[U-Boot] Buffer overrun risk in UBI SPL for secure boot
Joel Peshkin
joel.peshkin at broadcom.com
Wed Sep 4 04:57:56 UTC 2019
It seems that, in the process of doing any sort of secure boot chain of
trust, anything loading a UBI volume in preparation to authenticate it,
will load a volume of unknown size into a buffer prior to checking the
signature of that volume.
Has anyone considered a solution for this? Should all implementations just
carve out a buffer at the top of memory for ubispl_load_volume or should
the ubispl_load data structure be amended to include a size? It would seem
appropriate to include a size, but not clear how to do that without
breaking compatibility with existing implementations.
More information about the U-Boot
mailing list