Hi Alex,
On Fri, 14 May 2021 at 15:50, Alex G. mr.nuke.me@gmail.com wrote:
On 5/6/21 9:24 AM, Simon Glass wrote:
Drop the #ifdefs which are easy to remove without refactoring.
Signed-off-by: Simon Glass sjg@chromium.org
(no changes since v1)
common/Kconfig.boot | 10 ++++++++++ common/image-fit-sig.c | 8 ++------ common/image-fit.c | 7 ++++--- 3 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 03a6e6f214f..a31d9847124 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -191,6 +191,16 @@ config SPL_FIT_SIGNATURE select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK
+config SPL_FIT_SIGNATURE_MAX_SIZE
hex "Max size of signed FIT structures in SPL"depends on SPL_FIT_SIGNATUREdefault 0x10000000helpThis option sets a max size in bytes for verified FIT uImages.A sane value of 256MB protects corrupted DTB structures from overlappingdevice memory. Assure this size does not extend past expected storagespace.I can't find an argument of why we'd want a separate FIT_SIGNATURE_MAX_SIZE for SPL. This also seems unrelated to the commit message of reducing ifdefs.
Often SPL has lower limits, e.g. since there is only so much SRAM, a large file might indicate some sort of attack.
Regards, SImon