4 Sep
2019
4 Sep
'19
6:57 a.m.
It seems that, in the process of doing any sort of secure boot chain of trust, anything loading a UBI volume in preparation to authenticate it, will load a volume of unknown size into a buffer prior to checking the signature of that volume.
Has anyone considered a solution for this? Should all implementations just carve out a buffer at the top of memory for ubispl_load_volume or should the ubispl_load data structure be amended to include a size? It would seem appropriate to include a size, but not clear how to do that without breaking compatibility with existing implementations.