ - config FIT_SIGNATURE - bool "Enable signature verification of FIT uImages" - depends on DM -@@ -70,6 +79,7 @@ config FIT_SIGNATURE - select RSA - select RSA_VERIFY - select IMAGE_SIGN_INFO -+ select FIT_FULL_CHECK - help - This option enables signature verification of FIT uImages, - using a hash signed and verified using RSA. If -@@ -159,6 +169,15 @@ config SPL_FIT_PRINT - help - Support printing the content of the fitImage in a verbose manner in SPL. - -+config SPL_FIT_FULL_CHECK -+ bool "Do a full check of the FIT before using it" -+ help -+ Enable this do a full check of the FIT to make sure it is valid. This -+ helps to protect against carefully crafted FITs which take advantage -+ of bugs or omissions in the code. This includes a bad structure, -+ multiple root nodes and the like. -+ -+ - config SPL_FIT_SIGNATURE - bool "Enable signature verification of FIT firmware within SPL" - depends on SPL_DM -@@ -168,6 +187,7 @@ config SPL_FIT_SIGNATURE - select SPL_RSA - select SPL_RSA_VERIFY - select SPL_IMAGE_SIGN_INFO -+ select SPL_FIT_FULL_CHECK - - config SPL_LOAD_FIT - bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)" -diff --git a/common/image-fit.c b/common/image-fit.c -index f6c0428a96..bcf395f6a1 100644 ---- a/common/image-fit.c -+++ b/common/image-fit.c -@@ -1580,6 +1580,22 @@ int fit_check_format(const void *fit, ulong size) - return -ENOEXEC; - } - -+ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) { -+ /* -+ * If we are not given the size, make do wtih calculating it. -+ * This is not as secure, so we should consider a flag to -+ * control this. -+ */ -+ if (size == IMAGE_SIZE_INVAL) -+ size = fdt_totalsize(fit); -+ ret = fdt_check_full(fit, size); -+ -+ if (ret) { -+ log_debug("FIT check error %d\n", ret); -+ return -EINVAL; -+ } -+ } -+ - /* mandatory / node 'description' property */ - if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { - log_debug("Wrong FIT format: no description\n"); |