On Tue, Mar 03, 2026 at 09:08:59AM +0100, Ahmad Fatoum wrote: > Hello Tom, > > On 3/2/26 23:09, Tom Rini wrote: > > There is a flaw in how U-Boot verifies and generates signatures for FIT > > images. To prevent mix and match style attacks, it is recommended to > > use signed configurations. How this is supposed to work is documented in > > doc/usage/fit/signature.rst. > > > > Crucially, the `hashed-nodes` property of the `signature` node contains > > which nodes of the FIT device tree were hashed as part of the signature > > and should be verified. However, this property itself is not part of the > > hash and can therefore be modified by an attacker. Furthermore, the > > signature only contains the name of each node and not the path in the > > device tree to the node. > > > > This patch reworks the code to address this specific oversight. > > Do I understand correctly that this is a breaking change > for FIT with signed configurations? > > - New U-Boot hashes more than intended for old FIT > - Old U-Boot hashes less than intended for new FIT
Sadly yes, similar to: commit 79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 Author: Simon Glass <[email protected]> Date: Mon Feb 15 17:08:06 2021 -0700 fit: Don't allow verification of images with @ nodes When searching for a node called 'fred', any unit address appended to the name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This means that we cannot be sure that the node originally intended is the one that is used. Disallow use of nodes with unit addresses. Update the forge test also, since it uses @ addresses. CVE-2021-27138 Signed-off-by: Simon Glass <[email protected]> Reported-by: Bruce Monroe <[email protected]> Reported-by: Arie Haenel <[email protected]> Reported-by: Julien Lenoir <[email protected]> -- Tom
signature.asc
Description: PGP signature
