| commit | b849f41729d7872865bdc9895210b25343cc62ab | [log] [tgz] |
|---|---|---|
| author | Jenkins SH <jenkins.sh@amlogic.com> | Wed Nov 20 10:24:02 2024 +0000 |
| committer | Jenkins SH <jenkins.sh@amlogic.com> | Wed Nov 20 10:24:02 2024 +0000 |
| tree | ba287fadbe53fa58d84fbba9d9e393b40dbf7fb4 | |
| parent | ae351b7ff8731855c44938fef5d599657a37f860 [diff] |
commit d7c715292147f2403ef60b04759e19c674ffe366
Author: Vincent Chuang <Vincent.Chuang@mediatek.com>
Date: Fri Apr 21 15:45:38 2023 +0800
core: thread: Add support for canary value randomization [1/1]
PD#RSP-6589
Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded canary value on the right location to bypass the overflow
detection.
To add extra layer of security, redefine the canary value as variable,
such that the canary can be initialized during runtime.
The canaries are initialized with static values from thread_init_canaries()
during the early boot stage. The plat_get_random_stack_canaries() is
refactored to support arbitrary-length random numbers, and a new function
called thread_update_canaries() is created to fetch the random values and
update the thread canaries. For CFG_NS_VIRTUALIZATION=y, the updated
function is disabled.
Change-Id: I806740c3908215e5c5d2bb9505143433e348fd5b
Signed-off-by: Vincent Chuang <Vincent.Chuang@mediatek.com>
Signed-off-by: Randy Hsu <Randy-CY.Hsu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Change-Id: Icf4d43b5f6f70287ef7f89325ac3bf8a35cf7165
diff --git a/a1/bl32.img b/a1/bl32.img index aec887d..a57f2a8 100644 --- a/a1/bl32.img +++ b/a1/bl32.img Binary files differ
diff --git a/a4/a113l2/blob-bl32.bin.signed b/a4/a113l2/blob-bl32.bin.signed index b5e5702..d840f8e 100644 --- a/a4/a113l2/blob-bl32.bin.signed +++ b/a4/a113l2/blob-bl32.bin.signed Binary files differ
diff --git a/axg/bl32.img b/axg/bl32.img index 6231cf0..0ad5f83 100644 --- a/axg/bl32.img +++ b/axg/bl32.img Binary files differ
diff --git a/axg/bl32.nand.img b/axg/bl32.nand.img index 6a61879..f2d4cc2 100644 --- a/axg/bl32.nand.img +++ b/axg/bl32.nand.img Binary files differ
diff --git a/s1a/s805c1/blob-bl32.bin.signed b/s1a/s805c1/blob-bl32.bin.signed index a001a8a..060d032 100644 --- a/s1a/s805c1/blob-bl32.bin.signed +++ b/s1a/s805c1/blob-bl32.bin.signed Binary files differ
diff --git a/s1a/s805c1eng/blob-bl32.bin.signed b/s1a/s805c1eng/blob-bl32.bin.signed index 65d6865..c8601d9 100644 --- a/s1a/s805c1eng/blob-bl32.bin.signed +++ b/s1a/s805c1eng/blob-bl32.bin.signed Binary files differ
diff --git a/s5/s928x/blob-bl32.bin.signed b/s5/s928x/blob-bl32.bin.signed index 974e37c..985a492 100644 --- a/s5/s928x/blob-bl32.bin.signed +++ b/s5/s928x/blob-bl32.bin.signed Binary files differ
diff --git a/s5/s928xeng/blob-bl32.bin.signed b/s5/s928xeng/blob-bl32.bin.signed index 4b8176a..d94d0f3 100644 --- a/s5/s928xeng/blob-bl32.bin.signed +++ b/s5/s928xeng/blob-bl32.bin.signed Binary files differ
diff --git a/s6/s905c5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa b/s6/s905c5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa index 8d45951..cd6e8f1 100644 --- a/s6/s905c5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa +++ b/s6/s905c5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa Binary files differ
diff --git a/s6/s905c5/blob-bl32.bin.signed.rsa.rsa-mldsa b/s6/s905c5/blob-bl32.bin.signed.rsa.rsa-mldsa index b1ff77f..beaae89 100644 --- a/s6/s905c5/blob-bl32.bin.signed.rsa.rsa-mldsa +++ b/s6/s905c5/blob-bl32.bin.signed.rsa.rsa-mldsa Binary files differ
diff --git a/s6/s905c5eng/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa b/s6/s905c5eng/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa index 139fa42..7743eb3 100644 --- a/s6/s905c5eng/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa +++ b/s6/s905c5eng/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa Binary files differ
diff --git a/s6/s905c5eng/blob-bl32.bin.signed.rsa.rsa-mldsa b/s6/s905c5eng/blob-bl32.bin.signed.rsa.rsa-mldsa index 72a9aa3..6c0b615 100644 --- a/s6/s905c5eng/blob-bl32.bin.signed.rsa.rsa-mldsa +++ b/s6/s905c5eng/blob-bl32.bin.signed.rsa.rsa-mldsa Binary files differ
diff --git a/s6/s905d5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa b/s6/s905d5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa index 4c7a49d..b5e10e0 100644 --- a/s6/s905d5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa +++ b/s6/s905d5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa Binary files differ
diff --git a/s6/s905d5/blob-bl32.bin.signed.rsa.rsa-mldsa b/s6/s905d5/blob-bl32.bin.signed.rsa.rsa-mldsa index b564a16..bc03953 100644 --- a/s6/s905d5/blob-bl32.bin.signed.rsa.rsa-mldsa +++ b/s6/s905d5/blob-bl32.bin.signed.rsa.rsa-mldsa Binary files differ
diff --git a/s6/s905x5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa b/s6/s905x5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa index 06cd74f..49ea157 100644 --- a/s6/s905x5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa +++ b/s6/s905x5/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa Binary files differ
diff --git a/s6/s905x5/blob-bl32.bin.signed.rsa.rsa-mldsa b/s6/s905x5/blob-bl32.bin.signed.rsa.rsa-mldsa index eeb6b0f..f447b54 100644 --- a/s6/s905x5/blob-bl32.bin.signed.rsa.rsa-mldsa +++ b/s6/s905x5/blob-bl32.bin.signed.rsa.rsa-mldsa Binary files differ
diff --git a/s6/s905x5l/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa b/s6/s905x5l/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa index 0065b26..1587d7b 100644 --- a/s6/s905x5l/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa +++ b/s6/s905x5l/blob-bl32.bin.signed.rsa-mldsa.rsa-mldsa Binary files differ
diff --git a/s6/s905x5l/blob-bl32.bin.signed.rsa.rsa-mldsa b/s6/s905x5l/blob-bl32.bin.signed.rsa.rsa-mldsa index 051710a..d200606 100644 --- a/s6/s905x5l/blob-bl32.bin.signed.rsa.rsa-mldsa +++ b/s6/s905x5l/blob-bl32.bin.signed.rsa.rsa-mldsa Binary files differ
diff --git a/s7/s805x3/blob-bl32.8m.bin.signed b/s7/s805x3/blob-bl32.8m.bin.signed index 1f50959..4291a74 100644 --- a/s7/s805x3/blob-bl32.8m.bin.signed +++ b/s7/s805x3/blob-bl32.8m.bin.signed Binary files differ
diff --git a/s7/s805x3/blob-bl32.bin.signed b/s7/s805x3/blob-bl32.bin.signed index 4c26f97..c394cc3 100644 --- a/s7/s805x3/blob-bl32.bin.signed +++ b/s7/s805x3/blob-bl32.bin.signed Binary files differ
