X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=common%2Fautoboot.c;h=4ea9be6da9e626a91063c483742607d67a84518c;hb=a5f9b8a8b592400a01771ad2dac76cba69c914f3;hp=30102a47a8aefecf85ccd38984e054541bbe669a;hpb=e99f30e105a253ee64bef1ef83b86a47e0d3b6f1;p=oweals%2Fu-boot.git

diff --git a/common/autoboot.c b/common/autoboot.c
index 30102a47a8..4ea9be6da9 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -1,16 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0+
 /*
  * (C) Copyright 2000
  * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
- *
- * SPDX-License-Identifier:	GPL-2.0+
  */
 
 #include <common.h>
+#include <autoboot.h>
 #include <bootretry.h>
 #include <cli.h>
+#include <command.h>
+#include <console.h>
+#include <env.h>
 #include <fdtdec.h>
+#include <hash.h>
+#include <malloc.h>
+#include <memalign.h>
 #include <menu.h>
 #include <post.h>
+#include <time.h>
+#include <u-boot/sha256.h>
+#include <bootcount.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -24,26 +33,124 @@ DECLARE_GLOBAL_DATA_PTR;
 
 /* Stored value of bootdelay, used by autoboot_command() */
 static int stored_bootdelay;
+static int menukey;
 
-/***************************************************************************
- * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
- * returns: 0 -  no key string, allow autoboot 1 - got key string, abort
+#ifdef CONFIG_AUTOBOOT_ENCRYPTION
+#define AUTOBOOT_STOP_STR_SHA256 CONFIG_AUTOBOOT_STOP_STR_SHA256
+#else
+#define AUTOBOOT_STOP_STR_SHA256 ""
+#endif
+
+#ifdef CONFIG_USE_AUTOBOOT_MENUKEY
+#define AUTOBOOT_MENUKEY CONFIG_USE_AUTOBOOT_MENUKEY
+#else
+#define AUTOBOOT_MENUKEY 0
+#endif
+
+/*
+ * Use a "constant-length" time compare function for this
+ * hash compare:
+ *
+ * https://crackstation.net/hashing-security.htm
+ */
+static int slow_equals(u8 *a, u8 *b, int len)
+{
+	int diff = 0;
+	int i;
+
+	for (i = 0; i < len; i++)
+		diff |= a[i] ^ b[i];
+
+	return diff == 0;
+}
+
+/**
+ * passwd_abort_sha256() - check for a hashed key sequence to abort booting
+ *
+ * This checks for the user entering a SHA256 hash within a given time.
+ *
+ * @etime: Timeout value ticks (stop when get_ticks() reachs this)
+ * @return 0 if autoboot should continue, 1 if it should stop
  */
-# if defined(CONFIG_AUTOBOOT_KEYED)
-static int abortboot_keyed(int bootdelay)
+static int passwd_abort_sha256(uint64_t etime)
+{
+	const char *sha_env_str = env_get("bootstopkeysha256");
+	u8 sha_env[SHA256_SUM_LEN];
+	u8 *sha;
+	char *presskey;
+	const char *algo_name = "sha256";
+	u_int presskey_len = 0;
+	int abort = 0;
+	int size = sizeof(sha);
+	int ret;
+
+	if (sha_env_str == NULL)
+		sha_env_str = AUTOBOOT_STOP_STR_SHA256;
+
+	/*
+	 * Generate the binary value from the environment hash value
+	 * so that we can compare this value with the computed hash
+	 * from the user input
+	 */
+	ret = hash_parse_string(algo_name, sha_env_str, sha_env);
+	if (ret) {
+		printf("Hash %s not supported!\n", algo_name);
+		return 0;
+	}
+
+	presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
+	sha = malloc_cache_aligned(SHA256_SUM_LEN);
+	size = SHA256_SUM_LEN;
+	/*
+	 * We don't know how long the stop-string is, so we need to
+	 * generate the sha256 hash upon each input character and
+	 * compare the value with the one saved in the environment
+	 */
+	do {
+		if (tstc()) {
+			/* Check for input string overflow */
+			if (presskey_len >= MAX_DELAY_STOP_STR) {
+				free(presskey);
+				free(sha);
+				return 0;
+			}
+
+			presskey[presskey_len++] = getc();
+
+			/* Calculate sha256 upon each new char */
+			hash_block(algo_name, (const void *)presskey,
+				   presskey_len, sha, &size);
+
+			/* And check if sha matches saved value in env */
+			if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
+				abort = 1;
+		}
+	} while (!abort && get_ticks() <= etime);
+
+	free(presskey);
+	free(sha);
+	return abort;
+}
+
+/**
+ * passwd_abort_key() - check for a key sequence to aborted booting
+ *
+ * This checks for the user entering a string within a given time.
+ *
+ * @etime: Timeout value ticks (stop when get_ticks() reachs this)
+ * @return 0 if autoboot should continue, 1 if it should stop
+ */
+static int passwd_abort_key(uint64_t etime)
 {
 	int abort = 0;
-	uint64_t etime = endtick(bootdelay);
 	struct {
 		char *str;
 		u_int len;
 		int retry;
 	}
 	delaykey[] = {
-		{ .str = getenv("bootdelaykey"),  .retry = 1 },
-		{ .str = getenv("bootdelaykey2"), .retry = 1 },
-		{ .str = getenv("bootstopkey"),   .retry = 0 },
-		{ .str = getenv("bootstopkey2"),  .retry = 0 },
+		{ .str = env_get("bootdelaykey"),  .retry = 1 },
+		{ .str = env_get("bootstopkey"),   .retry = 0 },
 	};
 
