[U-Boot] CVE-2018-18439, CVE-2018-18440 - U-Boot verified boot bypass vulnerabilities
Wolfgang Denk
wd at denx.de
Mon Nov 12 08:00:17 UTC 2018
Dear Heinrich,
In message <450f8b6e-b2c0-0a5f-14e0-50c58103aec5 at gmx.de> you wrote:
>
> > I think this is not that complicated. At least in standard U-Boot
> > (not speaking for SPL) it should be sufficient to check the current
> > stack pointer (which is easy to read) and take this a upper limit of
> > available/allowed memory. If we add some reasonable safety margin
> > (say, 1 MB or so) we should be really safe.
>
> Unfortunately this does not hold true. E.g. the Odroid-C2 has the secure
> monitor in the middle of the RAM. You would not want to overwrite those
> addresses.
Urgh... Is there a (technical, say hardware) reason for such a
unlucky design? Who would willingly fragment memory like that?
> For a board with a device tree all reserved memory areas should be
> secured against overwriting.
True.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
The first 90% of a project takes 90% of the time, the last 10% takes
the other 90% of the time.
More information about the U-Boot
mailing list