summaryrefslogtreecommitdiffstats
path: root/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch')
-rw-r--r--meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch105
1 files changed, 0 insertions, 105 deletions
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch b/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch
deleted file mode 100644
index 86f7e8ce55..0000000000
--- a/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 Mon Sep 17 00:00:00 2001
-From: Simon Glass <sjg@chromium.org>
-Date: Mon, 15 Feb 2021 17:08:10 -0700
-Subject: [PATCH] image: Add an option to do a full check of the FIT
-
-Some strange modifications of the FIT can introduce security risks. Add an
-option to check it thoroughly, using libfdt's fdt_check_full() function.
-
-Enable this by default if signature verification is enabled.
-
-CVE-2021-27097
-
-Signed-off-by: Simon Glass <sjg@chromium.org>
-Reported-by: Bruce Monroe <bruce.monroe@intel.com>
-Reported-by: Arie Haenel <arie.haenel@intel.com>
-Reported-by: Julien Lenoir <julien.lenoir@intel.com>
-
-CVE: CVE-2021-27097
-Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01]
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
-
----
- common/Kconfig.boot | 20 ++++++++++++++++++++
- common/image-fit.c | 16 ++++++++++++++++
- 2 files changed, 36 insertions(+)
-
-diff --git a/common/Kconfig.boot b/common/Kconfig.boot
-index 5eaabdfc27..7532e55edb 100644
---- a/common/Kconfig.boot
-+++ b/common/Kconfig.boot
-@@ -63,6 +63,15 @@ config FIT_ENABLE_SHA512_SUPPORT
- SHA512 checksum is a 512-bit (64-byte) hash value used to check that
- the image contents have not been corrupted.
-
-+config FIT_FULL_CHECK
-+ bool "Do a full check of the FIT before using it"
-+ default y
-+ help
-+ Enable this do a full check of the FIT to make sure it is valid. This
-+ helps to protect against carefully crafted FITs which take advantage
-+ of bugs or omissions in the code. This includes a bad structure,
-+ multiple root nodes and the like.
-+
- config FIT_SIGNATURE
- bool "Enable signature verification of FIT uImages"
- depends on DM
-@@ -70,6 +79,7 @@ config FIT_SIGNATURE
- select RSA
- select RSA_VERIFY
- select IMAGE_SIGN_INFO
-+ select FIT_FULL_CHECK
- help
- This option enables signature verification of FIT uImages,
- using a hash signed and verified using RSA. If
-@@ -159,6 +169,15 @@ config SPL_FIT_PRINT
- help
- Support printing the content of the fitImage in a verbose manner in SPL.
-
-+config SPL_FIT_FULL_CHECK
-+ bool "Do a full check of the FIT before using it"
-+ help
-+ Enable this do a full check of the FIT to make sure it is valid. This
-+ helps to protect against carefully crafted FITs which take advantage
-+ of bugs or omissions in the code. This includes a bad structure,
-+ multiple root nodes and the like.
-+
-+
- config SPL_FIT_SIGNATURE
- bool "Enable signature verification of FIT firmware within SPL"
- depends on SPL_DM
-@@ -168,6 +187,7 @@ config SPL_FIT_SIGNATURE
- select SPL_RSA
- select SPL_RSA_VERIFY
- select SPL_IMAGE_SIGN_INFO
-+ select SPL_FIT_FULL_CHECK
-
- config SPL_LOAD_FIT
- bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)"
-diff --git a/common/image-fit.c b/common/image-fit.c
-index f6c0428a96..bcf395f6a1 100644
---- a/common/image-fit.c
-+++ b/common/image-fit.c
-@@ -1580,6 +1580,22 @@ int fit_check_format(const void *fit, ulong size)
- return -ENOEXEC;
- }
-
-+ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) {
-+ /*
-+ * If we are not given the size, make do wtih calculating it.
-+ * This is not as secure, so we should consider a flag to
-+ * control this.
-+ */
-+ if (size == IMAGE_SIZE_INVAL)
-+ size = fdt_totalsize(fit);
-+ ret = fdt_check_full(fit, size);
-+
-+ if (ret) {
-+ log_debug("FIT check error %d\n", ret);
-+ return -EINVAL;
-+ }
-+ }
-+
- /* mandatory / node 'description' property */
- if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) {
- log_debug("Wrong FIT format: no description\n");