diff --git a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging.inc b/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging.inc index fda872c31..bbc028aaf 100644 --- a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging.inc +++ b/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging.inc @@ -1,11 +1,5 @@ include recipes-bsp/u-boot/u-boot-lmp-common.inc -SRC_URI:append = " \ - file://lib-zlib-Fix-a-bug-when-getting-a-gzip-header-extra-field.patch \ - file://k3-accept-filesystem-path-to-the-RoT-key.patch \ - file://k3-set-env-variable-device_type.patch \ -" - SRC_URI:append:am64xx-evm = " \ file://fw_env.config \ file://lmp.cfg \ diff --git a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/k3-accept-filesystem-path-to-the-RoT-key.patch b/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/k3-accept-filesystem-path-to-the-RoT-key.patch deleted file mode 100644 index f67da685e..000000000 --- a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/k3-accept-filesystem-path-to-the-RoT-key.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 7afececd745b26a68822fe6c37addb0492356714 Mon Sep 17 00:00:00 2001 -From: Jorge Ramirez-Ortiz -Date: Wed, 28 Jun 2023 10:09:03 +0200 -Subject: [PATCH] k3: accept filesystem path to the RoT key - -Upstream-Status: Pending - -Signed-off-by: Jorge Ramirez-Ortiz ---- - arch/arm/dts/Makefile | 10 ++++++++-- - arch/arm/dts/k3-binman.dtsi | 4 ++-- - board/ti/common/Kconfig | 7 +++++++ - 3 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile -index 1b9c5f04c3..01b5ae36fe 100644 ---- a/arch/arm/dts/Makefile -+++ b/arch/arm/dts/Makefile -@@ -1375,8 +1375,14 @@ targets += $(dtb-y) - # Add any required device tree compiler flags here - DTC_FLAGS += -a 0x8 - --PHONY += dtbs --dtbs: $(addprefix $(obj)/, $(dtb-y)) -+PHONY += update_sign_keys dtbs -+ -+update_sign_keys: -+ifeq ($(CONFIG_ARCH_K3),y) -+ ${shell sed -i "s|TI_KEYS|$(CONFIG_SIGN_KEY_PATH)|g" $(srctree)/arch/arm/dts/k3-binman.dtsi} -+endif -+ -+dtbs: update_sign_keys $(addprefix $(obj)/, $(dtb-y)) - @: - - clean-files := *.dtb *.dtbo *_HS -diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi -index 97a3573bdb..c595203e9b 100644 ---- a/arch/arm/dts/k3-binman.dtsi -+++ b/arch/arm/dts/k3-binman.dtsi -@@ -13,14 +13,14 @@ - custMpk { - filename = "custMpk.pem"; - blob-ext { -- filename = "../keys/custMpk.pem"; -+ filename = "TI_KEYS/custMpk.pem"; - }; - }; - - ti-degenerate-key { - filename = "ti-degenerate-key.pem"; - blob-ext { -- filename = "../keys/ti-degenerate-key.pem"; -+ filename = "TI_KEYS/ti-degenerate-key.pem"; - }; - }; - }; -diff --git a/board/ti/common/Kconfig b/board/ti/common/Kconfig -index 49edd98014..4ff12d6c5b 100644 ---- a/board/ti/common/Kconfig -+++ b/board/ti/common/Kconfig -@@ -49,3 +49,10 @@ config TI_COMMON_CMD_OPTIONS - imply CMD_SPI - imply CMD_TIME - imply CMD_USB if USB -+ -+config SIGN_KEY_PATH -+ string "Path to the sign key" -+ depends on ARCH_K3 -+ default "../keys" -+ help -+ Path to the folder containing the sign keys --- -2.34.1 - diff --git a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/k3-set-env-variable-device_type.patch b/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/k3-set-env-variable-device_type.patch deleted file mode 100644 index 97f4e42f8..000000000 --- a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/k3-set-env-variable-device_type.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0b638ece826c816a2387834975c9b5854dc94f6b Mon Sep 17 00:00:00 2001 -From: Igor Opaniuk -Date: Fri, 21 Jul 2023 18:08:03 +0200 -Subject: [PATCH] k3: set env variable device_type - -Set environment variable "device_type", which stores device -sec state: gp, hs-fs, hs-se. - -Upstream-Status: Inappropriate [lmp specific] -Signed-off-by: Igor Opaniuk ---- - arch/arm/mach-k3/common.