| commit | d30febe3929af749a8050d5979b2ae0bfac9b041 | [log] [tgz] |
|---|---|---|
| author | Joel Stanley <joel@jms.id.au> | Mon May 09 17:52:03 2022 +0930 |
| committer | Joel Stanley <joel@jms.id.au> | Mon May 09 22:37:03 2022 +0000 |
| tree | 8e5d32288f9e725b79aa1112f487e5300806fcc5 | |
| parent | 13bb84dc4a8eee75c0dfd79916e073f93e45cf81 [diff] |
u-boot-aspeed: Disable backdoor interfaces This is a version of the CVE-2019-6260 "pantsdown" mitigations for the v2019.04 u-boot branch. The SuperIO and debug UART backdoors can be optionally enabled through u-boot build time configuration, but default to disabled as long as your machine uses the common board_init. These changes are relevant for the AST2400 and the AST2500 only. If your machine relies on these features to boot, look at the options in this patch: https://lore.kernel.org/openbmc/20220504004739.15829-1-zev@bewilderbeest.net/ See this email for instructions on how to test: https://lore.kernel.org/openbmc/CACPK8XfYuWT9Q5G_bo9AGugx-DcODDZ8xb39Sr+Sa8qWqVeW6A@mail.gmail.com/ Thank you to Zev for the work on this patch. Zev Weiss (1): aspeed: Disable backdoor interfaces Change-Id: I4ebeae13047b8c32f2d9324d4ef9c6f98c6f4a60 Signed-off-by: Joel Stanley <joel@jms.id.au>
diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc index 8efeaed..6a43de2 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc
@@ -8,7 +8,7 @@ # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "21fa3f3380749b5bfda4d95230d2911671cf3fcf" +SRCREV = "8dfce92d376f0fb20feecf3eb94df88ce0249d76" SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https" S = "${WORKDIR}/git"