Home Explore Help
Sign In
coolsoul
/
u-boot
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

env: Migrate CONFIG_ENV_AES to Kconfig and deprecate

The underlying implementation for ENV_AES has security complications and
is not recommended for use.  Please see CVE-2017-3225 and CVE-2017-3226
for more details.  Mark this as deprecated now and delete this in the
medium term if no one comes forward to re-work the support.

Signed-off-by: Tom Rini <trini@konsulko.com>
Tom Rini 7 years ago
parent
0683fb7242
commit
5eb35220b2
2 changed files with 8 additions and 1 deletions
Split View Show Diff Stats
  1. 8 0
      env/Kconfig
  2. 0 1
      scripts/config_whitelist.txt

+ 8 - 0
env/Kconfig
View File 

@@ -375,6 +375,14 @@ config ENV_IS_IN_UBI
 
 
 endchoice
 
 
+config ENV_AES
 
+	bool "AES-128 encryption for stored environment (DEPRECATED)"
 
+	help
 
+	  Enable this to have the on-device stored environment be encrypted
 
+	  with AES-128.  The implementation here however has security
 
+	  complications and is not recommended for use.  Please see
 
+	  CVE-2017-3225 and CVE-2017-3226 for more details.
 
+
 
 config ENV_FAT_INTERFACE
 
 	string "Name of the block device for the environment"
 
 	depends on ENV_IS_IN_FAT

+ 0 - 1
scripts/config_whitelist.txt
View File 

@@ -574,7 +574,6 @@ CONFIG_ENV_ACCESS_IGNORE_FORCE
 
 CONFIG_ENV_ADDR
 
 CONFIG_ENV_ADDR_FLEX
 
 CONFIG_ENV_ADDR_REDUND
 
-CONFIG_ENV_AES
 
 CONFIG_ENV_BASE
 
 CONFIG_ENV_CALLBACK_LIST_DEFAULT
 
 CONFIG_ENV_CALLBACK_LIST_STATIC