All of lore.kernel.org
 help / color / mirror / Atom feed
From: Joel Peshkin <joel.peshkin@broadcom.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] Buffer overrun risk in UBI SPL for secure boot
Date: Mon, 9 Sep 2019 14:48:45 -0700	[thread overview]
Message-ID: <CAN3=V2vpF6D5jZHoEGjK+fvfzqayTnE=w5=__JNbkj8kEczMuQ@mail.gmail.com> (raw)
In-Reply-To: <CAN3=V2sNqt=9=quvYchPBoc+MmOtOobCLgM6V1kSsnhah_CHJQ@mail.gmail.com>

Hi Heiko,

    Adding a size limit without breaking things turns out to be much more
difficult that it would seem.  So, instead of capping the size, we have
changed the memory map we are using for uboot.  It is probably worthwhile
for others using UBISPL in a secure boot nevironment to do the same.

   Traditionally, uboot SPL or TPL loads or relocates to an address near
the top of memory and then builds its stack downwards from the top of
memory.   That means that any address we use for a volume.load_address will
eventually step on something if the volume is large enough.   So, we move
everything down by a size that is sufficient for any image that UBISPL may
need to load (32M) and place the CONFIG_SPL_LOAD_FIT_ADDRESS  Above the
stack where it can grow without hitting anything until it causes an
exception.

   I'm not sure if there is anything else to be done for this situation
except to caution people implementing secure boot environments to be aware
of their surroundings.

Regards,

Joel Peshkin

      reply	other threads:[~2019-09-09 21:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-04  4:57 [U-Boot] Buffer overrun risk in UBI SPL for secure boot Joel Peshkin
2019-09-04 13:01 ` Heiko Schocher
2019-09-04 14:19   ` Joel Peshkin
2019-09-09 21:48     ` Joel Peshkin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAN3=V2vpF6D5jZHoEGjK+fvfzqayTnE=w5=__JNbkj8kEczMuQ@mail.gmail.com' \
    --to=joel.peshkin@broadcom.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.