Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 244705b69784320256d4aae848de2b9e0daeb9cb
commit244705b69784320256d4aae848de2b9e0daeb9cb[log] [tgz]
authorSimon Glass <sjg@chromium.org>Mon Feb 15 17:08:10 2021 -0700
committerTom Rini <trini@konsulko.com>Mon Feb 15 22:31:53 2021 -0500
tree44a5f450549070b7b1929380202f61c852ad54d1
parentd563c2572e6bb485e88d74742e74b71d235bda3e [diff]
image: Add an option to do a full check of the FIT

Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2 files changed
tree: 44a5f450549070b7b1929380202f61c852ad54d1
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. cmd/
  6. common/
  7. configs/
  8. disk/
  9. doc/
  10. drivers/
  11. dts/
  12. env/
  13. examples/
  14. fs/
  15. include/
  16. lib/
  17. Licenses/
  18. net/
  19. post/
  20. scripts/
  21. test/
  22. tools/
  23. .azure-pipelines.yml
  24. .checkpatch.conf
  25. .gitattributes
  26. .gitignore
  27. .gitlab-ci.yml
  28. .mailmap
  29. .readthedocs.yml
  30. config.mk
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README