[U-Boot] Does U-boot support ASLR?
Mike Frysinger
vapier at gentoo.org
Thu Feb 9 21:34:02 CET 2012
On Thursday 09 February 2012 15:06:48 Scott Wood wrote:
> As for tftpload not having length bounds, that's the kind of thing that
> anyone trying to put together a secure loader would want to fix
> (assuming they're using tftpload in the first place)
which is my point -- u-boot is so completely opening, throwing ASLR in there
makes no sense. there are plenty of ways to break the system.
> but if such a hole
> gets through, perhaps ASLR might make it more difficult to use that
> length overrun to take control of the system (versus simply crash it).
if you can overwrite any of u-boot, then i doubt this is that hard. this is
what NOP slides are very good at.
> >> It probably doesn't make sense as default behavior, but I could see it
> >> being useful in some situations.
> >
> > such as ?
>
> When you can solve issues such as entropy generation, and are limiting
> external exposure to interfaces that should be secure (but might have
> bugs). I can especially see people wanting this who are using hardware
> secure boot mechanisms (i.e. U-Boot itself was cryptographically verified).
this isn't an example of how ASLR would be useful
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20120209/8374d34f/attachment.pgp>
More information about the U-Boot
mailing list