Hi Heinrich, On Sun, 27 Oct 2019 at 12:06, Heinrich Schuchardt <xypron.g...@gmx.de> wrote: > > On 10/27/19 4:47 PM, Simon Glass wrote: > > For better or worse libfdt recent grew a lot of code that checks the > > validity of the device tree in great detail. When using unsigned or > > unverified data this makes things safer, but it does add to code size. > > > > Add some controls to select the trade-off between safety and code size. > > > > Signed-off-by: Simon Glass <s...@chromium.org> > > --- > > > > lib/Kconfig | 33 +++++++++++++++++++++++++++++++++ > > lib/libfdt/Makefile | 3 ++- > > 2 files changed, 35 insertions(+), 1 deletion(-) > > > > diff --git a/lib/Kconfig b/lib/Kconfig > > index 135f0b372b..b8a8509d72 100644 > > --- a/lib/Kconfig > > +++ b/lib/Kconfig > > @@ -464,6 +464,17 @@ config OF_LIBFDT > > particular compatible nodes. The library operates on a flattened > > version of the device tree. > > > > +config OF_LIBFDT_ASSUME_MASK > > + hex "Mask of conditions to assume for libfdt" > > + depends on OF_LIBFDT || FIT > > + default 0 > > + help > > + Use this to change the assumptions made by libfdt about the > > + device tree it is working with. A value of 0 means that no > > assumptions > > + are made, and libfdt is able to deal with malicious data. A value of > > What do you mean by malicious here?
Someone trying to compromise the system with a carefully crafted DT. > > The checks in libfdt are about inconsistent FDT files. But they would > not discover malicious settings like a destructive voltage or frequency. That's right. To cover that people should probably use verified boot. > > Would FDT_ASSUME_SANE match what we have been checking up to now? Why > not use 1 as the default here to reduce the code size of U-Boot? Possibly. I'm open to changing this as the code size increase is a paind. But most of the new checking code could be dropped by enabling FDT_ASSUME_FRIENDLY. Take a look at that and see what you think. > > > + 0xff means all assumptions are made and any invalid data may cause > > + unsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h > > + > > config OF_LIBFDT_OVERLAY > > bool "Enable the FDT library overlay support" > > depends on OF_LIBFDT > > @@ -481,6 +492,17 @@ config SPL_OF_LIBFDT > > particular compatible nodes. The library operates on a flattened > > version of the device tree. > > > > +config SPL_OF_LIBFDT_ASSUME_MASK > > + hex "Mask of conditions to assume for libfdt" > > + depends on SPL_OF_LIBFDT || FIT > > + default 0xff > > On some devices the device tree is provided by the device (e.g. QEMU). > Is it wise to set FDT_ASSUME_LATEST in this case? Well I think we have been on the current version for about 13 years, so probably. Regards, Simon [..] _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
