]>
Commit | Line | Data |
---|---|---|
66ded17d SG |
1 | /* |
2 | * (C) Copyright 2000 | |
3 | * Wolfgang Denk, DENX Software Engineering, wd@denx.de. | |
4 | * | |
5 | * SPDX-License-Identifier: GPL-2.0+ | |
6 | */ | |
7 | ||
8 | #include <common.h> | |
0098e179 | 9 | #include <bootretry.h> |
66ded17d SG |
10 | #include <cli.h> |
11 | #include <fdtdec.h> | |
12 | #include <menu.h> | |
13 | #include <post.h> | |
14 | ||
15 | DECLARE_GLOBAL_DATA_PTR; | |
16 | ||
17 | #define MAX_DELAY_STOP_STR 32 | |
18 | ||
19 | #ifndef DEBUG_BOOTKEYS | |
20 | #define DEBUG_BOOTKEYS 0 | |
21 | #endif | |
22 | #define debug_bootkeys(fmt, args...) \ | |
23 | debug_cond(DEBUG_BOOTKEYS, fmt, ##args) | |
24 | ||
25 | /*************************************************************************** | |
26 | * Watch for 'delay' seconds for autoboot stop or autoboot delay string. | |
27 | * returns: 0 - no key string, allow autoboot 1 - got key string, abort | |
28 | */ | |
29 | # if defined(CONFIG_AUTOBOOT_KEYED) | |
30 | static int abortboot_keyed(int bootdelay) | |
31 | { | |
32 | int abort = 0; | |
33 | uint64_t etime = endtick(bootdelay); | |
34 | struct { | |
35 | char *str; | |
36 | u_int len; | |
37 | int retry; | |
38 | } | |
39 | delaykey[] = { | |
40 | { str: getenv("bootdelaykey"), retry: 1 }, | |
41 | { str: getenv("bootdelaykey2"), retry: 1 }, | |
42 | { str: getenv("bootstopkey"), retry: 0 }, | |
43 | { str: getenv("bootstopkey2"), retry: 0 }, | |
44 | }; | |
45 | ||
46 | char presskey[MAX_DELAY_STOP_STR]; | |
47 | u_int presskey_len = 0; | |
48 | u_int presskey_max = 0; | |
49 | u_int i; | |
50 | ||
51 | #ifndef CONFIG_ZERO_BOOTDELAY_CHECK | |
52 | if (bootdelay == 0) | |
53 | return 0; | |
54 | #endif | |
55 | ||
56 | # ifdef CONFIG_AUTOBOOT_PROMPT | |
57 | printf(CONFIG_AUTOBOOT_PROMPT); | |
58 | # endif | |
59 | ||
60 | # ifdef CONFIG_AUTOBOOT_DELAY_STR | |
61 | if (delaykey[0].str == NULL) | |
62 | delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR; | |
63 | # endif | |
64 | # ifdef CONFIG_AUTOBOOT_DELAY_STR2 | |
65 | if (delaykey[1].str == NULL) | |
66 | delaykey[1].str = CONFIG_AUTOBOOT_DELAY_STR2; | |
67 | # endif | |
68 | # ifdef CONFIG_AUTOBOOT_STOP_STR | |
69 | if (delaykey[2].str == NULL) | |
70 | delaykey[2].str = CONFIG_AUTOBOOT_STOP_STR; | |
71 | # endif | |
72 | # ifdef CONFIG_AUTOBOOT_STOP_STR2 | |
73 | if (delaykey[3].str == NULL) | |
74 | delaykey[3].str = CONFIG_AUTOBOOT_STOP_STR2; | |
75 | # endif | |
76 | ||
77 | for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { | |
78 | delaykey[i].len = delaykey[i].str == NULL ? | |
79 | 0 : strlen(delaykey[i].str); | |
80 | delaykey[i].len = delaykey[i].len > MAX_DELAY_STOP_STR ? | |
81 | MAX_DELAY_STOP_STR : delaykey[i].len; | |
82 | ||
83 | presskey_max = presskey_max > delaykey[i].len ? | |
84 | presskey_max : delaykey[i].len; | |
85 | ||
86 | debug_bootkeys("%s key:<%s>\n", | |
87 | delaykey[i].retry ? "delay" : "stop", | |
88 | delaykey[i].str ? delaykey[i].str : "NULL"); | |
89 | } | |
90 | ||
91 | /* In order to keep up with incoming data, check timeout only | |
92 | * when catch up. | |
93 | */ | |
94 | do { | |
95 | if (tstc()) { | |
96 | if (presskey_len < presskey_max) { | |
97 | presskey[presskey_len++] = getc(); | |
98 | } else { | |
99 | for (i = 0; i < presskey_max - 1; i++) | |
100 | presskey[i] = presskey[i + 1]; | |
101 | ||
102 | presskey[i] = getc(); | |
103 | } | |
104 | } | |
105 | ||
106 | for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { | |
107 | if (delaykey[i].len > 0 && | |
108 | presskey_len >= delaykey[i].len && | |
109 | memcmp(presskey + presskey_len - | |
110 | delaykey[i].len, delaykey[i].str, | |
111 | delaykey[i].len) == 0) { | |
112 | debug_bootkeys("got %skey\n", | |
113 | delaykey[i].retry ? "delay" : | |
114 | "stop"); | |
115 | ||
66ded17d SG |
116 | /* don't retry auto boot */ |
117 | if (!delaykey[i].retry) | |
118 | bootretry_dont_retry(); | |
66ded17d SG |
