dgit.raspbian.org Git - u-boot.git/commit

author	Simon Glass <sjg@chromium.org>
	Tue, 16 Feb 2021 00:08:10 +0000 (17:08 -0700)
committer	Daniel Leidert <dleidert@debian.org>
	Sun, 29 Jun 2025 00:33:57 +0000 (02:33 +0200)
commit	7aca3f15e1ff9c4e4083c5d522209fe840c46423
tree	355189397d5d5f880df8af55c44657a3dda4ce51	tree \| snapshot
parent	b77a4bcd34a6276213bbca031f802fe371aaa6ad	commit \| diff

image: Add an option to do a full check of the FIT

Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
Bug: https://github.com/advisories/GHSA-3w66-96j7-fmcp
Bug-Debian: https://bugs.debian.org/983270
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-27097
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2021-27097

Gbp-Pq: Name CVE-2021-27097-3.patch

common/Kconfig.boot		diff \| blob \| history
common/image-fit.c		diff \| blob \| history