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c -index c04f898a55..14619fabdb 100644 ---- a/arch/arm/mach-k3/common.c -+++ b/arch/arm/mach-k3/common.c -@@ -600,6 +600,8 @@ void spl_board_prepare_for_linux(void) - - int misc_init_r(void) - { -+ int device_type; -+ - if (IS_ENABLED(CONFIG_TI_AM65_CPSW_NUSS)) { - struct udevice *dev; - int ret; -@@ -611,12 +613,20 @@ int misc_init_r(void) - printf("Failed to probe am65_cpsw_nuss driver\n"); - } - -+ device_type = get_device_type(); - /* Default FIT boot on HS-SE devices */ -- if (get_device_type() == K3_DEVICE_TYPE_HS_SE) { -+ if (device_type == K3_DEVICE_TYPE_HS_SE) { - env_set("boot_fit", "1"); - env_set("secure_rprocs", "1"); -+ env_set("device_type", "hs-se"); - } else { -+ if (device_type == K3_DEVICE_TYPE_HS_FS) { -+ env_set("device_type", "hs-fs"); -+ } else { -+ env_set("device_type", "gp"); -+ } - env_set("secure_rprocs", "0"); -+ - } - - return 0; --- -2.34.1 - diff --git a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/lib-zlib-Fix-a-bug-when-getting-a-gzip-header-extra-field.patch b/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/lib-zlib-Fix-a-bug-when-getting-a-gzip-header-extra-field.patch deleted file mode 100644 index 576264cf1..000000000 --- a/meta-lmp-bsp/dynamic-layers/meta-ti-bsp/recipes-bsp/u-boot/u-boot-ti-staging/lib-zlib-Fix-a-bug-when-getting-a-gzip-header-extra-field.patch +++ /dev/null @@ -1,154 +0,0 @@ -From patchwork Thu Jun 15 14:54:34 2023 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: Oleksandr Suvorov -X-Patchwork-Id: 1795485 -Return-Path: -X-Original-To: incoming@patchwork.ozlabs.org -Delivered-To: patchwork-incoming@legolas.ozlabs.org -Authentication-Results: legolas.ozlabs.org; - spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de - (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; - envelope-from=u-boot-bounces@lists.denx.de; receiver=) -Authentication-Results: legolas.ozlabs.org; - dkim=pass (2048-bit key; - unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 - header.s=google header.b=CSyLLo1n; - dkim-atps=neutral -Received: from phobos.denx.de (phobos.denx.de - [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) - (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) - key-exchange X25519 server-signature ECDSA (P-384)) - (No client certificate requested) - by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qhlh10XPPz20Wy - for ; Fri, 16 Jun 2023 00:54:57 +1000 (AEST) -Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) - by phobos.denx.de (Postfix) with ESMTP id 42B6B8631D; - Thu, 15 Jun 2023 16:54:52 +0200 (CEST) -Authentication-Results: phobos.denx.de; - dmarc=none (p=none dis=none) header.from=foundries.io -Authentication-Results: phobos.denx.de; - spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de -Authentication-Results: phobos.denx.de; - dkim=pass (2048-bit key; - unprotected) header.d=foundries.io header.i=@foundries.io - header.b="CSyLLo1n"; - dkim-atps=neutral -Received: by phobos.denx.de (Postfix, from userid 109) - id E8C218631F; Thu, 15 Jun 2023 16:54:50 +0200 (CEST) -X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de -X-Spam-Level: -X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, - DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, - T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 -Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com - [IPv6:2a00:1450:4864:20::32e]) - (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) - (No client certificate requested) - by phobos.denx.de (Postfix) with ESMTPS id C8D34862AA - for ; Thu, 15 Jun 2023 16:54:47 +0200 (CEST) -Authentication-Results: phobos.denx.de; - dmarc=none (p=none dis=none) header.from=foundries.io -Authentication-Results: