diff options
| author | Simon Glass <sjg@chromium.org> | 2021-02-16 03:08:10 +0300 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2021-02-16 06:31:53 +0300 |
| commit | 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 (patch) | |
| tree | 44a5f450549070b7b1929380202f61c852ad54d1 /common/Kconfig.boot | |
| parent | c5819701a3de61e2ba2ef7ad0b616565b32305e5 (diff) | |
| download | u-boot-6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01.tar.xz | |
image: Add an option to do a full check of the FIT
Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.
Enable this by default if signature verification is enabled.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Diffstat (limited to 'common/Kconfig.boot')
| -rw-r--r-- | common/Kconfig.boot | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 5eaabdfc27..7532e55edb 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -63,6 +63,15 @@ config FIT_ENABLE_SHA512_SUPPORT SHA512 checksum is a 512-bit (64-byte) hash value used to check that the image contents have not been corrupted. +config FIT_FULL_CHECK + bool "Do a full check of the FIT before using it" + default y + help + Enable this do a full check of the FIT to make sure it is valid. This + helps to protect against carefully crafted FITs which take advantage + of bugs or omissions in the code. This includes a bad structure, + multiple root nodes and the like. + config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM @@ -70,6 +79,7 @@ config FIT_SIGNATURE select RSA select RSA_VERIFY select IMAGE_SIGN_INFO + select FIT_FULL_CHECK help This option enables signature verification of FIT uImages, using a hash signed and verified using RSA. If @@ -159,6 +169,15 @@ config SPL_FIT_PRINT help Support printing the content of the fitImage in a verbose manner in SPL. +config SPL_FIT_FULL_CHECK + bool "Do a full check of the FIT before using it" + help + Enable this do a full check of the FIT to make sure it is valid. This + helps to protect against carefully crafted FITs which take advantage + of bugs or omissions in the code. This includes a bad structure, + multiple root nodes and the like. + + config SPL_FIT_SIGNATURE bool "Enable signature verification of FIT firmware within SPL" depends on SPL_DM @@ -168,6 +187,7 @@ config SPL_FIT_SIGNATURE select SPL_RSA select SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO + select SPL_FIT_FULL_CHECK config SPL_LOAD_FIT bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)" |