On 10/27/19 4:47 PM, Simon Glass wrote:
For better or worse libfdt recent grew a lot of code that checks the
validity of the device tree in great detail. When using unsigned or
unverified data this makes things safer, but it does add to code size.
Add some controls to select the trade-off between safety and code size.
Signed-off-by: Simon Glass <s...@chromium.org>
---
lib/Kconfig | 33 +++++++++++++++++++++++++++++++++
lib/libfdt/Makefile | 3 ++-
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 135f0b372b..b8a8509d72 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -464,6 +464,17 @@ config OF_LIBFDT
particular compatible nodes. The library operates on a flattened
version of the device tree.
+config OF_LIBFDT_ASSUME_MASK
+ hex "Mask of conditions to assume for libfdt"
+ depends on OF_LIBFDT || FIT
+ default 0
+ help
+ Use this to change the assumptions made by libfdt about the
+ device tree it is working with. A value of 0 means that no assumptions
+ are made, and libfdt is able to deal with malicious data. A value of
What do you mean by malicious here?
The checks in libfdt are about inconsistent FDT files. But they would
not discover malicious settings like a destructive voltage or frequency.
Would FDT_ASSUME_SANE match what we have been checking up to now? Why
not use 1 as the default here to reduce the code size of U-Boot?
+ 0xff means all assumptions are made and any invalid data may cause
+ unsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h
+
config OF_LIBFDT_OVERLAY
bool "Enable the FDT library overlay support"
depends on OF_LIBFDT
@@ -481,6 +492,17 @@ config SPL_OF_LIBFDT
particular compatible nodes. The library operates on a flattened
version of the device tree.
+config SPL_OF_LIBFDT_ASSUME_MASK
+ hex "Mask of conditions to assume for libfdt"
+ depends on SPL_OF_LIBFDT || FIT
+ default 0xff
On some devices the device tree is provided by the device (e.g. QEMU).
Is it wise to set FDT_ASSUME_LATEST in this case?
Best regards
Heinrich
+ help
+ Use this to change the assumptions made by libfdt in SPL about the
+ device tree it is working with. A value of 0 means that no assumptions
+ are made, and libfdt is able to deal with malicious data. A value of
+ 0xff means all assumptions are made and any invalid data may cause
+ unsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h
+
config TPL_OF_LIBFDT
bool "Enable the FDT library for TPL"
default y if TPL_OF_CONTROL
@@ -491,6 +513,17 @@ config TPL_OF_LIBFDT
particular compatible nodes. The library operates on a flattened
version of the device tree.
+config TPL_OF_LIBFDT_ASSUME_MASK
+ hex "Mask of conditions to assume for libfdt"
+ depends on TPL_OF_LIBFDT || FIT
+ default 0xff
+ help
+ Use this to change the assumptions made by libfdt in TPL about the
+ device tree it is working with. A value of 0 means that no assumptions
+ are made, and libfdt is able to deal with malicious data. A value of
+ 0xff means all assumptions are made and any invalid data may cause
+ unsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h
+
config FDT_FIXUP_PARTITIONS
bool "overwrite MTD partitions in DTS through defined in 'mtdparts'"
depends on OF_LIBFDT
diff --git a/lib/libfdt/Makefile b/lib/libfdt/Makefile
index ef5b6e29d4..5d3ae4e2f1 100644
--- a/lib/libfdt/Makefile
+++ b/lib/libfdt/Makefile
@@ -22,4 +22,5 @@ obj-y += fdt_ro.o
# U-Boot own file
obj-y += fdt_region.o
-ccflags-y := -I$(srctree)/scripts/dtc/libfdt
+ccflags-y := -I$(srctree)/scripts/dtc/libfdt \
+ -DFDT_ASSUME_MASK=$(CONFIG_$(SPL_TPL_)OF_LIBFDT_ASSUME_MASK)
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
