[U-Boot] Buffer overrun risk in UBI SPL for secure boot

Joel Peshkin joel.peshkin at broadcom.com
Mon Sep 9 21:48:45 UTC 2019

Hi Heiko,

    Adding a size limit without breaking things turns out to be much more
difficult that it would seem.  So, instead of capping the size, we have
changed the memory map we are using for uboot.  It is probably worthwhile
for others using UBISPL in a secure boot nevironment to do the same.

   Traditionally, uboot SPL or TPL loads or relocates to an address near
the top of memory and then builds its stack downwards from the top of
memory.   That means that any address we use for a volume.load_address will
eventually step on something if the volume is large enough.   So, we move
everything down by a size that is sufficient for any image that UBISPL may
need to load (32M) and place the CONFIG_SPL_LOAD_FIT_ADDRESS  Above the
stack where it can grow without hitting anything until it causes an

   I'm not sure if there is anything else to be done for this situation
except to caution people implementing secure boot environments to be aware
of their surroundings.


Joel Peshkin

More information about the U-Boot mailing list