diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2018-11-23 11:51:48 -0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-23 23:32:10 +0000 |
commit | 04469ab5b7f0446404b4cb55a15595678581ab26 (patch) | |
tree | cf82cd45a6a8dc44947970208998d2a0ec8c2e7b | |
parent | 7670325f4b04000255e2fd4ad58a42ab60a70579 (diff) | |
download | openembedded-core-04469ab5b7f0446404b4cb55a15595678581ab26.tar.gz |
u-boot: Upgrade 2018.07 -> 2018.11
This upgrades U-Boot to 2018.11 release and drop the backported
security fixes which are now included upstream.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch | 59 | ||||
-rw-r--r-- | meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch | 143 | ||||
-rw-r--r-- | meta/recipes-bsp/u-boot/u-boot-common_2018.11.inc (renamed from meta/recipes-bsp/u-boot/u-boot-common_2018.07.inc) | 7 | ||||
-rw-r--r-- | meta/recipes-bsp/u-boot/u-boot-fw-utils_2018.11.bb (renamed from meta/recipes-bsp/u-boot/u-boot-fw-utils_2018.07.bb) | 0 | ||||
-rw-r--r-- | meta/recipes-bsp/u-boot/u-boot-tools_2018.11.bb (renamed from meta/recipes-bsp/u-boot/u-boot-tools_2018.07.bb) | 0 | ||||
-rw-r--r-- | meta/recipes-bsp/u-boot/u-boot_2018.11.bb (renamed from meta/recipes-bsp/u-boot/u-boot_2018.07.bb) | 0 |
6 files changed, 2 insertions, 207 deletions
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch b/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch deleted file mode 100644 index fed3c3dcb9..0000000000 --- a/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 7346c1e192d63cd35f99c7e845e53c5d4d0bdc24 Mon Sep 17 00:00:00 2001 -From: Teddy Reed <teddy.reed@gmail.com> -Date: Sat, 9 Jun 2018 11:45:20 -0400 -Subject: [PATCH] vboot: Do not use hashed-strings offset - -The hashed-strings signature property includes two uint32_t values. -The first is unneeded as there should never be a start offset into the -strings region. The second, the size, is needed because the added -signature node appends to this region. - -See tools/image-host.c, where a static 0 value is used for the offset. - -Signed-off-by: Teddy Reed <teddy.reed@gmail.com> -Reviewed-by: Simon Glass <sjg@chromium.org> - -Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; - h=7346c1e192d63cd35f99c7e845e53c5d4d0bdc24] - -CVE: CVE-2018-1000205 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - common/image-sig.c | 7 +++++-- - tools/image-host.c | 1 + - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/common/image-sig.c b/common/image-sig.c -index 8d2fd10..5a269d3 100644 ---- a/common/image-sig.c -+++ b/common/image-sig.c -@@ -377,8 +377,11 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode, - /* Add the strings */ - strings = fdt_getprop(fit, noffset, "hashed-strings", NULL); - if (strings) { -- fdt_regions[count].offset = fdt_off_dt_strings(fit) + -- fdt32_to_cpu(strings[0]); -+ /* -+ * The strings region offset must be a static 0x0. -+ * This is set in tool/image-host.c -+ */ -+ fdt_regions[count].offset = fdt_off_dt_strings(fit); - fdt_regions[count].size = fdt32_to_cpu(strings[1]); - count++; - } -diff --git a/tools/image-host.c b/tools/image-host.c -index 8e43671..be2d59b 100644 ---- a/tools/image-host.c -+++ b/tools/image-host.c -@@ -135,6 +135,7 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, - - ret = fdt_setprop(fit, noffset, "hashed-nodes", - region_prop, region_proplen); -+ /* This is a legacy offset, it is unused, and must remain 0. */ - strdata[0] = 0; - strdata[1] = cpu_to_fdt32(string_size); - if (!ret) { --- -2.7.4 - diff --git a/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch b/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch deleted file mode 100644 index bb79af1c7b..0000000000 --- a/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-2.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 72239fc85f3eda078547956608c063ab965e90e9 Mon Sep 17 00:00:00 2001 -From: Teddy Reed <teddy.reed@gmail.com> -Date: Sat, 9 Jun 2018 11:38:05 -0400 -Subject: [PATCH] vboot: Add FIT_SIGNATURE_MAX_SIZE protection - -This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the -max size of a FIT header's totalsize field. The field is checked before -signature checks are applied to protect from reading past the intended -FIT regions. - -This field is not part of the vboot signature so it should be sanity -checked. If the field is corrupted then the structure or string region -reads may have unintended behavior, such as reading from device memory. -A default value of 256MB is set and intended to support most max storage -sizes. - -Suggested-by: Simon Glass <sjg@chromium.org> -Signed-off-by: Teddy Reed <teddy.reed@gmail.com> -Reviewed-by: Simon Glass <sjg@chromium.org> - -Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; - h=72239fc85f3eda078547956608c063ab965e90e9] - -CVE: CVE-2018-1000205 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - Kconfig | 10 ++++++++++ - common/image-sig.c | 5 +++++ - test/py/tests/test_vboot.py | 33 +++++++++++++++++++++++++++++++++ - tools/Makefile | 