Uncategorized

U-Boot v2017.09 released

Tom Rini has announced the v2017.09 release of U-Boot. And it clarifies status of VU166743/CVE-2017-3225/CVE-2017-3226, excerpt below:

I’ve released v2017.09 and it’s now live on git and FTP and ACD (along with PGP sig file). There’s a few things I need to headline in this release. First and foremost is https://www.kb.cert.org/vuls/id/166743 (aka CVE-2017-3225 and CVE-2017-3226). If you’re using CONFIG_ENV_AES in your project, you have security implications to worry about and decide the correct path forward in. With respect to the community, I marked it as deprecated for this release, and I plan to remove it for the next release unless someone with relevant background steps up and wants to rewrite the code in question (and make sure the rest of the environment code isn’t going to lead to other issues similar to CVE-2017-3226). Both of the issues in question here could be fixed but the worry is about it being the “tip of the iceberg” in the area. […]

Full announcement:

https://lists.denx.de/pipermail/u-boot/2017-September/305340.html

 

Standard
Uncategorized

more on U-Boot encryption vulnerabilties

Re: https://firmwaresecurity.com/2017/09/08/u-boot-aes-cbc-encryption-multiple-vulnerabilities/

I asked on the U-Boot mailing list for more information on this issue. The response from Tom Rini of Konsulko:

So, I mentioned this in the patch that migrated the option to Kconfig and marked it deprecated, and I plan to mention it in the release notes on Monday. But, this option has no in-tree users and I plan to remove the code in the near term, if no one with the relevant background steps up to re-implement it. Thanks!

Full post:

https://lists.denx.de/pipermail/u-boot/2017-September/305181.html

Standard
Uncategorized

U-Boot v2016.09 released

Tom Rini of Konsulko announced the latest release of U-Boot on the u-boot list @lists.denx.de.

Highlights:
– More DM work (MMC, of-platdata for size constrained instances, etc)
– Lots and lots of architecture / SoC / Platform updates: x86, rockchip,
  sunxi, TI, NXP/FSL, Tegra, Zynq, uniphier
– mkimage cleanups
– More test.py updates, vboot now a testcase
– Secure boot work on both ARM and PowerPC.
– PSCI updates
– MAKEALL is gone, buildman is for use by all
– We now have xtensa support
– DT overlays
– More Kconfig migration
– Some NFS fixes

Read the full announcement if you’re able to help U-Boot with testing, they’re looking for some help with their new automated test framework.
https://github.com/swarren/uboot-test-hooks
https://github.com/trini/uboot-test-hooks
http://www.denx.de/wiki/U-Boot

Standard
Uncategorized

U-Boot v2016.09-rc2 released

Tom Rini of Konsulko announced the v2016.09-rc2 release of U-Boot. Excerpting most of his announcement:

It’s release day and v2016.09-rc2 is out now.  […]

A short list of changes to come in now are:
– More and various SoC and architecture updates
– Various DM updates and conversions
– PSCI updates
– MAKEALL is gone, buildman is for use by all
– We now have xtensa support
– DT overlays

A non-code change is that now I have Jenkins setup to automatically poll my WIP branches and run test/py/test.py on a few real boards along with sandbox.  I still have some more configuring and cabling to do, and a few more boards I can get setup.

For more info, see the announcement on the u-boot mailing list.

Standard
Uncategorized

U-Boot v2016.09-rc1 released

Tom Rini of Konsulko announced the v2016.09-rc1 release of U-Boot, his announcement to the U-Boot list is excerpted below:

It’s release day and v2016.09-rc1 is out and the merge window is closed. I’ve updated git and the tarballs are also up now.  I’ve made an attempt at keeping track of what updated as things went along this time:
– DM / MMC block device clean up, patman improvements
– DM now supports of-platdata for cases where we are very much size constrained.
– Various SPI fixes / improvements
– Arch / SoC / Platform updates: x86, rockchip, sunxi, TI, NXP/FSL, Tegra, Zynq, uniphier
– First round of updates to the PSCI code to make it easier to use.
– mkimage cleanups
– More test.py updates, vboot now a testcase
– Secure boot on MPC85xx.

And of course, other things as well.  Please feel free to chime in if there’s something important I forgot to call out. If you notice any problems with the release, please speak out and thanks all!

Standard
Uncategorized

U-Boot v2016.07 released

Tom Rini of Konsulko announced U-Boot v2016.07. Excerpting his announcement:

[…] I’ve released v2016.07 and it’s now live on git and FTP and ACD.  As a possible bonus, the tarball is now signed with my PGP key. Looking over the changes in this release, I would say it’s another good, solid, iterative improvement over the last.  MMC has moved to DM, we have more tests for DM now too.  ARM (32 and 64bit), MIPS, x86 have all seen improvements.  We’ve also switched to mirroring what the Linux Kernel does for “libgcc” type functionality now which should help with supporting the compilers that most distributions ship while still catching the types of errors we want caught.  We’ve moved a few more options over to Kconfig (caught some problems in our tools too) and are once again ready for more.  I think we have enough tests available now (thanks to tbot) that really even the complicated things can be moved over now and verified as correct, it’s just a matter of doing it.  We also have the ability for SPL to load FIT images and thus pick the right DT to pass along to the main U-Boot binary. […]

Full announcement:
http://lists.denx.de/pipermail/u-boot/2016-July/260149.html
More info:
http://www.denx.de/wiki/U-Boot

Standard