All of lore.kernel.org
 help / color / mirror / Atom feed
* [U-Boot] U-Boot TFTP protection
@ 2018-06-15  6:44 Stefan Johansson
  2018-06-19  7:40 ` Lukasz Majewski
  2018-06-19 22:03 ` Simon Glass
  0 siblings, 2 replies; 3+ messages in thread
From: Stefan Johansson @ 2018-06-15  6:44 UTC (permalink / raw)
  To: u-boot

Hello,
We have been looking at protecting U-Boot from (malicious) TFTP overwrites.
We want to do this after our ARMv7 U-Boot has relocated.

The memory map looks like this (I hope):

---------------------------  Top of DRAM
| U-Boot (Protected)
| -------------------------- U_Boot_start
| Heap (Protected)
| -------------------------- Start_Heap = U_Boot_start - Heap_Size
| Stack (Protected)
| -------------------------- Start_Stack = Start_Heap - Stack_Size
| Buffers (Protected)
| -------------------------- ???
| Free DRAM (Not Protected)
---------------------------  Start of DRAM

I seem to get lost in the code trying to find possible buffers, can you please give a hint how I can find the address "???"

Best Regards,
Stefan

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [U-Boot] U-Boot TFTP protection
  2018-06-15  6:44 [U-Boot] U-Boot TFTP protection Stefan Johansson
@ 2018-06-19  7:40 ` Lukasz Majewski
  2018-06-19 22:03 ` Simon Glass
  1 sibling, 0 replies; 3+ messages in thread
From: Lukasz Majewski @ 2018-06-19  7:40 UTC (permalink / raw)
  To: u-boot

Hi Stefan,

> Hello,
> We have been looking at protecting U-Boot from (malicious) TFTP
> overwrites. We want to do this after our ARMv7 U-Boot has relocated.
> 
> The memory map looks like this (I hope):
> 
> ---------------------------  Top of DRAM
> | U-Boot (Protected)
> | -------------------------- U_Boot_start
> | Heap (Protected)
> | -------------------------- Start_Heap = U_Boot_start - Heap_Size
> | Stack (Protected)
> | -------------------------- Start_Stack = Start_Heap - Stack_Size
> | Buffers (Protected)
> | -------------------------- ???
> | Free DRAM (Not Protected)
> ---------------------------  Start of DRAM
> 
> I seem to get lost in the code trying to find possible buffers, can
> you please give a hint how I can find the address "???"

By default the tftp writes its data to the address pointed by the
"loadaddr" env variable.

printenv loadaddr

> 
> Best Regards,
> Stefan
> 
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot




Best regards,

Lukasz Majewski

--

DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180619/47c7331d/attachment.sig>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [U-Boot] U-Boot TFTP protection
  2018-06-15  6:44 [U-Boot] U-Boot TFTP protection Stefan Johansson
  2018-06-19  7:40 ` Lukasz Majewski
@ 2018-06-19 22:03 ` Simon Glass
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Glass @ 2018-06-19 22:03 UTC (permalink / raw)
  To: u-boot

Hi Stefan,

On 15 June 2018 at 00:44, Stefan Johansson
<stefan.j.johansson@verisure.com> wrote:
>
> Hello,
> We have been looking at protecting U-Boot from (malicious) TFTP overwrites.
> We want to do this after our ARMv7 U-Boot has relocated.
>
> The memory map looks like this (I hope):
>
> ---------------------------  Top of DRAM
> | U-Boot (Protected)
> | -------------------------- U_Boot_start
> | Heap (Protected)
> | -------------------------- Start_Heap = U_Boot_start - Heap_Size
> | Stack (Protected)
> | -------------------------- Start_Stack = Start_Heap - Stack_Size
> | Buffers (Protected)
> | -------------------------- ???
> | Free DRAM (Not Protected)
> ---------------------------  Start of DRAM
>
> I seem to get lost in the code trying to find possible buffers, can you please give a hint how I can find the address "???"


Well gd->start_addr_sp is the stop of the stack. The size of the stack
is not necessarily fixed and will grow downwards from there. But I
suppose you could set a particular size and protect from start of DRAM
to to the assumed bottom of the stack area.

Regards,
Simon

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-06-19 22:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-15  6:44 [U-Boot] U-Boot TFTP protection Stefan Johansson
2018-06-19  7:40 ` Lukasz Majewski
2018-06-19 22:03 ` Simon Glass

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.