• Teddy Reed's avatar
    vboot: Add FIT_SIGNATURE_MAX_SIZE protection · 72239fc8
    Teddy Reed authored
    This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
    max size of a FIT header's totalsize field. The field is checked before
    signature checks are applied to protect from reading past the intended
    FIT regions.
    
    This field is not part of the vboot signature so it should be sanity
    checked. If the field is corrupted then the structure or string region
    reads may have unintended behavior, such as reading from device memory.
    A default value of 256MB is set and intended to support most max storage
    sizes.
    Suggested-by: Simon Glass's avatarSimon Glass <sjg@chromium.org>
    Signed-off-by: default avatarTeddy Reed <teddy.reed@gmail.com>
    Reviewed-by: Simon Glass's avatarSimon Glass <sjg@chromium.org>
    72239fc8
Kconfig 16.6 KB