 	char presskey[MAX_DELAY_STOP_STR];
@@ -51,30 +158,13 @@ static int abortboot_keyed(int bootdelay)
 	u_int presskey_max = 0;
 	u_int i;
 
-#ifndef CONFIG_ZERO_BOOTDELAY_CHECK
-	if (bootdelay == 0)
-		return 0;
-#endif
-
-#  ifdef CONFIG_AUTOBOOT_PROMPT
-	printf(CONFIG_AUTOBOOT_PROMPT);
-#  endif
-
 #  ifdef CONFIG_AUTOBOOT_DELAY_STR
 	if (delaykey[0].str == NULL)
 		delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
 #  endif
-#  ifdef CONFIG_AUTOBOOT_DELAY_STR2
-	if (delaykey[1].str == NULL)
-		delaykey[1].str = CONFIG_AUTOBOOT_DELAY_STR2;
-#  endif
 #  ifdef CONFIG_AUTOBOOT_STOP_STR
-	if (delaykey[2].str == NULL)
-		delaykey[2].str = CONFIG_AUTOBOOT_STOP_STR;
-#  endif
-#  ifdef CONFIG_AUTOBOOT_STOP_STR2
-	if (delaykey[3].str == NULL)
-		delaykey[3].str = CONFIG_AUTOBOOT_STOP_STR2;
+	if (delaykey[1].str == NULL)
+		delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
 #  endif
 
 	for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
@@ -124,48 +214,51 @@ static int abortboot_keyed(int bootdelay)
 		}
 	} while (!abort && get_ticks() <= etime);
 
+	return abort;
+}
+
+/***************************************************************************
+ * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
+ * returns: 0 -  no key string, allow autoboot 1 - got key string, abort
+ */
+static int abortboot_key_sequence(int bootdelay)
+{
+	int abort;
+	uint64_t etime = endtick(bootdelay);
+
+#  ifdef CONFIG_AUTOBOOT_PROMPT
+	/*
+	 * CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
+	 * To print the bootdelay value upon bootup.
+	 */
+	printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
+#  endif
+
+	if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION))
+		abort = passwd_abort_sha256(etime);
+	else
+		abort = passwd_abort_key(etime);
 	if (!abort)
 		debug_bootkeys("key timeout\n");
 
