imx: spl: fix u-boot fit loadingtoradex_imx_lf_v2022.04

Override weak spl_load_simple_fix_load function only when necessary
to manage signature verification via High Assurance Boot (HAB).

In particular if spl_load_simple_fix_load function is overridden also
the board_spl_fit_size_align must be overridden to provide the correct
buffer size.

This ensures correct sizing of the upload buffer and prevents buffer
overflows which may lead to memory corruption and system reset.

Since an IVT header is checked using just a byte magic number, and the
memory beyond the buffer size is random, this fix addresses an issue
where the presence of an apparently valid IVT header beyond the buffer
size could result in unintended memcpy operations to random memory
addresses, often leading to system reset.

Upstream-Status: Inappropriate [downstream specific]

Upstream U-Boot fixed this differently in combination with binman to
create the final bootcontainer.
Commit 6039e0edc854 ("imx: hab: Simplify the mechanism")

Fixes: 9de354485800 ("imx: spl: implement spl_load_simple_fit_fix_load")
Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli@toradex.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 62888a4729..fe33a7b611 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -352,7 +352,8 @@ int dram_init_banksize(void)
 }
 #endif
 
-#if IS_ENABLED(CONFIG_SPL_LOAD_FIT)
+#if IS_ENABLED(CONFIG_SPL_LOAD_FIT) && IS_ENABLED(CONFIG_IMX_HAB) && \
+	!IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)
 static int spl_verify_fit_hash(const void *fit)
 {
 	unsigned long size;