From 97eb962d643633ff7eb1e7d83e8ce7b1e1aa0c2f Mon Sep 17 00:00:00 2001 From: Oliver O'Halloran Date: Fri, 16 Aug 2019 15:40:20 +1000 Subject: core/flash: Validate secure boot content size [ Upstream commit e2018d2a3d46491dc2abd758c67c1937910b3a67 ] Currently we don't check if the secure boot payload size fits within the partition that we are reading it from. This results in strange failures later on in boot if we cross the boundary between an ECCed and a non-ECCed partition since libflash does not support reading from regions with mixed ECC status. Without this patch: blocklevel_read: Can't cope with partial ecc FLASH: failed to read content size 15728640 BOOTKERNEL partition, rc 3 With: FLASH: Cannot load BOOTKERNEL. Content is larger than the partition Cc: Nayna Jain Signed-off-by: Oliver O'Halloran Acked-by: Stewart Smith Signed-off-by: Vasant Hegde --- core/flash.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'core') diff --git a/core/flash.c b/core/flash.c index bfa4a72..67c39c2 100644 --- a/core/flash.c +++ b/core/flash.c @@ -631,6 +631,10 @@ static int flash_load_resource(enum resource_id id, uint32_t subid, prlog(PR_DEBUG,"FLASH: %s partition %s ECC\n", name, ecc ? "has" : "doesn't have"); + /* + * FIXME: Make the fact we don't support partitions smaller than 4K + * more explicit. + */ if (ffs_part_size < SECURE_BOOT_HEADERS_SIZE) { prerror("FLASH: secboot headers bigger than " "partition size 0x%x\n", ffs_part_size); @@ -668,6 +672,13 @@ static int flash_load_resource(enum resource_id id, uint32_t subid, goto out_free_ffs; } + if (*len > ffs_part_size) { + prerror("FLASH: Cannot load %s. Content is larger than the partition\n", + name); + rc = OPAL_PARAMETER; + goto out_free_ffs; + } + ffs_part_start += SECURE_BOOT_HEADERS_SIZE; rc = blocklevel_read(flash->bl, ffs_part_start, bufp, -- cgit v1.1