[U-Boot] Does U-boot support ASLR?

Mike Frysinger vapier at gentoo.org
Thu Feb 9 21:34:02 CET 2012


On Thursday 09 February 2012 15:06:48 Scott Wood wrote:
> As for tftpload not having length bounds, that's the kind of thing that
> anyone trying to put together a secure loader would want to fix
> (assuming they're using tftpload in the first place)

which is my point -- u-boot is so completely opening, throwing ASLR in there 
makes no sense.  there are plenty of ways to break the system.

> but if such a hole
> gets through, perhaps ASLR might make it more difficult to use that
> length overrun to take control of the system (versus simply crash it).

if you can overwrite any of u-boot, then i doubt this is that hard.  this is 
what NOP slides are very good at.

> >> It probably doesn't make sense as default behavior, but I could see it
> >> being useful in some situations.
> > 
> > such as ?
> 
> When you can solve issues such as entropy generation, and are limiting
> external exposure to interfaces that should be secure (but might have
> bugs).  I can especially see people wanting this who are using hardware
> secure boot mechanisms (i.e. U-Boot itself was cryptographically verified).

this isn't an example of how ASLR would be useful
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20120209/8374d34f/attachment.pgp>


More information about the U-Boot mailing list