On Thursday 09 February 2012 13:37:15 Jason Markley wrote: please don't top post, and keep the mailing list in cc
> I agree any proposal would need to be accompanied by good reasoning. > I'm honestly a little confused as to why a generally accepted security > feature such as ASLR would NOT be useful for u-boot. U-boot has the > capability to interact with the outside world via the network as well as > the console. When using the U-boot API, it also remains resident in > memory. Wouldn't something like ASLR enhance the security posture of > U-boot in those situations? u-boot is running in supervisor mode / ring 0 / etc... you have full access to the hardware with a simple `mw` command. randomizing the address base of u-boot doesn't gain you anything. so no, i see no advantage of u-boot itself utilizing ASLR regardless of what it interacts with. ignoring this, there are two fundamental issues with ASLR: - this early on, u-boot has very little (if no) entropy, so any attempts to generate random numbers are going to be fairly predictable - scripts that u-boot runs at boot time often times need a chunk of memory to load and boot stuff out of. if u-boot could randomly be in the middle of that, then your board now randomly fails to boot. the only way around that would be to have u-boot do virtual addresses, and that's clearly a non-starter. -mike
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot