summaryrefslogtreecommitdiff
path: root/test/py/tests/vboot_forge.py
AgeCommit message (Collapse)Author
2021-02-15fit: Don't allow verification of images with @ nodesSimon Glass
When searching for a node called 'fred', any unit address appended to the name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This means that we cannot be sure that the node originally intended is the one that is used. Disallow use of nodes with unit addresses. Update the forge test also, since it uses @ addresses. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2020-04-01test: vboot: Add a test for a forged configurationSimon Glass
Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org>
generated by cgit v1.2.3 (git 2.0.4) at 2025-07-21 13:08:10 +0000