| #
3312fe83 |
| 11-Oct-2023 |
Manish Pandey <manish.pandey2@arm.com> |
Merge "refactor(console): disable getc() by default" into integration
|
| #
85bebe18 |
| 11-Oct-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
refactor(console): disable getc() by default
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A
refactor(console): disable getc() by default
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.
Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.
This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.
The following changes are introduced when getc() is disabled:
- The multi-console framework no longer provides the console_getc()
function.
- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.
If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up
If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'
- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.
[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.
Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/
Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
show more ...
|
| #
ac56d008 |
| 05-Mar-2020 |
Manish Pandey <manish.pandey2@arm.com> |
Merge changes from topic "console_t_drvdata_fix" into integration
* changes:
imx: console: Use CONSOLE_T_BASE for UART base address
Tegra: spe: use CONSOLE_T_BASE to save MMIO base address
|
| #
6627de53 |
| 05-Mar-2020 |
Andre Przywara <andre.przywara@arm.com> |
imx: console: Use CONSOLE_T_BASE for UART base address
Since commit ac71344e9eca we have the UART base address in the generic
console_t structure. For most platforms the platform-specific struct
con
imx: console: Use CONSOLE_T_BASE for UART base address
Since commit ac71344e9eca we have the UART base address in the generic
console_t structure. For most platforms the platform-specific struct
console is gone, so we *must* use the embedded base address, since there
is no storage behind the generic console_t anymore.
Replace the usage of CONSOLE_T_DRVDATA with CONSOLE_T_BASE to fix this.
Change-Id: I6d2ab0bc2c845c71f98b9dd64d89eef3252f4591
Reported-by: Varun Wadekar <vwadekar@nvidia.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
show more ...
|
| #
8a08e272 |
| 04-Apr-2019 |
Antonio Niño Díaz <antonio.ninodiaz@arm.com> |
Merge pull request #1920 from ambroise-arm/av/deprecated
Remove deprecated interfaces
|
| #
be3991c0 |
| 27-Mar-2019 |
Ambroise Vincent <ambroise.vincent@arm.com> |
Console: remove deprecated finish_console_register
The old version of the macro is deprecated.
Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more det
Console: remove deprecated finish_console_register
The old version of the macro is deprecated.
Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.
Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
show more ...
|
| #
df80b5bf |
| 13-Feb-2019 |
Antonio Niño Díaz <antonio.ninodiaz@arm.com> |
Merge pull request #1816 from grandpaul/paulliu-warp7-multiconsoleapi
imx: warp7: Migrate to MULTI_CONSOLE_API
|
| #
70086dc4 |
| 12-Feb-2019 |
Ying-Chun Liu (PaulLiu) <paulliu@debian.org> |
imx: warp7: Migrate to MULTI_CONSOLE_API
This commit migrates to MULTI_CONSOLE_API for IMX Warp7 board.
We also rename the functions in imx_uart driver to more specific one.
Signed-off-by: Ying-Chu
imx: warp7: Migrate to MULTI_CONSOLE_API
This commit migrates to MULTI_CONSOLE_API for IMX Warp7 board.
We also rename the functions in imx_uart driver to more specific one.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
show more ...
|