All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stefan Roese <sr@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password
Date: Wed, 11 Mar 2015 09:51:37 +0100	[thread overview]
Message-ID: <1426063900-7267-1-git-send-email-sr@denx.de> (raw)

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
     CONFIG_AUTOBOOT_KEYED
     CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
---
 common/autoboot.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/common/autoboot.c b/common/autoboot.c
index c27cc2c..4635551 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -12,6 +12,7 @@
 #include <fdtdec.h>
 #include <menu.h>
 #include <post.h>
+#include <u-boot/sha256.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -35,6 +36,11 @@ static int abortboot_keyed(int bootdelay)
 {
 	int abort = 0;
 	uint64_t etime = endtick(bootdelay);
+#if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
+	const char *sha_env_str = getenv("bootstopkeysha256");
+	u8 sha_env[SHA256_SUM_LEN];
+	u8 sha[SHA256_SUM_LEN];
+#else
 	struct {
 		char *str;
 		u_int len;
@@ -46,10 +52,11 @@ static int abortboot_keyed(int bootdelay)
 		{ .str = getenv("bootstopkey"),   .retry = 0 },
 		{ .str = getenv("bootstopkey2"),  .retry = 0 },
 	};
+	u_int presskey_max = 0;
+#endif
 
 	char presskey[MAX_DELAY_STOP_STR];
 	u_int presskey_len = 0;
-	u_int presskey_max = 0;
 	u_int i;
 
 #ifndef CONFIG_ZERO_BOOTDELAY_CHECK
@@ -61,6 +68,41 @@ static int abortboot_keyed(int bootdelay)
 	printf(CONFIG_AUTOBOOT_PROMPT);
 #  endif
 
+#if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
+	if (sha_env_str == NULL)
+		sha_env_str = CONFIG_AUTOBOOT_STOP_STR_SHA256;
+
+	/*
+	 * Generate the binary value from the environment hash value
+	 * so that we can compare this value with the computed hash
+	 * from the user input
+	 */
+	for (i = 0; i < SHA256_SUM_LEN; i++) {
+		char chr[3];
+
+		strncpy(chr, &sha_env_str[i * 2], 2);
+		sha_env[i] = simple_strtoul(chr, NULL, 16);
+	}
+
+	/*
+	 * We don't know how long the stop-string is, so we need to
+	 * generate the sha256 hash upon each input character and
+	 * compare the value with the one saved in the environment
+	 */
+	do {
+		if (tstc()) {
+			presskey[presskey_len++] = getc();
+
+			/* Calculate sha256 upon each new char */
+			sha256_csum_wd((unsigned char *)presskey, presskey_len,
+				       sha, CHUNKSZ_SHA256);
+
+			/* And check if sha matches saved value in env */
+			if (memcmp(sha, sha_env, SHA256_SUM_LEN) == 0)
+				abort = 1;
+		}
+	} while (!abort && get_ticks() <= etime);
+#else
 #  ifdef CONFIG_AUTOBOOT_DELAY_STR
 	if (delaykey[0].str == NULL)
 		delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
@@ -124,6 +166,7 @@ static int abortboot_keyed(int bootdelay)
 			}
 		}
 	} while (!abort && get_ticks() <= etime);
+#endif
 
 	if (!abort)
 		debug_bootkeys("key timeout\n");
-- 
2.3.2

             reply	other threads:[~2015-03-11  8:51 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-11  8:51 Stefan Roese [this message]
2015-03-11  8:51 ` [U-Boot] [PATCH] bootcount: Add dcache flush to bootcount_store() Stefan Roese
2015-03-11 14:39   ` Tom Rini
2015-03-13 13:48   ` [U-Boot] " Tom Rini
2015-03-13 14:34     ` Tom Rini
2015-03-15 18:30       ` Tom Rini
2015-03-16 15:57         ` York Sun
2015-03-16 17:05           ` Tom Rini
2015-03-16 17:11             ` York Sun
2015-03-16 17:22               ` Tom Rini
2015-03-17  9:00       ` Holger Brunck
2015-03-27 13:18         ` Stefan Roese
2015-03-27 13:42           ` Nitin Garg
2015-03-27 15:07             ` [U-Boot] [RFC] powerpc: add 2 common dcache assembly functions Valentin Longchamp
2015-03-28 18:07               ` Tom Rini
2015-05-05 16:35               ` [U-Boot] [U-Boot, RFC] " York Sun
2015-03-11  8:51 ` [U-Boot] [PATCH] cmd_led: Extend led command to support blinking and more leds Stefan Roese
2015-03-11 14:38   ` Tom Rini
2015-04-23 22:02   ` [U-Boot] " Tom Rini
2015-03-11  8:51 ` [U-Boot] [PATCH] misc: led: Add PCA9551 LED driver Stefan Roese
2015-03-11 14:40   ` Tom Rini
2015-03-11 14:46   ` Fabio Estevam
2015-03-11 14:36 ` [U-Boot] [PATCH] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password Tom Rini
2015-03-12  8:39   ` Stefan Roese
2015-03-13  2:48   ` Simon Glass
2015-03-13  7:15     ` Stefan Roese
2015-03-23 20:28       ` Simon Glass
2015-05-05 15:06         ` Stefan Roese
2015-05-05 15:12           ` Simon Glass

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1426063900-7267-1-git-send-email-sr@denx.de \
    --to=sr@denx.de \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.