]> git.ipfire.org Git - thirdparty/u-boot.git/blob - common/autoboot.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rename CONFIG_SYS_TEXT_BASE to CONFIG_TEXT_BASE
[thirdparty/u-boot.git] / common / autoboot.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * (C) Copyright 2000
4 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
5 */
6
7 #include <common.h>
8 #include <autoboot.h>
9 #include <bootretry.h>
10 #include <cli.h>
11 #include <command.h>
12 #include <console.h>
13 #include <env.h>
14 #include <fdtdec.h>
15 #include <hash.h>
16 #include <log.h>
17 #include <malloc.h>
18 #include <memalign.h>
19 #include <menu.h>
20 #include <post.h>
21 #include <time.h>
22 #include <asm/global_data.h>
23 #include <linux/delay.h>
24 #include <u-boot/sha256.h>
25 #include <bootcount.h>
26 #include <crypt.h>
27 #include <dm/ofnode.h>
28
29 DECLARE_GLOBAL_DATA_PTR;
30
31 #define DELAY_STOP_STR_MAX_LENGTH 64
32
33 #ifndef DEBUG_BOOTKEYS
34 #define DEBUG_BOOTKEYS 0
35 #endif
36 #define debug_bootkeys(fmt, args...) \
37 debug_cond(DEBUG_BOOTKEYS, fmt, ##args)
38
39 /* Stored value of bootdelay, used by autoboot_command() */
40 static int stored_bootdelay;
41 static int menukey;
42
43 #if !defined(CONFIG_AUTOBOOT_STOP_STR_CRYPT)
44 #define CONFIG_AUTOBOOT_STOP_STR_CRYPT ""
45 #endif
46 #if !defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
47 #define CONFIG_AUTOBOOT_STOP_STR_SHA256 ""
48 #endif
49
50 #ifdef CONFIG_AUTOBOOT_USE_MENUKEY
51 #define AUTOBOOT_MENUKEY CONFIG_AUTOBOOT_MENUKEY
52 #else
53 #define AUTOBOOT_MENUKEY 0
54 #endif
55
56 /**
57 * passwd_abort_crypt() - check for a crypt-style hashed key sequence to abort booting
58 *
59 * This checks for the user entering a password within a given time.
60 *
61 * The entered password is hashed via one of the crypt-style hash methods
62 * and compared to the pre-defined value from either
63 * the environment variable "bootstopkeycrypt"
64 * or
65 * the config value CONFIG_AUTOBOOT_STOP_STR_CRYPT
66 *
67 * In case the config value CONFIG_AUTOBOOT_NEVER_TIMEOUT has been enabled
68 * this function never times out if the user presses the <Enter> key
69 * before starting to enter the password.
70 *
71 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
72 * Return: 0 if autoboot should continue, 1 if it should stop
73 */
74 static int passwd_abort_crypt(uint64_t etime)
75 {
76 const char *crypt_env_str = env_get("bootstopkeycrypt");
77 char presskey[DELAY_STOP_STR_MAX_LENGTH];
78 u_int presskey_len = 0;
79 int abort = 0;
80 int never_timeout = 0;
81 int err;
82
83 if (IS_ENABLED(CONFIG_AUTOBOOT_STOP_STR_ENABLE) && !crypt_env_str)
84 crypt_env_str = CONFIG_AUTOBOOT_STOP_STR_CRYPT;
85
86 if (!crypt_env_str)
87 return 0;
88
89 /* We expect the stop-string to be newline-terminated */
90 do {
91 if (tstc()) {
92 /* Check for input string overflow */
93 if (presskey_len >= sizeof(presskey))
94 return 0;
95
96 presskey[presskey_len] = getchar();
97
98 if ((presskey[presskey_len] == '\r') ||
99 (presskey[presskey_len] == '\n')) {
100 if (IS_ENABLED(CONFIG_AUTOBOOT_NEVER_TIMEOUT) &&
101 !presskey_len) {
102 never_timeout = 1;
103 continue;
104 }
105 presskey[presskey_len] = '\0';
106 err = crypt_compare(crypt_env_str, presskey,
107 &abort);
108 if (err)
109 debug_bootkeys(
110 "crypt_compare() failed with: %s\n",
111 errno_str(err));
112 /* you had one chance */
113 break;
114 } else {
115 presskey_len++;
116 }
117 }
118 udelay(10000);
119 } while (never_timeout || get_ticks() <= etime);
120
121 return abort;
122 }
123
124 /*
125 * Use a "constant-length" time compare function for this
126 * hash compare:
127 *
128 * https://crackstation.net/hashing-security.htm
129 */
130 static int slow_equals(u8 *a, u8 *b, int len)
131 {
132 int diff = 0;
133 int i;
134
135 for (i = 0; i < len; i++)
136 diff |= a[i] ^ b[i];
137
138 return diff == 0;
139 }
140
141 /**
142 * passwd_abort_sha256() - check for a hashed key sequence to abort booting
143 *
144 * This checks for the user entering a SHA256 hash within a given time.
