Previously, a subpage with an uncorrectable error followed by a subpage
with a correctable error would return an erroneous correctable status.
Signed-off-by: Joel Peshkin
Cc: Simon Glass
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
Hi Heinrich,
Has there been any progress in getting the EFI erors fixed so that this can
be committed? There seems to be little point in my refreshing this patch
until that is done.
Thanks,
-Joel
On Mon, Mar 22, 2021 at 10:37 AM Heinrich Schuchardt
wrote:
> On 09.02.21 04:36, Joel Pesh
I've been using bootstopkeysha256 and, if I want to make it completely
impossible to enter, just setting it to an impossible value. To do this,
I do have an additional patch to common/autoboot.c that calls the password
mechanism one last time after a bootcmd fails and loops until reset if it
isn'
Hi Takahiro Akashi,
The issue here is causing a failure in the EFI tests whenever the
compiler is checking to make sure the code is not overrunning the stack.
Fixing it is absolutely necessary. To see this problem, please apply
https://patchwork.ozlabs.org/project/uboot/patch/20210209033607.70
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin
---
Cc: Simon Glass
Cc: Heinrich Schuchardt
Changes for v9:
- Fix pytest script post-test reboot
Changes for v8:
- Fix commit message
- Force canary to UL type
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin
---
Cc: Simon Glass
Cc: Heinrich Schuchardt
Changes for v8:
- Fix commit message
- Force canary to UL type
Changes for v7:
- Fix commit message
- add
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin
Cc: Simon Glass
Cc: Heinrich Schuchardt
Changes for v7:
- Fix commit message
- add __builtin_extract_return_addr() calls
Changes for v6:
- Fix commit message
No worries. As long as there is a mechanism that will work OK.
On Wed, Jan 13, 2021 at 12:16 PM Tom Rini wrote:
> On Wed, Jan 13, 2021 at 09:10:41AM -0700, Simon Glass wrote:
>
> > Hi Joel,
> >
> > On Mon, 11 Jan 2021 at 20:01, Joel Peshkin
> wrote:
> >
Cc: Simon Glass
Cc: Heinrich Schuchardt
Signed-off-by: Joel Peshkin
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Changes for v6:
- Fix commit message
Changes for v5:
- Rebase
Changes for v4:
- Exclude EFI from stackprotector
Cc: Simon Glass
Cc: Heinrich Schuchardt
---
scripts/fixdefconfig | 25 +
1 file changed, 25 insertions(+)
create mode 100755 scripts/fixdefconfig
diff --git a/scripts/fixdefconfig b/scripts/fixdefconfig
new file mode 100755
index 000..7f36762
--- /dev/null
+++ b/scr
Cc: Joel Peshkin ,
Simon Glass ,
Bin Meng ,
Jagan Teki ,
Kever Yang ,
Heinrich Schuchardt ,
AKASHI Takahiro ,
Usama Arif ,
Sam Protsenko ,
Masahiro Yamada ,
Philippe Reynes ,
Eugeniu Rosca ,
Jan Kiszka
Cc: Simon Glass
Cc: Bin Meng
Cc: Jagan Teki
Cc: Kever Yang
Cc: Heinrich Schuchardt
Cc: AKASHI Takahiro
Cc: Usama Arif
Cc: Sam Protsenko
Cc: Masahiro Yamada
Cc: Philippe Reynes
Cc: Eugeniu Rosca
Cc: Jan Kiszka
Signed-off-by: Joel Peshkin
Changes for v4:
- Exclude EFI from
Cc: Simon Glass
Cc: Bin Meng
Cc: Jagan Teki
Cc: Kever Yang
Cc: Heinrich Schuchardt
Cc: AKASHI Takahiro
Cc: Usama Arif
Cc: Sam Protsenko
Cc: Masahiro Yamada
Cc: Philippe Reynes
Cc: Eugeniu Rosca
Cc: Jan Kiszka
Signed-off-by: Joel Peshkin
Changes for v3:
- Move test command to cmd
Hi Alex,
Yeah, I think I'll wind up with some ifdef code for the static init.
In the case of arm (32-bit), there is actually a GCC bug that causes it to
use the address of the canary value instead of the canary value itself.
GCC upstream just fixed that a few days ago, but it may be a year or
Cc: Simon Glass
Cc: Bin Meng
Cc: Jagan Teki
Cc: Kever Yang
Cc: Heinrich Schuchardt
Cc: AKASHI Takahiro
Cc: Usama Arif
Cc: Sam Protsenko
Cc: Masahiro Yamada
Cc: Philippe Reynes
Cc: Eugeniu Rosca
Cc: Jan Kiszka
Signed-off-by: Joel Peshkin
Changes for v2:
- Add test command and
Hi Heinrich,
Thank you for your comments. I have 2 questions about how to proceed
1) Unit test
I can add a function that can be used to trigger an overrun, but I am not
sure where to include it as the stack protector prints the error message
and then resets uboot so it wouldn't fir in a
Cc: Simon Glass
Cc: Bin Meng
Cc: Jagan Teki
Cc: Kever Yang
Cc: Heinrich Schuchardt
Cc: AKASHI Takahiro
Cc: Usama Arif
Cc: Sam Protsenko
Cc: Masahiro Yamada
Cc: Philippe Reynes
Cc: Eugeniu Rosca
Cc: Jan Kiszka
Signed-off-by: Joel Peshkin
---
Makefile | 4
common
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compared.
Signed-off-by: Jo
) and the
actual password (as opposed to its sha256) is unlikely to be more than 15
characters.
Regards,
Joel
On Fri, Nov 20, 2020 at 10:05 AM Joel Peshkin
wrote:
> From: Joel Peshkin
>
> Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string
> followed by a &quo
10 characters long, then the user doesn't time out as long as
they start typing within the 5 seconds and average one character per
second. Would this be something that needs to be configurable in Kconfig
or would it be OK to specify the added 1 second time in a #define ??
Thank You,
From: Joel Peshkin
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compare
From: Joel Peshkin
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compare
ation
except to caution people implementing secure boot environments to be aware
of their surroundings.
Regards,
Joel Peshkin
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
) before calling a new
ubispl_load_volumes_bounded() function.
Which do you prefer?
Do I presume correctly that your denx.de email address implies that an
approach you approve will be acceptable if correctly implemented?
Thanks,
Joel Peshkin
On Wed, Sep 4, 2019 at 6:01 AM Heiko Schocher
It seems that, in the process of doing any sort of secure boot chain of
trust, anything loading a UBI volume in preparation to authenticate it,
will load a volume of unknown size into a buffer prior to checking the
signature of that volume.
Has anyone considered a solution for this? Should all im
pe to contribute.
Several team members at Broadcom will be making contributions in this
effort. We are a bit light on U-Boot development experience, so feedback
and advice will be appreciated. We will begin distinct threads on this
list for specific related topics.
-Joel Pe
26 matches
Mail list logo
