[v1, 0/2] vbe: bound FIT external-data reads against the firmware area
Aristo Chen
aristo.chen at canonical.com
Tue Jun 23 17:42:18 CEST 2026
Hi Simon
On Tue, Jun 23, 2026 at 11:02 PM Simon Glass <sjg at chromium.org> wrote:
>
> Hi Aristo,
>
> On 2026-06-21T14:39:32, Aristo Chen <aristo.chen at canonical.com> wrote:
>
> > One open question: should the external-data blk_read() in vbe_read_fit()
> > also be deferred until after the phase has been signature-verified,
> > rather than just bounded?
>
> The bounded read is the right first step. Deferring until after
> verification touches the SPL/TPL/VPL call paths and the bootmeth flow,
> so that could be done as a separate series.
Noted, I will prepare a separate patch set after this is merged
>
> > Patch 2 adds the missing range check ...
>
> This could use a sandbox test that gives vbe_read_fit() a FIT with an
> out-of-range data-position or oversized data-size and checks it
> returns -E2BIG
I will figure it out and send a V2
>
> Regards,
> Simon
Best Regards,
Aristo
More information about the U-Boot
mailing list