-#ifdef CONFIG_SILENT_CONSOLE
-	if (abort)
-		gd->flags &= ~GD_FLG_SILENT;
-#endif
-
 	return abort;
 }
 
-# else	/* !defined(CONFIG_AUTOBOOT_KEYED) */
-
-#ifdef CONFIG_MENUKEY
-static int menukey;
-#endif
-
-static int abortboot_normal(int bootdelay)
+static int abortboot_single_key(int bootdelay)
 {
 	int abort = 0;
 	unsigned long ts;
 
-#ifdef CONFIG_MENUPROMPT
-	printf(CONFIG_MENUPROMPT);
-#else
-	if (bootdelay >= 0)
-		printf("Hit any key to stop autoboot: %2d ", bootdelay);
-#endif
+	printf("Hit any key to stop autoboot: %2d ", bootdelay);
 
-#if defined CONFIG_ZERO_BOOTDELAY_CHECK
 	/*
 	 * Check if key already pressed
-	 * Don't check if bootdelay < 0
 	 */
-	if (bootdelay >= 0) {
-		if (tstc()) {	/* we got a key press	*/
-			(void) getc();  /* consume input	*/
-			puts("\b\b\b 0");
-			abort = 1;	/* don't auto boot	*/
-		}
+	if (tstc()) {	/* we got a key press	*/
+		(void) getc();  /* consume input	*/
+		puts("\b\b\b 0");
+		abort = 1;	/* don't auto boot	*/
 	}
-#endif
 
 	while ((bootdelay > 0) && (!abort)) {
 		--bootdelay;
@@ -173,13 +266,13 @@ static int abortboot_normal(int bootdelay)
 		ts = get_timer(0);
 		do {
 			if (tstc()) {	/* we got a key press	*/
+				int key;
+
 				abort  = 1;	/* don't auto boot	*/
 				bootdelay = 0;	/* no more delay	*/
-# ifdef CONFIG_MENUKEY
-				menukey = getc();
-# else
-				(void) getc();  /* consume input	*/
-# endif
+				key = getc(); /* consume input	*/
+				if (IS_ENABLED(CONFIG_USE_AUTOBOOT_MENUKEY))
+					menukey = key;
 				break;
 			}
 			udelay(10000);
@@ -190,88 +283,75 @@ static int abortboot_normal(int bootdelay)
 
 	putc('\n');
 
-#ifdef CONFIG_SILENT_CONSOLE
-	if (abort)
-		gd->flags &= ~GD_FLG_SILENT;
-#endif
-
 	return abort;
 }
-# endif	/* CONFIG_AUTOBOOT_KEYED */
 
 static int abortboot(int bootdelay)
 {
-#ifdef CONFIG_AUTOBOOT_KEYED
-	return abortboot_keyed(bootdelay);
-#else
-	return abortboot_normal(bootdelay);
-#endif
+	int abort = 0;
+
+	if (bootdelay >= 0) {
+		if (IS_ENABLED(CONFIG_AUTOBOOT_KEYED))
+			abort = abortboot_key_sequence(bootdelay);
+		else
+			abort = abortboot_single_key(bootdelay);
+	}
+
+	if (IS_ENABLED(CONFIG_SILENT_CONSOLE) && abort)
+		gd->flags &= ~GD_FLG_SILENT;
+
+	return abort;
 }
 
 static void process_fdt_options(const void *blob)
 {
-#if defined(CONFIG_OF_CONTROL)
+#ifdef CONFIG_SYS_TEXT_BASE
 	ulong addr;
 
 	/* Add an env variable to point to a kernel payload, if available */
 	addr = fdtdec_get_config_int(gd->fdt_blob, "kernel-offset", 0);
 	if (addr)
-		setenv_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr));
+		env_set_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr));
 
