[v1, 0/2] vbe: bound FIT external-data reads against the firmware area
Simon Glass
sjg at chromium.org
Tue Jun 23 17:01:48 CEST 2026
Hi Aristo,
On 2026-06-21T14:39:32, Aristo Chen <aristo.chen at canonical.com> wrote:
> One open question: should the external-data blk_read() in vbe_read_fit()
> also be deferred until after the phase has been signature-verified,
> rather than just bounded?
The bounded read is the right first step. Deferring until after
verification touches the SPL/TPL/VPL call paths and the bootmeth flow,
so that could be done as a separate series.
> Patch 2 adds the missing range check ...
This could use a sandbox test that gives vbe_read_fit() a FIT with an
out-of-range data-position or oversized data-size and checks it
returns -E2BIG
Regards,
Simon
More information about the U-Boot
mailing list