]> git.ipfire.org Git - thirdparty/u-boot.git/blob - common/autoboot.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
acpi: document HETP table
[thirdparty/u-boot.git] / common / autoboot.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * (C) Copyright 2000
4 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
5 */
6
7 #include <common.h>
8 #include <autoboot.h>
9 #include <bootretry.h>
10 #include <cli.h>
11 #include <command.h>
12 #include <console.h>
13 #include <env.h>
14 #include <fdtdec.h>
15 #include <hash.h>
16 #include <log.h>
17 #include <malloc.h>
18 #include <memalign.h>
19 #include <menu.h>
20 #include <post.h>
21 #include <time.h>
22 #include <asm/global_data.h>
23 #include <linux/delay.h>
24 #include <u-boot/sha256.h>
25 #include <bootcount.h>
26 #include <crypt.h>
27 #include <dm/ofnode.h>
28
29 DECLARE_GLOBAL_DATA_PTR;
30
31 #define DELAY_STOP_STR_MAX_LENGTH 64
32
33 #ifndef DEBUG_BOOTKEYS
34 #define DEBUG_BOOTKEYS 0
35 #endif
36 #define debug_bootkeys(fmt, args...) \
37 debug_cond(DEBUG_BOOTKEYS, fmt, ##args)
38
39 /* Stored value of bootdelay, used by autoboot_command() */
40 static int stored_bootdelay;
41 static int menukey;
42
43 #if defined(CONFIG_AUTOBOOT_STOP_STR_CRYPT)
44 #define AUTOBOOT_STOP_STR_CRYPT CONFIG_AUTOBOOT_STOP_STR_CRYPT
45 #else
46 #define AUTOBOOT_STOP_STR_CRYPT ""
47 #endif
48 #if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
49 #define AUTOBOOT_STOP_STR_SHA256 CONFIG_AUTOBOOT_STOP_STR_SHA256
50 #else
51 #define AUTOBOOT_STOP_STR_SHA256 ""
52 #endif
53
54 #ifdef CONFIG_AUTOBOOT_USE_MENUKEY
55 #define AUTOBOOT_MENUKEY CONFIG_AUTOBOOT_MENUKEY
56 #else
57 #define AUTOBOOT_MENUKEY 0
58 #endif
59
60 /**
61 * passwd_abort_crypt() - check for a crypt-style hashed key sequence to abort booting
62 *
63 * This checks for the user entering a password within a given time.
64 *
65 * The entered password is hashed via one of the crypt-style hash methods
66 * and compared to the pre-defined value from either
67 * the environment variable "bootstopkeycrypt"
68 * or
69 * the config value CONFIG_AUTOBOOT_STOP_STR_CRYPT
70 *
71 * In case the config value CONFIG_AUTOBOOT_NEVER_TIMEOUT has been enabled
72 * this function never times out if the user presses the <Enter> key
73 * before starting to enter the password.
74 *
75 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
76 * Return: 0 if autoboot should continue, 1 if it should stop
77 */
78 static int passwd_abort_crypt(uint64_t etime)
79 {
80 const char *crypt_env_str = env_get("bootstopkeycrypt");
81 char presskey[DELAY_STOP_STR_MAX_LENGTH];
82 u_int presskey_len = 0;
83 int abort = 0;
84 int never_timeout = 0;
85 int err;
86
87 if (IS_ENABLED(CONFIG_AUTOBOOT_STOP_STR_ENABLE) && !crypt_env_str)
88 crypt_env_str = AUTOBOOT_STOP_STR_CRYPT;
89
90 if (!crypt_env_str)
91 return 0;
92
93 /* We expect the stop-string to be newline-terminated */
94 do {
95 if (tstc()) {
96 /* Check for input string overflow */
97 if (presskey_len >= sizeof(presskey))
98 return 0;
99
100 presskey[presskey_len] = getchar();
101
102 if ((presskey[presskey_len] == '\r') ||
103 (presskey[presskey_len] == '\n')) {
104 if (IS_ENABLED(CONFIG_AUTOBOOT_NEVER_TIMEOUT) &&
105 !presskey_len) {
106 never_timeout = 1;
107 continue;
108 }
109 presskey[presskey_len] = '\0';
110 err = crypt_compare(crypt_env_str, presskey,
111 &abort);
112 if (err)
113 debug_bootkeys(
114 "crypt_compare() failed with: %s\n",
115 errno_str(err));
116 /* you had one chance */
117 break;
118 } else {
119 presskey_len++;
120 }
121 }
122 udelay(10000);
123 } while (never_timeout || get_ticks() <= etime);
124
125 return abort;
126 }
127
128 /*
129 * Use a "constant-length" time compare function for this
130 * hash compare:
131 *
132 * https://crackstation.net/hashing-security.htm
133 */
134 static int slow_equals(u8 *a, u8 *b, int len)
135 {
136 int diff = 0;
137 int i;
138
139 for (i = 0; i < len; i++)
140 diff |= a[i] ^ b[i];
141
142 return diff == 0;
143 }
144
145 /**
146 * passwd_abort_sha256() - check for a hashed key sequence to abort booting
147 *
148 * This checks for the user entering a SHA256 hash within a given time.
