[Bug 2086515] Re: Cryptographically unsafe RNG used for FIT images

Launchpad Bug Tracker 2086515 at bugs.launchpad.net
Sat Feb 22 16:24:11 UTC 2025 

This bug was fixed in the package u-boot - 2025.01-1~0ubuntu1

---------------
u-boot (2025.01-1~0ubuntu1) plucky; urgency=medium

  * Merge from Debian unstable (LP: #2097726). Remaining changes:
    - d/p/rpi-config-tweaks.patch: Configuration adjustments to the RPi
      configs
    - Enable FIT signing support
      - Limit key names to keys within the keydir.
    - Enable Ubuntu support for the Nitrogen6x board
      - Add d/p/ubuntu-nitrogen6q2g-config-tweaks.patch to tweak the
        nitrogen6q2g configs to better fit our Ubuntu usage.
      - Start building the nitrogen6x2g target for u-boot.
      - Fix nitrogen6q2g patch to build properly on armhf
      - d/p/ubuntu-nitrogen6q2g-config-tweaks.patch: enable SCSI which is now
        required for ENV_IS_IN_FAT
    - Add d/p/rpi-cm4-sdhci.patch for CM4 eMMC support
    - Add d/p/rpi-8gb-pci.patch for Pi400 and Pi4-8Gb support
    - Add d/p/rpi-maxargs.patch for new Core 18 boot-env
    - Removed d/u-boot-rpi.postinst. The task of copying the u-boot binaries
      to the boot partition is now performed by flash-kernel
    - Revert '* debian/rules: Ensure debugging symbols are enabled.' as it
      breaks riscv64 booting.
    - Implement u-boot-sifive.postinst to upgrade u-boot in loader1/loader2
      partitions upon package upgrades. Maybe this should move to flash-
      kernel, and update SPI too.
    - Provide compat symlinks for old unleashed & unmatched platform names
    - In postinst support Unmatched model name without A00 suffix, as used by
      meta-sifive kernels and may be contributed upstream in the future.
    - Enable commands for displaying and configuring the UEFI environment
    - In u-boot-sifive.postinst support partition names Loader1, Loader2 as
      the installer image uses these.
    - Add package for PolarFire SoC Icicle Kit
    - Enable CONFIG_CMD_SBI by default to display SBI information on RISC-V
    - d/p/riscv64/usb-reset.patch - Add a trivial quirk to fix USB MSD access
      from U-boot
    - d/u-boot-starfive.README.Debian - Add instructions for varying boot
      sources on the VisionFive 2
    - Consider dpkg-buildflags when building host tools
    - Enable FIT images
    - d/rules: Unexport ELF_PACKAGE_METADATA to fix FTBFS on oracular
    - Enable 'env erase' sub-command to enable reset of the boot environment
      on RISC-V boards
    - Set $fdtfile on MicroChip PolarFire
      - d/p/riscv64/mpfs-icicle-kit_fdtfile.patch
  * Removed patches obsoleted/merged by upstream:
    - d/p/rpi-board-dt.patch: use the board's device-tree instead of an
      embedded one
    - Add support for the Milk-V Mars board to the u-boot-starfive package.
    - Enable UEFI boot manager
    - d/copyright Added missing license:
      - GPL-2.0 WITH Linux-syscall-note exception
    - d/p/use-cpp-flags.patch: Fixed cross-building issues by calling CPP with
      cpp_flags instead of CFLAGS
    - Fix card detection on the JH7110 SoC
      - d/p/riscv64/synopsys-designware-cd-gpios.patch
      - d/p/riscv64/starfive-mmc-card-detect.patch
    - d/rules: Unexport ELF_PACKAGE_METADATA to fix FTBFS on oracular
    - d/p/scripts-dtc-pylibfdt-libfdt.i_shipped-Use-SWIG_Appen.patch
  * d/targets.mk:
    - Remove omap3_beagle target, removed from upstream
    - Remove omap4_panda target, removed from upstream
  * d/*.lintian-overrides: Update syntax to include [brackets]
  * d/copyright: Remove redundant patterns
  * d/p/riscv64/starfive: Add StarFive JH7110 compatibility patches
  * d/p/use-cryptographically-safe-RNG.patch: Fix use of unsafe RNG in FIT
    images (LP: #2086515)
  * d/p/riscv64/efi_loader-create-common-function-to-free-struct-efi.patch:
    remove unused patch

 -- Dave Jones <dave.jones at canonical.com>  Mon, 10 Feb 2025 01:31:27
+0000

** Changed in: u-boot (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to u-boot in Ubuntu.
https://bugs.launchpad.net/bugs/2086515

Title:
  Cryptographically unsafe RNG used for FIT images

Status in u-boot package in Ubuntu:
  Fix Released

Bug description:
  The mkimage tool uses the random() function for generating the
  initialization vector used for AES encryption inside FIT images. As
  the PRNG used for the random() function has only 2^31 states this is
  cryptographically unsafe. See appended patch.

  "The ideal IV is a random or pseudorandom number. It must also be
  nonrepeating. Both randomness and nonrepetitiveness are crucial to
  prevent attackers from finding patterns in similar parts of the
  encrypted message and then using this information to decrypt the
  message. The IV need not be secret." [1]

  [1] https://www.techtarget.com/whatis/definition/initialization-
  vector-IV

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/2086515/+subscriptions

More information about the foundations-bugs mailing list