diff --git a/s7/s805x3/blob-bl32.nand.bin.signed b/s7/s805x3/blob-bl32.nand.bin.signed index 9996f38..fc50474 100644 --- a/s7/s805x3/blob-bl32.nand.bin.signed +++ b/s7/s805x3/blob-bl32.nand.bin.signed Binary files differ
diff --git a/s7/s905y5/blob-bl32.bin.signed b/s7/s905y5/blob-bl32.bin.signed index 078c868..f3e65f8 100644 --- a/s7/s905y5/blob-bl32.bin.signed +++ b/s7/s905y5/blob-bl32.bin.signed Binary files differ
diff --git a/s7/s905y5/blob-bl32.nand.bin.signed b/s7/s905y5/blob-bl32.nand.bin.signed index 44e3934..b63fe5e 100644 --- a/s7/s905y5/blob-bl32.nand.bin.signed +++ b/s7/s905y5/blob-bl32.nand.bin.signed Binary files differ
diff --git a/s7/s905y5eng/blob-bl32.bin.signed b/s7/s905y5eng/blob-bl32.bin.signed index fd3c87b..54abe46 100644 --- a/s7/s905y5eng/blob-bl32.bin.signed +++ b/s7/s905y5eng/blob-bl32.bin.signed Binary files differ
diff --git a/s7/s905y5r/blob-bl32.bin.signed b/s7/s905y5r/blob-bl32.bin.signed index eb11c8e..1b74ff9 100644 --- a/s7/s905y5r/blob-bl32.bin.signed +++ b/s7/s905y5r/blob-bl32.bin.signed Binary files differ
diff --git a/s7d/s905x5m/blob-bl32.bin.signed.rsa.rsa b/s7d/s905x5m/blob-bl32.bin.signed.rsa.rsa index 9a0886b..fcf15dd 100755 --- a/s7d/s905x5m/blob-bl32.bin.signed.rsa.rsa +++ b/s7d/s905x5m/blob-bl32.bin.signed.rsa.rsa Binary files differ
diff --git a/s7d/s905x5meng/blob-bl32.bin.signed.rsa.rsa b/s7d/s905x5meng/blob-bl32.bin.signed.rsa.rsa index 085f17b..69ebd23 100644 --- a/s7d/s905x5meng/blob-bl32.bin.signed.rsa.rsa +++ b/s7d/s905x5meng/blob-bl32.bin.signed.rsa.rsa Binary files differ
diff --git a/t3x/t968d4/blob-bl32.bin.signed b/t3x/t968d4/blob-bl32.bin.signed index f2dd789..63848e0 100644 --- a/t3x/t968d4/blob-bl32.bin.signed +++ b/t3x/t968d4/blob-bl32.bin.signed Binary files differ
diff --git a/t5m/t963d4/blob-bl32.bin.signed b/t5m/t963d4/blob-bl32.bin.signed index fc16343..2c0cb61 100755 --- a/t5m/t963d4/blob-bl32.bin.signed +++ b/t5m/t963d4/blob-bl32.bin.signed Binary files differ
diff --git a/t5m/t963d4z/blob-bl32.bin.signed b/t5m/t963d4z/blob-bl32.bin.signed index 7cd13cc..99c9484 100644 --- a/t5m/t963d4z/blob-bl32.bin.signed +++ b/t5m/t963d4z/blob-bl32.bin.signed Binary files differ
diff --git a/t5m/tc8000/blob-bl32.bin.signed b/t5m/tc8000/blob-bl32.bin.signed index cbb33ff..55aa52b 100644 --- a/t5m/tc8000/blob-bl32.bin.signed +++ b/t5m/tc8000/blob-bl32.bin.signed Binary files differ
diff --git a/t6d/t950d5/blob-bl32.8m.bin.signed b/t6d/t950d5/blob-bl32.8m.bin.signed index 6e127ec..ee302c8 100644 --- a/t6d/t950d5/blob-bl32.8m.bin.signed +++ b/t6d/t950d5/blob-bl32.8m.bin.signed Binary files differ
diff --git a/t6d/t950d5/blob-bl32.bin.signed b/t6d/t950d5/blob-bl32.bin.signed index eef16d9..dd25fc6 100644 --- a/t6d/t950d5/blob-bl32.bin.signed +++ b/t6d/t950d5/blob-bl32.bin.signed Binary files differ
diff --git a/t6d/t950d5z/blob-bl32.bin.signed b/t6d/t950d5z/blob-bl32.bin.signed index f995895..d3f51f9 100644 --- a/t6d/t950d5z/blob-bl32.bin.signed +++ b/t6d/t950d5z/blob-bl32.bin.signed Binary files differ
diff --git a/txhd2/bl32.8m.img b/txhd2/bl32.8m.img index 883d3e3..6a5e3be 100644 --- a/txhd2/bl32.8m.img +++ b/txhd2/bl32.8m.img Binary files differ
diff --git a/txhd2/bl32.img b/txhd2/bl32.img index 7844db3..bbb6811 100644 --- a/txhd2/bl32.img +++ b/txhd2/bl32.img Binary files differ