phobos.denx.de; - spf=pass smtp.mailfrom=oleksandr.suvorov@foundries.io -Received: by mail-wm1-x32e.google.com with SMTP id - 5b1f17b1804b1-3f7ebb2b82cso19538235e9.2 - for ; Thu, 15 Jun 2023 07:54:47 -0700 (PDT) -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=foundries.io; s=google; t=1686840887; x=1689432887; - h=content-transfer-encoding:mime-version:message-id:date:subject:cc - :to:from:from:to:cc:subject:date:message-id:reply-to; - bh=ZlcZ/TvSHRdVMgcEyiYYvZoSkkmQihHQknCJfDU7dXU=; - b=CSyLLo1nTyuw0pHvCEkGQmkL1dQmaKLnQuf6ADthH1ZO6Var7o0sF94pAH/ZHT+NUy - EsEzQ71hHkuxv4Kig5gX6tASmoGYPtyRsLT8OgiFMGKTPYsbM/ald0MJgSO37xD0OTRg - atIPxO04aVYHPpHw+tLhWMjJlQ/xG52NPAKD6031RUIPb31aLkZ1Qm1ePJYpDHASWb0G - BihW+2SLV4fddKGko+F5loREzS56cFBCodVPydT4Jv6r9mZZB/zAELMa7zC6yzSbOZTK - kDk3Ipkvgx2P1ePSqZxE3bsQYH0sZMGsXx69Sayap75DgWpWfG6JNHLykqf6CR1/J5AF - bVnQ== -X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=1e100.net; s=20221208; t=1686840887; x=1689432887; - h=content-transfer-encoding:mime-version:message-id:date:subject:cc - :to:from:x-gm-message-state:from:to:cc:subject:date:message-id - :reply-to; - bh=ZlcZ/TvSHRdVMgcEyiYYvZoSkkmQihHQknCJfDU7dXU=; - b=ERbykPOQJDOHGQhnfs26hT8AtIzb/1J9Y0AzyoM+yxKxnofc4kOq16HB98yzSbbv8B - g2QXsfxHCysvG9SgIG9hQSsfhG/4GW4ATwZrgGx3C0BAe8l7K4FhrK9IRfQWgztMC9QN - 8cUbabeNzQaa9w1shRIuQaJrthkg9/GqE2GdaassqtTfPnM+AUrUrEFVwG6sgjs5zwZw - 7rfBz3/k+4hbB8UjqQsM77YfwqXG495cN5ENfPrdeC6YWEIeMVhop4knbzdoCLAfSjbd - 0uT0WPxrrWtcM99FZuqaFVUtFjhP1yauIjkZRjLrd5rHiWCj2e7ns/pA0OASS3P+Q8Co - nTMw== -X-Gm-Message-State: AC+VfDyPc9oFK6n9Mzw6zdmejxbO2SeZJtBMOZ9f5XxzZfEFUBIOilO7 - Dum6u/M5ISm22SW9judHyAEgDP/Q9h0yajN/Qt8fvw== -X-Google-Smtp-Source: - ACHHUZ5Y3bCKlS9IjeXX4/fZEmVixhD/VdCyBxetYirrE2WP+nIselSwtBGxaL8AwojYk7/8Z1K8AQ== -X-Received: by 2002:adf:db03:0:b0:311:17c5:3a9a with SMTP id - s3-20020adfdb03000000b0031117c53a9amr1286227wri.38.1686840886786; - Thu, 15 Jun 2023 07:54:46 -0700 (PDT) -Received: from localhost.localdomain ([194.104.22.162]) - by smtp.gmail.com with ESMTPSA id - b1-20020a5d5501000000b0030ae69920c9sm21323856wrv.53.2023.06.15.07.54.45 - (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); - Thu, 15 Jun 2023 07:54:46 -0700 (PDT) -From: Oleksandr Suvorov -To: u-boot@lists.denx.de -Cc: Oleksandr Suvorov -Subject: [PATCH] lib/zlib: Fix a bug when getting a gzip header extra field -Date: Thu, 15 Jun 2023 17:54:34 +0300 -Message-Id: <20230615145434.103140-1-oleksandr.suvorov@foundries.io> -X-Mailer: git-send-email 2.40.1 -MIME-Version: 1.0 -X-BeenThere: u-boot@lists.denx.de -X-Mailman-Version: 2.1.39 -Precedence: list -List-Id: U-Boot discussion -List-Unsubscribe: , - -List-Archive: -List-Post: -List-Help: -List-Subscribe: , - -Errors-To: u-boot-bounces@lists.denx.de -Sender: "U-Boot" -X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de -X-Virus-Status: Clean - -This fixes CVE-2022-37434 [1] and bases on 2 commits from Mark -Adler's zlib master repo - the original fix of CVE bug [2] and -the fix for the fix [3]. - -[1] -https://github.com/advisories/GHSA-cfmr-vrgj-vqwv -[2] -https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 -[3] -https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d - -CVE: CVE-2022-37434 - -Fixes: e89516f031d ("zlib: split up to match original source tree") - -Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20230615145434.103140-1-oleksandr.suvorov@foundries.io/] -Signed-off-by: Oleksandr Suvorov ---- - - lib/zlib/inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c -index 30dfe155995..8f767b7b9d2 100644 ---- a/lib/zlib/inflate.c -+++ b/lib/zlib/inflate.c -@@ -455,8 +455,9 @@ int ZEXPORT inflate(z_streamp strm, int flush) - if (copy > have) copy = have; - if (copy) { - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy);