git.dujemihanovic.xyz Git - u-boot.git/commit

]> git.dujemihanovic.xyz Git - u-boot.git/commit

author	Simon Glass <sjg@chromium.org>
	Tue, 16 Feb 2021 00:08:10 +0000 (17:08 -0700)
committer	Tom Rini <trini@konsulko.com>
	Tue, 16 Feb 2021 03:31:53 +0000 (22:31 -0500)
commit	6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
tree	44a5f450549070b7b1929380202f61c852ad54d1	tree \| snapshot
parent	c5819701a3de61e2ba2ef7ad0b616565b32305e5	commit \| diff

image: Add an option to do a full check of the FIT

Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

common/Kconfig.boot		diff \| blob \| history
common/image-fit.c		diff \| blob \| history

My U-Boot fork

RSS Atom