145 *
146 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
147 * Return: 0 if autoboot should continue, 1 if it should stop
148 */
149 static int passwd_abort_sha256(uint64_t etime)
150 {
151 const char *sha_env_str = env_get("bootstopkeysha256");
152 u8 sha_env[SHA256_SUM_LEN];
153 u8 *sha;
154 char *presskey;
155 char *c;
156 const char *algo_name = "sha256";
157 u_int presskey_len = 0;
158 int abort = 0;
159 int size = sizeof(sha);
160 int ret;
161
162 if (sha_env_str == NULL)
163 sha_env_str = CONFIG_AUTOBOOT_STOP_STR_SHA256;
164
165 presskey = malloc_cache_aligned(DELAY_STOP_STR_MAX_LENGTH);
166 c = strstr(sha_env_str, ":");
167 if (c && (c - sha_env_str < DELAY_STOP_STR_MAX_LENGTH)) {
168 /* preload presskey with salt */
169 memcpy(presskey, sha_env_str, c - sha_env_str);
170 presskey_len = c - sha_env_str;
171 sha_env_str = c + 1;
172 }
173 /*
174 * Generate the binary value from the environment hash value
175 * so that we can compare this value with the computed hash
176 * from the user input
177 */
178 ret = hash_parse_string(algo_name, sha_env_str, sha_env);
179 if (ret) {
180 printf("Hash %s not supported!\n", algo_name);
181 return 0;
182 }
183
184 sha = malloc_cache_aligned(SHA256_SUM_LEN);
185 size = SHA256_SUM_LEN;
186 /*
187 * We don't know how long the stop-string is, so we need to
188 * generate the sha256 hash upon each input character and
189 * compare the value with the one saved in the environment
190 */
191 do {
192 if (tstc()) {
193 /* Check for input string overflow */
194 if (presskey_len >= DELAY_STOP_STR_MAX_LENGTH) {
195 free(presskey);
196 free(sha);
197 return 0;
198 }
199
200 presskey[presskey_len++] = getchar();
201
202 /* Calculate sha256 upon each new char */
203 hash_block(algo_name, (const void *)presskey,
204 presskey_len, sha, &size);
205
206 /* And check if sha matches saved value in env */
207 if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
208 abort = 1;
209 }
210 udelay(10000);
211 } while (!abort && get_ticks() <= etime);
212
213 free(presskey);
214 free(sha);
215 return abort;
216 }
217
218 /**
219 * passwd_abort_key() - check for a key sequence to aborted booting
220 *
221 * This checks for the user entering a string within a given time.
222 *
223 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
224 * Return: 0 if autoboot should continue, 1 if it should stop
225 */
226 static int passwd_abort_key(uint64_t etime)
227 {
228 int abort = 0;
229 struct {
230 char *str;
231 u_int len;
232 int retry;
233 }
234 delaykey[] = {
235 { .str = env_get("bootdelaykey"), .retry = 1 },
236 { .str = env_get("bootstopkey"), .retry = 0 },
237 };
238
239 char presskey[DELAY_STOP_STR_MAX_LENGTH];
240 int presskey_len = 0;
241 int presskey_max = 0;
242 int i;
243
244 # ifdef CONFIG_AUTOBOOT_DELAY_STR
245 if (delaykey[0].str == NULL)
246 delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
247 # endif
248 # ifdef CONFIG_AUTOBOOT_STOP_STR
249 if (delaykey[1].str == NULL)
250 delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
251 # endif
252
253 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
254 delaykey[i].len = delaykey[i].str == NULL ?
255 0 : strlen(delaykey[i].str);
256 delaykey[i].len = delaykey[i].len > DELAY_STOP_STR_MAX_LENGTH ?
257 DELAY_STOP_STR_MAX_LENGTH : delaykey[i].len;
258
259 presskey_max = presskey_max > delaykey[i].len ?
260 presskey_max : delaykey[i].len;
261
262 debug_bootkeys("%s key:<%s>\n",
263 delaykey[i].retry ? "delay" : "stop",
264 delaykey[i].str ? delaykey[i].str : "NULL");
265 }
266
267 /* In order to keep up with incoming data, check timeout only
268 * when catch up.
269 */
270 do {
271 if (tstc()) {
272 if (presskey_len < presskey_max) {
273 presskey[presskey_len++] = getchar();
274 } else {
275 for (i = 0; i < presskey_max - 1; i++)
276 presskey[i] = presskey[i + 1];
277
278 presskey[i] = getchar();
279 }
280 }
281
282 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
283 if (delaykey[i].len > 0 &&
284 presskey_len >= delaykey[i].len &&
285 memcmp(presskey + presskey_len -
286 delaykey[i].len, delaykey[i].str,
287 delaykey[i].len) == 0) {
288 debug_bootkeys("got %skey\n",
289 delaykey[i].retry ? "delay" :
290 "stop");
291
292 /* don't retry auto boot */
293 if (!delaykey[i].retry)
294 bootretry_dont_retry();
295 abort = 1;
296 }
297 }
298 udelay(10000);
299 } while (!abort && get_ticks() <= etime);
300
301 return abort;
302 }
303
304 /**
305 * flush_stdin() - drops all pending characters from stdin
306 */
307 static void flush_stdin(void)
308 {
309 while (tstc())
310 (void)getchar();
311 }
312
313 /**
314 * fallback_to_sha256() - check whether we should fall back to sha256
315 * password checking
316 *
317 * This checks for the environment variable `bootstopusesha256` in case
318 * sha256-fallback has been enabled via the config setting
319 * `AUTOBOOT_SHA256_FALLBACK`.
320 *
321 * Return: `false` if we must not fall-back, `true` if plain sha256 should be tried
322 */
323 static bool fallback_to_sha256(void)
324 {
325 if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK))
326 return env_get_yesno("bootstopusesha256") == 1;
327 else if (IS_ENABLED(CONFIG_CRYPT_PW))
328 return false;
329 else
330 return true;
331 }
332
333 /***************************************************************************
334 * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
335 * returns: 0 - no key string, allow autoboot 1 - got key string, abort
336 */
337 static int abortboot_key_sequence(int bootdelay)
338 {
339 int abort;
340 uint64_t etime = endtick(bootdelay);
341
342 if (IS_ENABLED(CONFIG_AUTOBOOT_FLUSH_STDIN))
343 flush_stdin();
344 # ifdef CONFIG_AUTOBOOT_PROMPT
345 /*
346 * CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
347 * To print the bootdelay value upon bootup.