149 *
150 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
151 * Return: 0 if autoboot should continue, 1 if it should stop
152 */
153 static int passwd_abort_sha256(uint64_t etime)
154 {
155 const char *sha_env_str = env_get("bootstopkeysha256");
156 u8 sha_env[SHA256_SUM_LEN];
157 u8 *sha;
158 char *presskey;
159 char *c;
160 const char *algo_name = "sha256";
161 u_int presskey_len = 0;
162 int abort = 0;
163 int size = sizeof(sha);
164 int ret;
165
166 if (sha_env_str == NULL)
167 sha_env_str = AUTOBOOT_STOP_STR_SHA256;
168
169 presskey = malloc_cache_aligned(DELAY_STOP_STR_MAX_LENGTH);
170 if (!presskey)
171 return -ENOMEM;
172
173 c = strstr(sha_env_str, ":");
174 if (c && (c - sha_env_str < DELAY_STOP_STR_MAX_LENGTH)) {
175 /* preload presskey with salt */
176 memcpy(presskey, sha_env_str, c - sha_env_str);
177 presskey_len = c - sha_env_str;
178 sha_env_str = c + 1;
179 }
180 /*
181 * Generate the binary value from the environment hash value
182 * so that we can compare this value with the computed hash
183 * from the user input
184 */
185 ret = hash_parse_string(algo_name, sha_env_str, sha_env);
186 if (ret) {
187 printf("Hash %s not supported!\n", algo_name);
188 return 0;
189 }
190
191 sha = malloc_cache_aligned(SHA256_SUM_LEN);
192 size = SHA256_SUM_LEN;
193 /*
194 * We don't know how long the stop-string is, so we need to
195 * generate the sha256 hash upon each input character and
196 * compare the value with the one saved in the environment
197 */
198 do {
199 if (tstc()) {
200 /* Check for input string overflow */
201 if (presskey_len >= DELAY_STOP_STR_MAX_LENGTH) {
202 free(presskey);
203 free(sha);
204 return 0;
205 }
206
207 presskey[presskey_len++] = getchar();
208
209 /* Calculate sha256 upon each new char */
210 hash_block(algo_name, (const void *)presskey,
211 presskey_len, sha, &size);
212
213 /* And check if sha matches saved value in env */
214 if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
215 abort = 1;
216 }
217 udelay(10000);
218 } while (!abort && get_ticks() <= etime);
219
220 free(presskey);
221 free(sha);
222 return abort;
223 }
224
225 /**
226 * passwd_abort_key() - check for a key sequence to aborted booting
227 *
228 * This checks for the user entering a string within a given time.
229 *
230 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
231 * Return: 0 if autoboot should continue, 1 if it should stop
232 */
233 static int passwd_abort_key(uint64_t etime)
234 {
235 int abort = 0;
236 struct {
237 char *str;
238 u_int len;
239 int retry;
240 }
241 delaykey[] = {
242 { .str = env_get("bootdelaykey"), .retry = 1 },
243 { .str = env_get("bootstopkey"), .retry = 0 },
244 };
245
246 char presskey[DELAY_STOP_STR_MAX_LENGTH];
247 int presskey_len = 0;
248 int presskey_max = 0;
249 int i;
250
251 # ifdef CONFIG_AUTOBOOT_DELAY_STR
252 if (delaykey[0].str == NULL)
253 delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
254 # endif
255 # ifdef CONFIG_AUTOBOOT_STOP_STR
256 if (delaykey[1].str == NULL)
257 delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
258 # endif
259
260 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
261 delaykey[i].len = delaykey[i].str == NULL ?
