[PATCH v2 47/50] image: Remove some #ifdefs from image-fit and image-fit-sig
Simon Glass
sjg at chromium.org
Sat May 15 17:20:25 CEST 2021
Hi Alex,
On Fri, 14 May 2021 at 15:50, Alex G. <mr.nuke.me at gmail.com> wrote:
>
>
>
> On 5/6/21 9:24 AM, Simon Glass wrote:
> > Drop the #ifdefs which are easy to remove without refactoring.
> >
> > Signed-off-by: Simon Glass <sjg at chromium.org>
> > ---
> >
> > (no changes since v1)
> >
> > common/Kconfig.boot | 10 ++++++++++
> > common/image-fit-sig.c | 8 ++------
> > common/image-fit.c | 7 ++++---
> > 3 files changed, 16 insertions(+), 9 deletions(-)
> >
> > diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> > index 03a6e6f214f..a31d9847124 100644
> > --- a/common/Kconfig.boot
> > +++ b/common/Kconfig.boot
> > @@ -191,6 +191,16 @@ config SPL_FIT_SIGNATURE
> > select SPL_IMAGE_SIGN_INFO
> > select SPL_FIT_FULL_CHECK
> >
> > +config SPL_FIT_SIGNATURE_MAX_SIZE
> > + hex "Max size of signed FIT structures in SPL"
> > + depends on SPL_FIT_SIGNATURE
> > + default 0x10000000
> > + help
> > + This option sets a max size in bytes for verified FIT uImages.
> > + A sane value of 256MB protects corrupted DTB structures from overlapping
> > + device memory. Assure this size does not extend past expected storage
> > + space.
> > +
>
> I can't find an argument of why we'd want a separate
> FIT_SIGNATURE_MAX_SIZE for SPL. This also seems unrelated to the commit
> message of reducing ifdefs.
Often SPL has lower limits, e.g. since there is only so much SRAM, a
large file might indicate some sort of attack.
Regards,
SImon
More information about the U-Boot
mailing list