119 | abort = 1; |
120 | } | |
121 | } | |
122 | } while (!abort && get_ticks() <= etime); | |
123 | ||
124 | if (!abort) | |
125 | debug_bootkeys("key timeout\n"); | |
126 | ||
127 | #ifdef CONFIG_SILENT_CONSOLE | |
128 | if (abort) | |
129 | gd->flags &= ~GD_FLG_SILENT; | |
130 | #endif | |
131 | ||
132 | return abort; | |
133 | } | |
134 | ||
135 | # else /* !defined(CONFIG_AUTOBOOT_KEYED) */ | |
136 | ||
137 | #ifdef CONFIG_MENUKEY | |
138 | static int menukey; | |
139 | #endif | |
140 | ||
141 | static int abortboot_normal(int bootdelay) | |
142 | { | |
143 | int abort = 0; | |
144 | unsigned long ts; | |
145 | ||
146 | #ifdef CONFIG_MENUPROMPT | |
147 | printf(CONFIG_MENUPROMPT); | |
148 | #else | |
149 | if (bootdelay >= 0) | |
150 | printf("Hit any key to stop autoboot: %2d ", bootdelay); | |
151 | #endif | |
152 | ||
153 | #if defined CONFIG_ZERO_BOOTDELAY_CHECK | |
154 | /* | |
155 | * Check if key already pressed | |
156 | * Don't check if bootdelay < 0 | |
157 | */ | |
158 | if (bootdelay >= 0) { | |
159 | if (tstc()) { /* we got a key press */ | |
160 | (void) getc(); /* consume input */ | |
161 | puts("\b\b\b 0"); | |
162 | abort = 1; /* don't auto boot */ | |
163 | } | |
164 | } | |
165 | #endif | |
166 | ||
167 | while ((bootdelay > 0) && (!abort)) { | |
168 | --bootdelay; | |
169 | /* delay 1000 ms */ | |
170 | ts = get_timer(0); | |
171 | do { | |
172 | if (tstc()) { /* we got a key press */ | |
173 | abort = 1; /* don't auto boot */ | |
174 | bootdelay = 0; /* no more delay */ | |
175 | # ifdef CONFIG_MENUKEY | |
176 | menukey = getc(); | |
177 | # else | |
178 | (void) getc(); /* consume input */ | |
179 | # endif | |
180 | break; | |
181 | } | |
182 | udelay(10000); | |
183 | } while (!abort && get_timer(ts) < 1000); | |
184 | ||
185 | printf("\b\b\b%2d ", bootdelay); | |
186 | } | |
187 | ||
188 | putc('\n'); | |
189 | ||
190 | #ifdef CONFIG_SILENT_CONSOLE | |
191 | if (abort) | |
192 | gd->flags &= ~GD_FLG_SILENT; | |
193 | #endif | |
194 | ||
195 | return abort; | |
196 | } | |
197 | # endif /* CONFIG_AUTOBOOT_KEYED */ | |
198 | ||
199 | static int abortboot(int bootdelay) | |
200 | { | |
201 | #ifdef CONFIG_AUTOBOOT_KEYED | |
202 | return abortboot_keyed(bootdelay); | |
203 | #else | |
204 | return abortboot_normal(bootdelay); | |
205 | #endif | |
206 | } | |
207 | ||
208 | /* | |
209 | * Runs the given boot command securely. Specifically: | |
210 | * - Doesn't run the command with the shell (run_command or parse_string_outer), | |
211 | * since that's a lot of code surface that an attacker might exploit. | |
212 | * Because of this, we don't do any argument parsing--the secure boot command | |
213 | * has to be a full-fledged u-boot command. | |
214 | * - Doesn't check for keypresses before booting, since that could be a | |
215 | * security hole; also disables Ctrl-C. | |
216 | * - Doesn't allow the command to return. | |
217 | * | |
218 | * Upon any failures, this function will drop into an infinite loop after | |
219 | * printing the error message to console. | |
220 | */ | |
221 | ||
222 | #if defined(CONFIG_OF_CONTROL) | |
223 | static void secure_boot_cmd(char *cmd) | |
224 | { | |
225 | cmd_tbl_t *cmdtp; | |
226 | int rc; | |
227 | ||
228 | if (!cmd) { | |
229 | printf("## Error: Secure boot command not specified\n"); | |
230 | goto err; | |
231 | } | |
232 | ||
233 | /* Disable Ctrl-C just in case some command is used that checks it. */ | |
234 | disable_ctrlc(1); | |
235 | ||
236 | /* Find the command directly. */ | |
237 | cmdtp = find_cmd(cmd); | |
238 | if (!cmdtp) { | |
239 | printf("## Error: \"%s\" not defined\n", cmd); | |
240 | goto err; | |
241 | } | |
242 | ||
243 | /* Run the command, forcing no flags and faking argc and argv. */ | |
244 | rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd); | |
245 | ||
246 | /* Shouldn't ever return from boot command. */ | |
247 | printf("## Error: \"%s\" returned (code %d)\n", cmd, rc); | |
