[PATCH v2 3/7] common: integrate crypt-based passwords

From: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
To: u-boot@lists.denx.de
Subject: [PATCH v2 3/7] common: integrate crypt-based passwords
Date: Tue, 11 May 2021 20:29:53 +0200	[thread overview]
Message-ID: <ea4194cd-e7ea-30a6-5fe3-cbf8af70dfe7@eyet-services.de> (raw)
In-Reply-To: <CAPnjgZ3HCQTWnasDy8AoYwAviDQsmHh+QOh1giUNvambu0S+vg@mail.gmail.com>

Hi Simon,

On 5/11/21 5:27 PM, Simon Glass wrote:
>>
>> [snip]
>>
>>>> diff --git a/common/autoboot.c b/common/autoboot.c
>>>> index 50ab9281e7..6f55abe388 100644
>>>> --- a/common/autoboot.c
>>>> +++ b/common/autoboot.c
>>>> @@ -316,3 +316,4 @@ static int abortboot_key_sequence(int bootdelay)
>>>>         if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
>>>> -               if (IS_ENABLED(CONFIG_CRYPT_PW))
>>>> +               if (IS_ENABLED(CONFIG_CRYPT_PW) &&
>>>> +                   env_get_yesno("bootstopusesha256") != 1)
>>>>                         abort = passwd_abort_crypt(etime);
>>>
>>> Yes, and then you can enable both in sandbox and potentially have a
>>> test for your code within the standard sandbox build.
>>
>> What kind of tests do you want to have added? Python based or C based ones?
>>
>> TBH I don't see an easy way (yet) to add more tests than the ones I
>> already added, as enabling AUTOBOOT_KEYED (which is required for both,
>> crypt and sha256) would change the startup behavior of the sandbox...
> 
> Here is my idea...we have console monitoring, like this:
> 
> console_record_reset();
> run_command("acpi dump rdst", 0);
> ut_assert_nextline("Table 'RDST' not found");
> ut_assert_console_end();
> 
> What is needed is the ability to inject console input. We have
> gd->console_in (in console.c) but there is currently no function to
> add input to it. Something similar to console_record_puts() is needed,
> perhaps called console_write_in(), which does a
> membuff_put(&gd->console_in, ...) with some input data (the hash).
> That way the input can be read by sandbox.
> 
> Then I think you could write a test like this:
> 
> console_record_reset();
> console_write_in(hash_string, strlen(hash_string));
> ut_assertok(autoboot_command(""));
> ut_assert_nextline("whatever indicates success");
> ut_assert_console_end();

OK, that sounds fine, with the only problem that there's no way to
enable the necessary features without also having them enabled in the
autoboot flow!?
i.e. instead of having a single keypress to enable the console of the
sandbox, one would always have to enter the password, or am I missing
something?

Cheers
Steffen