git.ipfire.org Git - thirdparty/u-boot.git/commit

author	Simon Glass <sjg@chromium.org>
	Tue, 16 Feb 2021 00:08:10 +0000 (17:08 -0700)
committer	Michal Simek <michal.simek@xilinx.com>
	Tue, 1 Jun 2021 11:38:24 +0000 (13:38 +0200)
commit	dfcaf5eeff48da181b80ad339a362043aa886d63
tree	a57ae2d833c3cb6fab50435f310a2fe5fd244248	tree \| snapshot
parent	d26a0fa353a9c3b837751b0ad889cf3475bac020	commit \| diff

image: Add an option to do a full check of the FIT

Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
State: upstream (6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01)

common/Kconfig.boot		diff \| blob \| blame \| history
common/image-fit.c		diff \| blob \| blame \| history