1 + - 4 files changed, 49 insertions(+) - -diff --git a/Kconfig b/Kconfig -index 5a82c95..c8b86cd 100644 ---- a/Kconfig -+++ b/Kconfig -@@ -267,6 +267,16 @@ config FIT_SIGNATURE - format support in this case, enable it using - CONFIG_IMAGE_FORMAT_LEGACY. - -+config FIT_SIGNATURE_MAX_SIZE -+ hex "Max size of signed FIT structures" -+ depends on FIT_SIGNATURE -+ default 0x10000000 -+ help -+ This option sets a max size in bytes for verified FIT uImages. -+ A sane value of 256MB protects corrupted DTB structures from overlapping -+ device memory. Assure this size does not extend past expected storage -+ space. -+ - config FIT_VERBOSE - bool "Show verbose messages when FIT images fail" - help -diff --git a/common/image-sig.c b/common/image-sig.c -index f65d883..8d2fd10 100644 ---- a/common/image-sig.c -+++ b/common/image-sig.c -@@ -156,6 +156,11 @@ static int fit_image_setup_verify(struct image_sign_info *info, - { - char *algo_name; - -+ if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) { -+ *err_msgp = "Total size too large"; -+ return 1; -+ } -+ - if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { - *err_msgp = "Can't get hash algo property"; - return -1; -diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py -index ee939f2..3d25ec3 100644 ---- a/test/py/tests/test_vboot.py -+++ b/test/py/tests/test_vboot.py -@@ -26,6 +26,7 @@ Tests run with both SHA1 and SHA256 hashing. - - import pytest - import sys -+import struct - import u_boot_utils as util - - @pytest.mark.boardspec('sandbox') -@@ -105,6 +106,26 @@ def test_vboot(u_boot_console): - util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb, - '-r', fit]) - -+ def replace_fit_totalsize(size): -+ """Replace FIT header's totalsize with something greater. -+ -+ The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE. -+ If the size is greater, the signature verification should return false. -+ -+ Args: -+ size: The new totalsize of the header -+ -+ Returns: -+ prev_size: The previous totalsize read from the header -+ """ -+ total_size = 0 -+ with open(fit, 'r+b') as handle: -+ handle.seek(4) -+ total_size = handle.read(4) -+ handle.seek(4) -+ handle.write(struct.pack(">I", size)) -+ return struct.unpack(">I", total_size)[0] -+ - def test_with_algo(sha_algo): - """Test verified boot with the given hash algorithm. - -@@ -146,6 +167,18 @@ def test_vboot(u_boot_console): - util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir, - '-k', dtb]) - -+ # Replace header bytes -+ bcfg = u_boot_console.config.buildconfig -+ max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0) -+ existing_size = replace_fit_totalsize(max_size + 1) -+ run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False) -+ cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo) -+ -+ # Replace with existing header bytes -+ replace_fit_totalsize(existing_size) -+ run_bootm(sha_algo, 'signed config', 'dev+', True) -+ cons.log.action('%s: Check default FIT header totalsize' % sha_algo) -+ - # Increment the first byte of the signature, which should cause failure - sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' % - (fit, sig_node)) -diff --git a/tools/Makefile b/tools/Makefile -index 5dd33ed..0c3341e 100644 ---- a/tools/Makefile -+++ b/tools/Makefile -@@ -133,6 +133,7 @@ ifdef CONFIG_FIT_SIGNATURE - # This affects include/image.h, but including the board config file - # is tricky, so manually define this options here. - HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE -+HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=$(CONFIG_FIT_SIGNATURE_MAX_SIZE) - endif - - ifdef CONFIG_SYS_U_BOOT_OFFS --- -2.7.4 - diff --git a/meta/recipes-bsp/u-boot/u-boot-common_2018.07.inc b/meta/recipes-bsp/u-boot/u-boot-common_2018.11.inc index 22b44dccc6..6f4a10b7a4 100644 --- a/meta/recipes-bsp/u-boot/u-boot-common_2018.07.inc +++ b/meta/recipes-bsp/u-boot/u-boot-common_2018.11.inc @@ -8,11 +8,8 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "8c5d4fd0ec222701598a27b26ab7265d4cee45a3" +SRCREV = "0157013f4a4945bbdb70bb4d98d680e0845fd784" -SRC_URI = "git://git.denx.de/u-boot.git \ - file://CVE-2018-1000205-1.patch \ - file://CVE-2018-1000205-2.patch \ -" +SRC_URI = "git://git.denx.de/u-boot.git" S = "${WORKDIR}/git" diff --git a/meta/recipes-bsp/u-boot/u-boot-fw-utils_2018.07.bb b/meta/recipes-bsp/u-boot/u-boot-fw-utils_2018.11.bb index 52c13e75d8..52c13e75d8 100644 --- a/meta/recipes-bsp/u-boot/u-boot-fw-utils_2018.07.bb +++ b/meta/recipes-bsp/u-boot/u-boot-fw-utils_2018.11.bb diff --git a/meta/recipes-bsp/u-boot/u-boot-tools_2018.07.bb b/meta/recipes-bsp/u-boot/u-boot-tools_2018.11.bb index 127c4c15d1..127c4c15d1 100644 --- a/meta/recipes-bsp/u-boot/u-boot-tools_2018.07.bb +++ b/meta/recipes-bsp/u-boot/u-boot-tools_2018.11.bb diff --git a/meta/recipes-bsp/u-boot/u-boot_2018.07.bb b/meta/recipes-bsp/u-boot/u-boot_2018.11.bb index 37c21dcaa3..37c21dcaa3 100644 --- a/meta/recipes-bsp/u-boot/u-boot_2018.07.bb +++ b/meta/recipes-bsp/u-boot/u-boot_2018.11.bb |