Re: [U-Boot] U-Boot TFTP protection
Hi Stefan, On 15 June 2018 at 00:44, Stefan Johansson wrote: > > Hello, > We have been looking at protecting U-Boot from (malicious) TFTP overwrites. > We want to do this after our ARMv7 U-Boot has relocated. > > The memory map looks like this (I hope): > > --- Top of DRAM > | U-Boot (Protected) > | -- U_Boot_start > | Heap (Protected) > | -- Start_Heap = U_Boot_start - Heap_Size > | Stack (Protected) > | -- Start_Stack = Start_Heap - Stack_Size > | Buffers (Protected) > | -- ??? > | Free DRAM (Not Protected) > --- Start of DRAM > > I seem to get lost in the code trying to find possible buffers, can you > please give a hint how I can find the address "???" Well gd->start_addr_sp is the stop of the stack. The size of the stack is not necessarily fixed and will grow downwards from there. But I suppose you could set a particular size and protect from start of DRAM to to the assumed bottom of the stack area. Regards, Simon ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] U-Boot TFTP protection
Hi Stefan, > Hello, > We have been looking at protecting U-Boot from (malicious) TFTP > overwrites. We want to do this after our ARMv7 U-Boot has relocated. > > The memory map looks like this (I hope): > > --- Top of DRAM > | U-Boot (Protected) > | -- U_Boot_start > | Heap (Protected) > | -- Start_Heap = U_Boot_start - Heap_Size > | Stack (Protected) > | -- Start_Stack = Start_Heap - Stack_Size > | Buffers (Protected) > | -- ??? > | Free DRAM (Not Protected) > --- Start of DRAM > > I seem to get lost in the code trying to find possible buffers, can > you please give a hint how I can find the address "???" By default the tftp writes its data to the address pointed by the "loadaddr" env variable. printenv loadaddr > > Best Regards, > Stefan > > ___ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot Best regards, Lukasz Majewski -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de pgp7YYkFCGuxY.pgp Description: OpenPGP digital signature ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] U-Boot TFTP protection
Hello, We have been looking at protecting U-Boot from (malicious) TFTP overwrites. We want to do this after our ARMv7 U-Boot has relocated. The memory map looks like this (I hope): --- Top of DRAM | U-Boot (Protected) | -- U_Boot_start | Heap (Protected) | -- Start_Heap = U_Boot_start - Heap_Size | Stack (Protected) | -- Start_Stack = Start_Heap - Stack_Size | Buffers (Protected) | -- ??? | Free DRAM (Not Protected) --- Start of DRAM I seem to get lost in the code trying to find possible buffers, can you please give a hint how I can find the address "???" Best Regards, Stefan ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot