From patchwork Sun Jul 21 02:51:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1134496 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="apl6wJ5f"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 45rqqp0Mbjz9sML for ; Sun, 21 Jul 2019 13:25:09 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id B7F72C21DFA; Sun, 21 Jul 2019 03:25:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5786DC21D8E; Sun, 21 Jul 2019 02:54:20 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2D19BC21CB1; Sun, 21 Jul 2019 02:54:16 +0000 (UTC) Received: from mail-io1-f66.google.com (mail-io1-f66.google.com [209.85.166.66]) by lists.denx.de (Postfix) with ESMTPS id 934D6C21D74 for ; Sun, 21 Jul 2019 02:52:14 +0000 (UTC) Received: by mail-io1-f66.google.com with SMTP id f4so66555146ioh.6 for ; Sat, 20 Jul 2019 19:52:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZzpSISSYL8CXjMo3niPPQKby/pr2gHGQff2Lb11Uglk=; b=apl6wJ5fqopYPSdvjWcaX+hNTwAutdtP3nWQLnrsWE75kqWiqHpuM9/BRpfqeW49UB GEtBf23kQFz5gsEcdAIXCBCfDO6+BiEPvzAB+wYryhvSSu5cmyLqi6pjf4sCSfuR0ZbY 6ViwylgHY8bdEDWvLpo6zVDybrRrlSpI7YA9o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZzpSISSYL8CXjMo3niPPQKby/pr2gHGQff2Lb11Uglk=; b=cMmRXG9X1Yrk3UeirpsX21KfIErvMUjRNhqa8bQejuM1fHMfPFLjp/YnX/bvqdK/bT RUtiwO1HpIl7y0DnyxK8Uyyctf+hT2402d0RJYLozxXkYBr+kzgHPbsiVSZYhYZu7A9M d3Z9Jcnn/D5LYR1Er9Zy3UJtHJ8wqunEqz3sO2e9VMOikFH4GZqVVJ7rLDOEx16RgN6/ evhrQRlMFroq53NE8tHMQT1X/idXGMB+OUpsLcj4HSSMdsU9UvI7eq2KlG1mEXHF6y9n TLU+ISrri1drVXCxp4ZkJtKRTB+0Ugsf/cytJYO8hT7fHcVG2l80sRuRZy9Up+QlFGHm xJYw== X-Gm-Message-State: APjAAAW5Dlm5yBBcHmcE8S4K0gm1HrX74UU54DKBrCDXeSbAkVvYxF0M 4GG9zmMoVUp3frx+eYdtC2tOxwTl6ek= X-Google-Smtp-Source: APXvYqz4wzu3DxZLia7f5w1WDgU5jL7seX0yb8rTsuohLKsN/3cvwvEnVSWu3MY+Tzx/zhxqkczkZg== X-Received: by 2002:a02:a1c7:: with SMTP id o7mr66875179jah.26.1563677533462; Sat, 20 Jul 2019 19:52:13 -0700 (PDT) Received: from kiwi.bld.corp.google.com ([2620:15c:183:0:8223:87c:a681:66aa]) by smtp.gmail.com with ESMTPSA id b14sm38862696iod.33.2019.07.20.19.52.12 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sat, 20 Jul 2019 19:52:13 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Date: Sat, 20 Jul 2019 20:51:17 -0600 Message-Id: <20190721025128.30351-8-sjg@chromium.org> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog In-Reply-To: <20190721025128.30351-1-sjg@chromium.org> References: <20190721025128.30351-1-sjg@chromium.org> MIME-Version: 1.0 Cc: Tom Rini , Martin Etnestad Subject: [U-Boot] [PATCH v2 07/18] autoboot: Improve docs for CONFIG_AUTOBOOT_ENCRYPTION X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This option is not documented properly at present. Fix it. Signed-off-by: Simon Glass --- Changes in v2: None README | 2 ++ cmd/Kconfig | 9 ++++++++- common/autoboot.c | 16 ++++++++++++++++ doc/README.autoboot | 15 +++++++++++++++ 4 files changed, 41 insertions(+), 1 deletion(-) diff --git a/README b/README index f513af0b67..a2aaba818d 100644 --- a/README +++ b/README @@ -3425,6 +3425,8 @@ List of environment variables (most likely not complete): allowed for use by the bootm command. See also "bootm_low" environment variable. + bootstopkeysha256, bootdelaykey, bootstopkey - See README.autoboot + updatefile - Location of the software update file on a TFTP server, used by the automatic software update feature. Please refer to documentation in doc/README.update for more details. diff --git a/cmd/Kconfig b/cmd/Kconfig index 175c6ad9e3..37da17ff7f 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -101,7 +101,14 @@ config AUTOBOOT_PROMPT config AUTOBOOT_ENCRYPTION bool "Enable encryption in autoboot stopping" depends on AUTOBOOT_KEYED - default n + help + This option allows a string to be entered into U-Boot to stop the + autoboot. The string itself is hashed and compared against the hash + in the environment variable 'bootstopkeysha256'. If it matches then + boot stops and a command-line prompt is presented. + + This provides a way to ship a secure production device which can also + be accessed at the U-Boot command line. config AUTOBOOT_DELAY_STR string "Delay autobooting via specific input key / string" diff --git a/common/autoboot.c b/common/autoboot.c index 5a0dac8d79..f832808b71 100644 --- a/common/autoboot.c +++ b/common/autoboot.c @@ -54,6 +54,14 @@ static int slow_equals(u8 *a, u8 *b, int len) return diff == 0; } +/** + * passwd_abort_sha256() - check for a hashed key sequence to abort booting + * + * This checks for the user entering a SHA256 hash within a given time. + * + * @etime: Timeout value ticks (stop when get_ticks() reachs this) + * @return 0 if autoboot should continue, 1 if it should stop + */ static int passwd_abort_sha256(uint64_t etime) { const char *sha_env_str = env_get("bootstopkeysha256"); @@ -106,6 +114,14 @@ static int passwd_abort_sha256(uint64_t etime) return abort; } +/** + * passwd_abort_key() - check for a key sequence to aborted booting + * + * This checks for the user entering a string within a given time. + * + * @etime: Timeout value ticks (stop when get_ticks() reachs this) + * @return 0 if autoboot should continue, 1 if it should stop + */ static int passwd_abort_key(uint64_t etime) { int abort = 0; diff --git a/doc/README.autoboot b/doc/README.autoboot index eeb7e4c662..de35f3093d 100644 --- a/doc/README.autoboot +++ b/doc/README.autoboot @@ -132,6 +132,21 @@ What they do provides an escape sequence from the limited "password" strings. + CONFIG_AUTOBOOT_ENCRYPTION + + "bootstopkeysha256" environment variable + + - Hash value of the input which unlocks the device and + stops autoboot. + + This option allows a string to be entered into U-Boot to stop the + autoboot. The string itself is hashed and compared against the hash + in the environment variable 'bootstopkeysha256'. If it matches then + boot stops and a command-line prompt is presented. + + This provides a way to ship a secure production device which can also + be accessed at the U-Boot command line. + CONFIG_RESET_TO_RETRY (Only effective when CONFIG_BOOT_RETRY_TIME is also set)