Dear Jason,
In message 4F3451DE.3050503@ggsg.cisco.com you wrote:
Agreed, but in the grand scheme of things, does that mean the maintainers of U-boot will ONLY allow patches in that fix the biggest security hole that currently exists? If someone desires to patch a small hole because they have a reason to, or desire to, but it's currently the biggest hole out there, should said person be denied the opportunity to present a patch for the hole they've identified?
Well, we always have to ask ourself what the benefit of any patch is: Is it useful to soemone? Does it hurt others? Does it improve U-Boot in any significant way? Does it make maintainance of U-Boot easier or more difficult? etc.
In case of ASLR, my personal feeling is that there are tons and tons of other areas that would be way more important to "harden" U-Boot.
Adding ASLR sounds to me just like a buzzword you can put on some list of features, where it does not help you anything except maybe to collect some brownie points.
Best regards,
Wolfgang Denk