 	/* Add an env variable to point to a root disk, if available */
 	addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0);
 	if (addr)
-		setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr));
-#endif /* CONFIG_OF_CONTROL */
+		env_set_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr));
+#endif /* CONFIG_SYS_TEXT_BASE */
 }
 
 const char *bootdelay_process(void)
 {
 	char *s;
 	int bootdelay;
-#ifdef CONFIG_BOOTCOUNT_LIMIT
-	unsigned long bootcount = 0;
-	unsigned long bootlimit = 0;
-#endif /* CONFIG_BOOTCOUNT_LIMIT */
-
-#ifdef CONFIG_BOOTCOUNT_LIMIT
-	bootcount = bootcount_load();
-	bootcount++;
-	bootcount_store(bootcount);
-	setenv_ulong("bootcount", bootcount);
-	bootlimit = getenv_ulong("bootlimit", 10, 0);
-#endif /* CONFIG_BOOTCOUNT_LIMIT */
-
-	s = getenv("bootdelay");
+
+	bootcount_inc();
+
+	s = env_get("bootdelay");
 	bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY;
 
-#ifdef CONFIG_OF_CONTROL
-	bootdelay = fdtdec_get_config_int(gd->fdt_blob, "bootdelay",
-			bootdelay);
-#endif
+	if (IS_ENABLED(CONFIG_OF_CONTROL))
+		bootdelay = fdtdec_get_config_int(gd->fdt_blob, "bootdelay",
+						  bootdelay);
 
 	debug("### main_loop entered: bootdelay=%d\n\n", bootdelay);
 
-#if defined(CONFIG_MENU_SHOW)
-	bootdelay = menu_show(bootdelay);
-#endif
+	if (IS_ENABLED(CONFIG_AUTOBOOT_MENU_SHOW))
+		bootdelay = menu_show(bootdelay);
 	bootretry_init_cmd_timeout();
 
 #ifdef CONFIG_POST
 	if (gd->flags & GD_FLG_POSTFAIL) {
-		s = getenv("failbootcmd");
+		s = env_get("failbootcmd");
 	} else
 #endif /* CONFIG_POST */
-#ifdef CONFIG_BOOTCOUNT_LIMIT
-	if (bootlimit && (bootcount > bootlimit)) {
-		printf("Warning: Bootlimit (%u) exceeded. Using altbootcmd.\n",
-		       (unsigned)bootlimit);
-		s = getenv("altbootcmd");
-	} else
-#endif /* CONFIG_BOOTCOUNT_LIMIT */
-		s = getenv("bootcmd");
+	if (bootcount_error())
+		s = env_get("altbootcmd");
+	else
+		s = env_get("bootcmd");
 
-	process_fdt_options(gd->fdt_blob);
+	if (IS_ENABLED(CONFIG_OF_CONTROL))
+		process_fdt_options(gd->fdt_blob);
 	stored_bootdelay = bootdelay;
 
 	return s;
@@ -282,22 +362,24 @@ void autoboot_command(const char *s)
 	debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");
 
 	if (stored_bootdelay != -1 && s && !abortboot(stored_bootdelay)) {
-#if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC)
-		int prev = disable_ctrlc(1);	/* disable Control C checking */
-#endif
+		bool lock;
+		int prev;
+
+		lock = IS_ENABLED(CONFIG_AUTOBOOT_KEYED) &&
+			!IS_ENABLED(CONFIG_AUTOBOOT_KEYED_CTRLC);
+		if (lock)
+			prev = disable_ctrlc(1); /* disable Ctrl-C checking */
 
 		run_command_list(s, -1, 0);
 
-#if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC)
-		disable_ctrlc(prev);	/* restore Control C checking */
-#endif
+		if (lock)
+			disable_ctrlc(prev);	/* restore Ctrl-C checking */
 	}
 
-#ifdef CONFIG_MENUKEY
-	if (menukey == CONFIG_MENUKEY) {
-		s = getenv("menucmd");
+	if (IS_ENABLED(CONFIG_USE_AUTOBOOT_MENUKEY) &&
+	    menukey == AUTOBOOT_MENUKEY) {
+		s = env_get("menucmd");
 		if (s)
 			run_command_list(s, -1, 0);
 	}
-#endif /* CONFIG_MENUKEY */
 }