Boot firmware updates alternative fixes#459
Conversation
igoropaniuk
force-pushed
the
boot_firmware_updates_alternative_fixes
branch
from
17f88ba to
ac8f3aa
Compare
|
@mike-scott added additional fixes for reset cmd, this is what we discussed yesterday in Slack |
igoropaniuk
requested review from
MrCry0,
Tim-Anderson,
angolini,
ldts and
vanmaegima
| run bootcmd_bootenv | ||
| if test -n "${fiovb_rpmb}"; then | ||
| fiovb write_pvalue bootupgrade_available 0; | ||
| fiovb write_pvalue bootfirmware_version ${bootfirmware_version}; |
There was a problem hiding this comment.
I'd guard the variable ${bootfirmware_version} with double quotes - it comes from a file and might be a source of an attack on the u-boot level.
I.e. if someone compromises /usr/lib/firmware/version.txt and writes something like:
bootfirmware_version="0; ...{some hacking code}..."
There was a problem hiding this comment.
yeah, at first sight it might look like vulnaribility, but value "unfolding" works too simplistic (comparing to real interpreted languages) and can not trigger any code execution. I have even run some tests:
with wrapping:
=> setenv bootfirmware_version "0; echo hello"
=> setenv bootfirmware_version "${bootfirmware_version}";
=> print bootfirmware_version
bootfirmware_version=0; echo hello
and without:
=> setenv bootfirmware_version "0; echo hello"
=> setenv bootfirmware_version ${bootfirmware_version};
=> print bootfirmware_version
bootfirmware_version=0; echo hello
in both cases it did not result in execution of echo cmd. The only way to do that is use run explicitly:
=> run bootfirmware_version
Unknown command '0' - try 'help'
hello
There was a problem hiding this comment.
Sure. Now u-boot uses such a simple unfolding process. In the future, it can be replaced with a more advanced one. We can prevent possible side effects right now by just add a pair of quotes :)
There was a problem hiding this comment.
Yes, makes sense.
Fixed that
Handle rollback for boot firmware in alternative boot upgrade path. Restoring of old firmware now is also done during rollback. Signed-off-by: Igor Opaniuk <[email protected]>
Drop CONFIG_BOOTCOUNT_LIMIT, as this is now handled in boot.cmd instead. Signed-off-by: Igor Opaniuk <[email protected]>
Disable bootdelay for iMX8QM-MEK. Signed-off-by: Igor Opaniuk <[email protected]>
Enable CONFIG_PSCI_BOARD_REBOOT, which enables reboot cmd for triggering board reset (SC_PM_RESET_TYPE_BOARD). Default reset cmd is doing SC_PM_RESET_TYPE_COLD, which doesn't force BootROM to reload imx-boot firmware. Signed-off-by: Igor Opaniuk <[email protected]>
Add possibility to re-define cmd for reseting board. Signed-off-by: Igor Opaniuk <[email protected]>
Define custom do_reboot cmd. Signed-off-by: Igor Opaniuk <[email protected]>
Guard with double quotes all imported variables from file, as it might be a source of an attack on the U-Boot level. Signed-off-by: Igor Opaniuk <[email protected]>
igoropaniuk
force-pushed
the
boot_firmware_updates_alternative_fixes
branch
from
7f16179 to
7f2987a
Compare
4 participants
No description provided.