Whitebox
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fdt: Allow device tree to specify secure booting

Browse Source 
When secure booting is chosen:
* The u-boot shell is never invoked during boot--we just do a simple
  table lookup to find the command.  This means we could even remove
  the shell parsing from u-boot and still be able to boot.
* The boot command can't be interruped.
* Failure doesn't cause us to fall back to the shell.

Signed-off-by: Gabe Black <gabeblack@google.com>
Signed-off-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
master
Doug Anderson 12 years ago committed by Gerald Van Baren
parent 3b73459ea3
commit 67e1ea26e8
1 changed files with 62 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 62
      common/main.c

62
common/main.c
Unescape View File

@ -283,6 +283,59 @@ int abortboot(int bootdelay)
# endif /* CONFIG_AUTOBOOT_KEYED */
#endif /* CONFIG_BOOTDELAY >= 0 */
/*
* Runs the given boot command securely. Specifically:
* - Doesn't run the command with the shell (run_command or parse_string_outer),
* since that's a lot of code surface that an attacker might exploit.
* Because of this, we don't do any argument parsing--the secure boot command
* has to be a full-fledged u-boot command.
* - Doesn't check for keypresses before booting, since that could be a
* security hole; also disables Ctrl-C.
* - Doesn't allow the command to return.
*
* Upon any failures, this function will drop into an infinite loop after
* printing the error message to console.
*/
#if defined(CONFIG_BOOTDELAY) && (CONFIG_BOOTDELAY >= 0) && \
defined(CONFIG_OF_CONTROL)
static void secure_boot_cmd(char *cmd)
{
cmd_tbl_t *cmdtp;
int rc;
if (!cmd) {
printf("## Error: Secure boot command not specified\n");
goto err;
}
/* Disable Ctrl-C just in case some command is used that checks it. */
disable_ctrlc(1);
/* Find the command directly. */
cmdtp = find_cmd(cmd);
if (!cmdtp) {
printf("## Error: \"%s\" not defined\n", cmd);
goto err;
}
/* Run the command, forcing no flags and faking argc and argv. */
rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd);
/* Shouldn't ever return from boot command. */
printf("## Error: \"%s\" returned (code %d)\n", cmd, rc);
err:
/*
* Not a whole lot to do here. Rebooting won't help much, since we'll
* just end up right back here. Just loop.
*/
hang();
}
#endif /* CONFIG_OF_CONTROL */
/****************************************************************************/
void main_loop (void)
@ -397,6 +450,15 @@ void main_loop (void)
env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd");
if (env)
s = env;
/*
* If the bootsecure option was chosen, use secure_boot_cmd().
* Always use 'env' in this case, since bootsecure requres that the
* bootcmd was specified in the FDT too.
*/
if (fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0))
secure_boot_cmd(env);
#endif /* CONFIG_OF_CONTROL */
debug ("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");

Write Preview
Loading…
Cancel
Save