348 */
349 printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
350 # endif
351
352 if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
353 if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
354 abort = passwd_abort_crypt(etime);
355 else
356 abort = passwd_abort_sha256(etime);
357 } else {
358 abort = passwd_abort_key(etime);
359 }
360 if (!abort)
361 debug_bootkeys("key timeout\n");
362
363 return abort;
364 }
365
366 static int abortboot_single_key(int bootdelay)
367 {
368 int abort = 0;
369 unsigned long ts;
370
371 printf("Hit any key to stop autoboot: %2d ", bootdelay);
372
373 /*
374 * Check if key already pressed
375 */
376 if (tstc()) { /* we got a key press */
377 getchar(); /* consume input */
378 puts("\b\b\b 0");
379 abort = 1; /* don't auto boot */
380 }
381
382 while ((bootdelay > 0) && (!abort)) {
383 --bootdelay;
384 /* delay 1000 ms */
385 ts = get_timer(0);
386 do {
387 if (tstc()) { /* we got a key press */
388 int key;
389
390 abort = 1; /* don't auto boot */
391 bootdelay = 0; /* no more delay */
392 key = getchar();/* consume input */
393 if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY))
394 menukey = key;
395 break;
396 }
397 udelay(10000);
398 } while (!abort && get_timer(ts) < 1000);
399
400 printf("\b\b\b%2d ", bootdelay);
401 }
402
403 putc('\n');
404
405 return abort;
406 }
407
408 static int abortboot(int bootdelay)
409 {
410 int abort = 0;
411
412 if (bootdelay >= 0) {
413 if (autoboot_keyed())
414 abort = abortboot_key_sequence(bootdelay);
415 else
416 abort = abortboot_single_key(bootdelay);
417 }
418
419 if (IS_ENABLED(CONFIG_SILENT_CONSOLE) && abort)
420 gd->flags &= ~GD_FLG_SILENT;
421
422 return abort;
423 }
424
425 static void process_fdt_options(const void *blob)
426 {
427 #ifdef CONFIG_TEXT_BASE
428 ulong addr;
429
430 /* Add an env variable to point to a kernel payload, if available */
431 addr = ofnode_conf_read_int("kernel-offset", 0);
432 if (addr)
433 env_set_addr("kernaddr", (void *)(CONFIG_TEXT_BASE + addr));
434
435 /* Add an env variable to point to a root disk, if available */
436 addr = ofnode_conf_read_int("rootdisk-offset", 0);
437 if (addr)
438 env_set_addr("rootaddr", (void *)(CONFIG_TEXT_BASE + addr));
439 #endif /* CONFIG_TEXT_BASE */
440 }
441
442 const char *bootdelay_process(void)
443 {
444 char *s;
445 int bootdelay;
446
447 bootcount_inc();
448
449 s = env_get("bootdelay");
450 bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY;
451
452 /*
453 * Does it really make sense that the devicetree overrides the user
454 * setting? It is possibly helpful for security since the device tree
455 * may be signed whereas the environment is often loaded from storage.
456 */
457 if (IS_ENABLED(CONFIG_OF_CONTROL))
458 bootdelay = ofnode_conf_read_int("bootdelay", bootdelay);
459
460 debug("### main_loop entered: bootdelay=%d\n\n", bootdelay);
461
462 if (IS_ENABLED(CONFIG_AUTOBOOT_MENU_SHOW))
463 bootdelay = menu_show(bootdelay);
464 bootretry_init_cmd_timeout();
465
466 #ifdef CONFIG_POST
467 if (gd->flags & GD_FLG_POSTFAIL) {
468 s = env_get("failbootcmd");
469 } else
470 #endif /* CONFIG_POST */
471 if (bootcount_error())
472 s = env_get("altbootcmd");
473 else
474 s = env_get("bootcmd");
475
476 if (IS_ENABLED(CONFIG_OF_CONTROL))
477 process_fdt_options(gd->fdt_blob);
478 stored_bootdelay = bootdelay;
479
480 return s;
481 }
482
483 void autoboot_command(const char *s)
484 {
485 debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");
486
487 if (s && (stored_bootdelay == -2 ||
488 (stored_bootdelay != -1 && !abortboot(stored_bootdelay)))) {
489 bool lock;
490 int prev;
491
492 lock = autoboot_keyed() &&
493 !IS_ENABLED(CONFIG_AUTOBOOT_KEYED_CTRLC);
494 if (lock)
495 prev = disable_ctrlc(1); /* disable Ctrl-C checking */
496
497 run_command_list(s, -1, 0);
498
499 if (lock)
500 disable_ctrlc(prev); /* restore Ctrl-C checking */
501 }
502
503 if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY) &&
504 menukey == AUTOBOOT_MENUKEY) {
505 s = env_get("menucmd");
506 if (s)
507 run_command_list(s, -1, 0);
508 }
509 }
"Das U-Boot" Source Tree