262 0 : strlen(delaykey[i].str);
263 delaykey[i].len = delaykey[i].len > DELAY_STOP_STR_MAX_LENGTH ?
264 DELAY_STOP_STR_MAX_LENGTH : delaykey[i].len;
265
266 presskey_max = presskey_max > delaykey[i].len ?
267 presskey_max : delaykey[i].len;
268
269 debug_bootkeys("%s key:<%s>\n",
270 delaykey[i].retry ? "delay" : "stop",
271 delaykey[i].str ? delaykey[i].str : "NULL");
272 }
273
274 /* In order to keep up with incoming data, check timeout only
275 * when catch up.
276 */
277 do {
278 if (tstc()) {
279 if (presskey_len < presskey_max) {
280 presskey[presskey_len++] = getchar();
281 } else {
282 for (i = 0; i < presskey_max - 1; i++)
283 presskey[i] = presskey[i + 1];
284
285 presskey[i] = getchar();
286 }
287 }
288
289 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
290 if (delaykey[i].len > 0 &&
291 presskey_len >= delaykey[i].len &&
292 memcmp(presskey + presskey_len -
293 delaykey[i].len, delaykey[i].str,
294 delaykey[i].len) == 0) {
295 debug_bootkeys("got %skey\n",
296 delaykey[i].retry ? "delay" :
297 "stop");
298
299 /* don't retry auto boot */
300 if (!delaykey[i].retry)
301 bootretry_dont_retry();
302 abort = 1;
303 }
304 }
305 udelay(10000);
306 } while (!abort && get_ticks() <= etime);
307
308 return abort;
309 }
310
311 /**
312 * flush_stdin() - drops all pending characters from stdin
313 */
314 static void flush_stdin(void)
315 {
316 while (tstc())
317 (void)getchar();
318 }
319
320 /**
321 * fallback_to_sha256() - check whether we should fall back to sha256
322 * password checking
323 *
324 * This checks for the environment variable `bootstopusesha256` in case
325 * sha256-fallback has been enabled via the config setting
326 * `AUTOBOOT_SHA256_FALLBACK`.
327 *
328 * Return: `false` if we must not fall-back, `true` if plain sha256 should be tried
329 */
330 static bool fallback_to_sha256(void)
331 {
332 if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK))
333 return env_get_yesno("bootstopusesha256") == 1;
334 else if (IS_ENABLED(CONFIG_CRYPT_PW))
335 return false;
336 else
337 return true;
338 }
339
340 /***************************************************************************
341 * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
342 * returns: 0 - no key string, allow autoboot 1 - got key string, abort
343 */
344 static int abortboot_key_sequence(int bootdelay)
345 {
346 int abort;
347 uint64_t etime = endtick(bootdelay);
348
349 if (IS_ENABLED(CONFIG_AUTOBOOT_FLUSH_STDIN))
350 flush_stdin();
351 # ifdef CONFIG_AUTOBOOT_PROMPT
352 /*
353 * CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
354 * To print the bootdelay value upon bootup.
