From d30febe3929af749a8050d5979b2ae0bfac9b041 Mon Sep 17 00:00:00 2001 From: Joel Stanley Date: Mon, 9 May 2022 17:52:03 +0930 Subject: u-boot-aspeed: Disable backdoor interfaces This is a version of the CVE-2019-6260 "pantsdown" mitigations for the v2019.04 u-boot branch. The SuperIO and debug UART backdoors can be optionally enabled through u-boot build time configuration, but default to disabled as long as your machine uses the common board_init. These changes are relevant for the AST2400 and the AST2500 only. If your machine relies on these features to boot, look at the options in this patch: https://lore.kernel.org/openbmc/20220504004739.15829-1-zev@bewilderbeest.net/ See this email for instructions on how to test: https://lore.kernel.org/openbmc/CACPK8XfYuWT9Q5G_bo9AGugx-DcODDZ8xb39Sr+Sa8qWqVeW6A@mail.gmail.com/ Thank you to Zev for the work on this patch. Zev Weiss (1): aspeed: Disable backdoor interfaces Change-Id: I4ebeae13047b8c32f2d9324d4ef9c6f98c6f4a60 Signed-off-by: Joel Stanley --- meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-aspeed') diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc index 8efeaed564..6a43de2c1e 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc @@ -8,7 +8,7 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "21fa3f3380749b5bfda4d95230d2911671cf3fcf" +SRCREV = "8dfce92d376f0fb20feecf3eb94df88ce0249d76" SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https" S = "${WORKDIR}/git" -- cgit v1.2.3