248 | ||
249 | err: | |
250 | /* | |
251 | * Not a whole lot to do here. Rebooting won't help much, since we'll | |
252 | * just end up right back here. Just loop. | |
253 | */ | |
254 | hang(); | |
255 | } | |
256 | ||
257 | static void process_fdt_options(const void *blob) | |
258 | { | |
259 | ulong addr; | |
260 | ||
261 | /* Add an env variable to point to a kernel payload, if available */ | |
262 | addr = fdtdec_get_config_int(gd->fdt_blob, "kernel-offset", 0); | |
263 | if (addr) | |
264 | setenv_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); | |
265 | ||
266 | /* Add an env variable to point to a root disk, if available */ | |
267 | addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0); | |
268 | if (addr) | |
269 | setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); | |
270 | } | |
271 | #endif /* CONFIG_OF_CONTROL */ | |
272 | ||
273 | void bootdelay_process(void) | |
274 | { | |
275 | #ifdef CONFIG_OF_CONTROL | |
276 | char *env; | |
277 | #endif | |
278 | char *s; | |
279 | int bootdelay; | |
280 | #ifdef CONFIG_BOOTCOUNT_LIMIT | |
281 | unsigned long bootcount = 0; | |
282 | unsigned long bootlimit = 0; | |
283 | #endif /* CONFIG_BOOTCOUNT_LIMIT */ | |
284 | ||
285 | #ifdef CONFIG_BOOTCOUNT_LIMIT | |
286 | bootcount = bootcount_load(); | |
287 | bootcount++; | |
288 | bootcount_store(bootcount); | |
289 | setenv_ulong("bootcount", bootcount); | |
290 | bootlimit = getenv_ulong("bootlimit", 10, 0); | |
291 | #endif /* CONFIG_BOOTCOUNT_LIMIT */ | |
292 | ||
293 | s = getenv("bootdelay"); | |
294 | bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY; | |
295 | ||
296 | #ifdef CONFIG_OF_CONTROL | |
297 | bootdelay = fdtdec_get_config_int(gd->fdt_blob, "bootdelay", | |
298 | bootdelay); | |
299 | #endif | |
300 | ||
301 | debug("### main_loop entered: bootdelay=%d\n\n", bootdelay); | |
302 | ||
303 | #if defined(CONFIG_MENU_SHOW) | |
304 | bootdelay = menu_show(bootdelay); | |
305 | #endif | |
b26440f1 | 306 | bootretry_init_cmd_timeout(); |
66ded17d SG |
307 | |
308 | #ifdef CONFIG_POST | |
309 | if (gd->flags & GD_FLG_POSTFAIL) { | |
310 | s = getenv("failbootcmd"); | |
311 | } else | |
312 | #endif /* CONFIG_POST */ | |
313 | #ifdef CONFIG_BOOTCOUNT_LIMIT | |
314 | if (bootlimit && (bootcount > bootlimit)) { | |
315 | printf("Warning: Bootlimit (%u) exceeded. Using altbootcmd.\n", | |
316 | (unsigned)bootlimit); | |
317 | s = getenv("altbootcmd"); | |
318 | } else | |
319 | #endif /* CONFIG_BOOTCOUNT_LIMIT */ | |
320 | s = getenv("bootcmd"); | |
321 | #ifdef CONFIG_OF_CONTROL | |
322 | /* Allow the fdt to override the boot command */ | |
323 | env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); | |
324 | if (env) | |
325 | s = env; | |
326 | ||
327 | process_fdt_options(gd->fdt_blob); | |
328 | ||
329 | /* | |
330 | * If the bootsecure option was chosen, use secure_boot_cmd(). | |
331 | * Always use 'env' in this case, since bootsecure requres that the | |
332 | * bootcmd was specified in the FDT too. | |
333 | */ | |
334 | if (fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0)) | |
335 | secure_boot_cmd(env); | |
336 | ||
337 | #endif /* CONFIG_OF_CONTROL */ | |
338 | ||
339 | debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>"); | |
340 | ||
341 | if (bootdelay != -1 && s && !abortboot(bootdelay)) { | |
342 | #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) | |
343 | int prev = disable_ctrlc(1); /* disable Control C checking */ | |
344 | #endif | |
345 | ||
346 | run_command_list(s, -1, 0); | |
347 | ||
348 | #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) | |
349 | disable_ctrlc(prev); /* restore Control C checking */ | |
350 | #endif | |
351 | } | |
352 | ||
353 | #ifdef CONFIG_MENUKEY | |
354 | if (menukey == CONFIG_MENUKEY) { | |
355 | s = getenv("menucmd"); | |
356 | if (s) | |
357 | run_command_list(s, -1, 0); | |
358 | } | |
359 | #endif /* CONFIG_MENUKEY */ | |
360 | } |