355 */
356 printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
357 # endif
358
359 if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
360 if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
361 abort = passwd_abort_crypt(etime);
362 else
363 abort = passwd_abort_sha256(etime);
364 } else {
365 abort = passwd_abort_key(etime);
366 }
367 if (!abort)
368 debug_bootkeys("key timeout\n");
369
370 return abort;
371 }
372
373 static int abortboot_single_key(int bootdelay)
374 {
375 int abort = 0;
376 unsigned long ts;
377
378 printf("Hit any key to stop autoboot: %2d ", bootdelay);
379
380 /*
381 * Check if key already pressed
382 */
383 if (tstc()) { /* we got a key press */
384 getchar(); /* consume input */
385 puts("\b\b\b 0");
386 abort = 1; /* don't auto boot */
387 }
388
389 while ((bootdelay > 0) && (!abort)) {
390 --bootdelay;
391 /* delay 1000 ms */
392 ts = get_timer(0);
393 do {
394 if (tstc()) { /* we got a key press */
395 int key;
396
397 abort = 1; /* don't auto boot */
398 bootdelay = 0; /* no more delay */
399 key = getchar();/* consume input */
400 if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY))
401 menukey = key;
402 break;
403 }
404 udelay(10000);
405 } while (!abort && get_timer(ts) < 1000);
406
407 printf("\b\b\b%2d ", bootdelay);
408 }
409
410 putc('\n');
411
412 return abort;
413 }
414
415 static int abortboot(int bootdelay)
416 {
417 int abort = 0;
418
419 if (bootdelay >= 0) {
420 if (autoboot_keyed())
421 abort = abortboot_key_sequence(bootdelay);
422 else
423 abort = abortboot_single_key(bootdelay);
424 }
425
426 if (IS_ENABLED(CONFIG_SILENT_CONSOLE) && abort)
427 gd->flags &= ~GD_FLG_SILENT;
428
429 return abort;
430 }
431
432 static void process_fdt_options(void)
433 {
434 #ifdef CONFIG_TEXT_BASE
435 ulong addr;
436
437 /* Add an env variable to point to a kernel payload, if available */
438 addr = ofnode_conf_read_int("kernel-offset", 0);
439 if (addr)
440 env_set_addr("kernaddr", (void *)(CONFIG_TEXT_BASE + addr));
441
442 /* Add an env variable to point to a root disk, if available */
443 addr = ofnode_conf_read_int("rootdisk-offset", 0);
444 if (addr)
445 env_set_addr("rootaddr", (void *)(CONFIG_TEXT_BASE + addr));
446 #endif /* CONFIG_TEXT_BASE */
447 }
448
449 const char *bootdelay_process(void)
450 {
451 char *s;
452 int bootdelay;
453
454 bootcount_inc();
455
456 s = env_get("bootdelay");
457 bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY;
458
459 /*
460 * Does it really make sense that the devicetree overrides the user
461 * setting? It is possibly helpful for security since the device tree
462 * may be signed whereas the environment is often loaded from storage.
463 */
464 if (IS_ENABLED(CONFIG_OF_CONTROL))
465 bootdelay = ofnode_conf_read_int("bootdelay", bootdelay);
466
467 debug("### main_loop entered: bootdelay=%d\n\n", bootdelay);
468
469 if (IS_ENABLED(CONFIG_AUTOBOOT_MENU_SHOW))
470 bootdelay = menu_show(bootdelay);
471 bootretry_init_cmd_timeout();
472
473 #ifdef CONFIG_POST
474 if (gd->flags & GD_FLG_POSTFAIL) {
475 s = env_get("failbootcmd");
476 } else
477 #endif /* CONFIG_POST */
478 if (bootcount_error())
479 s = env_get("altbootcmd");
480 else
481 s = env_get("bootcmd");
482
483 if (IS_ENABLED(CONFIG_OF_CONTROL))
484 process_fdt_options();
485 stored_bootdelay = bootdelay;
486
487 return s;
488 }
489
490 void autoboot_command(const char *s)
491 {
492 debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");
493
494 if (s && (stored_bootdelay == -2 ||
495 (stored_bootdelay != -1 && !abortboot(stored_bootdelay)))) {
496 bool lock;
497 int prev;
498
499 lock = autoboot_keyed() &&
500 !IS_ENABLED(CONFIG_AUTOBOOT_KEYED_CTRLC);
501 if (lock)
502 prev = disable_ctrlc(1); /* disable Ctrl-C checking */
503
504 run_command_list(s, -1, 0);
505
506 if (lock)
507 disable_ctrlc(prev); /* restore Ctrl-C checking */
508 }
509
510 if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY) &&
511 menukey == AUTOBOOT_MENUKEY) {
512 s = env_get("menucmd");
513 if (s)
514 run_command_list(s, -1, 0);
515 }
516 }
"Das U-Boot" Source Tree