1 // SPDX-License-Identifier: GPL-2.0+
4 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
23 #include <asm/global_data.h>
24 #include <linux/delay.h>
25 #include <u-boot/sha256.h>
26 #include <bootcount.h>
28 #include <dm/ofnode.h>
30 DECLARE_GLOBAL_DATA_PTR;
32 #define DELAY_STOP_STR_MAX_LENGTH 64
34 #ifndef DEBUG_BOOTKEYS
35 #define DEBUG_BOOTKEYS 0
37 #define debug_bootkeys(fmt, args...) \
38 debug_cond(DEBUG_BOOTKEYS, fmt, ##args)
40 /* Stored value of bootdelay, used by autoboot_command() */
41 static int stored_bootdelay;
44 #if defined(CONFIG_AUTOBOOT_STOP_STR_CRYPT)
45 #define AUTOBOOT_STOP_STR_CRYPT CONFIG_AUTOBOOT_STOP_STR_CRYPT
47 #define AUTOBOOT_STOP_STR_CRYPT ""
49 #if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
50 #define AUTOBOOT_STOP_STR_SHA256 CONFIG_AUTOBOOT_STOP_STR_SHA256
52 #define AUTOBOOT_STOP_STR_SHA256 ""
55 #ifdef CONFIG_AUTOBOOT_USE_MENUKEY
56 #define AUTOBOOT_MENUKEY CONFIG_AUTOBOOT_MENUKEY
58 #define AUTOBOOT_MENUKEY 0
62 * passwd_abort_crypt() - check for a crypt-style hashed key sequence to abort booting
64 * This checks for the user entering a password within a given time.
66 * The entered password is hashed via one of the crypt-style hash methods
67 * and compared to the pre-defined value from either
68 * the environment variable "bootstopkeycrypt"
70 * the config value CONFIG_AUTOBOOT_STOP_STR_CRYPT
72 * In case the config value CONFIG_AUTOBOOT_NEVER_TIMEOUT has been enabled
73 * this function never times out if the user presses the <Enter> key
74 * before starting to enter the password.
76 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
77 * Return: 0 if autoboot should continue, 1 if it should stop
79 static int passwd_abort_crypt(uint64_t etime)
81 const char *crypt_env_str = env_get("bootstopkeycrypt");
82 char presskey[DELAY_STOP_STR_MAX_LENGTH];
83 u_int presskey_len = 0;
85 int never_timeout = 0;
88 if (IS_ENABLED(CONFIG_AUTOBOOT_STOP_STR_ENABLE) && !crypt_env_str)
89 crypt_env_str = AUTOBOOT_STOP_STR_CRYPT;
94 /* We expect the stop-string to be newline-terminated */
97 /* Check for input string overflow */
98 if (presskey_len >= sizeof(presskey))
101 presskey[presskey_len] = getchar();
103 if ((presskey[presskey_len] == '\r') ||
104 (presskey[presskey_len] == '\n')) {
105 if (IS_ENABLED(CONFIG_AUTOBOOT_NEVER_TIMEOUT) &&
110 presskey[presskey_len] = '\0';
111 err = crypt_compare(crypt_env_str, presskey,
115 "crypt_compare() failed with: %s\n",
117 /* you had one chance */
124 } while (never_timeout || get_ticks() <= etime);
130 * Use a "constant-length" time compare function for this
133 * https://crackstation.net/hashing-security.htm
135 static int slow_equals(u8 *a, u8 *b, int len)
140 for (i = 0; i < len; i++)
147 * passwd_abort_sha256() - check for a hashed key sequence to abort booting
149 * This checks for the user entering a SHA256 hash within a given time.
151 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
152 * Return: 0 if autoboot should continue, 1 if it should stop
154 static int passwd_abort_sha256(uint64_t etime)
156 const char *sha_env_str = env_get("bootstopkeysha256");
157 u8 sha_env[SHA256_SUM_LEN];
161 const char *algo_name = "sha256";
162 u_int presskey_len = 0;
164 int size = sizeof(sha);
167 if (sha_env_str == NULL)
168 sha_env_str = AUTOBOOT_STOP_STR_SHA256;
170 presskey = malloc_cache_aligned(DELAY_STOP_STR_MAX_LENGTH);
174 c = strstr(sha_env_str, ":");
175 if (c && (c - sha_env_str < DELAY_STOP_STR_MAX_LENGTH)) {
176 /* preload presskey with salt */
177 memcpy(presskey, sha_env_str, c - sha_env_str);
178 presskey_len = c - sha_env_str;
182 * Generate the binary value from the environment hash value
183 * so that we can compare this value with the computed hash
184 * from the user input
186 ret = hash_parse_string(algo_name, sha_env_str, sha_env);
188 printf("Hash %s not supported!\n", algo_name);
192 sha = malloc_cache_aligned(SHA256_SUM_LEN);
193 size = SHA256_SUM_LEN;
195 * We don't know how long the stop-string is, so we need to
196 * generate the sha256 hash upon each input character and
197 * compare the value with the one saved in the environment
201 /* Check for input string overflow */
202 if (presskey_len >= DELAY_STOP_STR_MAX_LENGTH) {
208 presskey[presskey_len++] = getchar();
210 /* Calculate sha256 upon each new char */
211 hash_block(algo_name, (const void *)presskey,
212 presskey_len, sha, &size);
214 /* And check if sha matches saved value in env */
215 if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
219 } while (!abort && get_ticks() <= etime);
227 * passwd_abort_key() - check for a key sequence to aborted booting
229 * This checks for the user entering a string within a given time.
231 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
232 * Return: 0 if autoboot should continue, 1 if it should stop
234 static int passwd_abort_key(uint64_t etime)
243 { .str = env_get("bootdelaykey"), .retry = 1 },
244 { .str = env_get("bootstopkey"), .retry = 0 },
247 char presskey[DELAY_STOP_STR_MAX_LENGTH];
248 int presskey_len = 0;
249 int presskey_max = 0;
252 # ifdef CONFIG_AUTOBOOT_DELAY_STR
253 if (delaykey[0].str == NULL)
254 delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
256 # ifdef CONFIG_AUTOBOOT_STOP_STR
257 if (delaykey[1].str == NULL)
258 delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
261 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
262 delaykey[i].len = delaykey[i].str == NULL ?
263 0 : strlen(delaykey[i].str);
264 delaykey[i].len = delaykey[i].len > DELAY_STOP_STR_MAX_LENGTH ?
265 DELAY_STOP_STR_MAX_LENGTH : delaykey[i].len;
267 presskey_max = presskey_max > delaykey[i].len ?
268 presskey_max : delaykey[i].len;
270 debug_bootkeys("%s key:<%s>\n",
271 delaykey[i].retry ? "delay" : "stop",
272 delaykey[i].str ? delaykey[i].str : "NULL");
275 /* In order to keep up with incoming data, check timeout only
280 if (presskey_len < presskey_max) {
281 presskey[presskey_len++] = getchar();
283 for (i = 0; i < presskey_max - 1; i++)
284 presskey[i] = presskey[i + 1];
286 presskey[i] = getchar();
290 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
291 if (delaykey[i].len > 0 &&
292 presskey_len >= delaykey[i].len &&
293 memcmp(presskey + presskey_len -
294 delaykey[i].len, delaykey[i].str,
295 delaykey[i].len) == 0) {
296 debug_bootkeys("got %skey\n",
297 delaykey[i].retry ? "delay" :
300 /* don't retry auto boot */
301 if (!delaykey[i].retry)
302 bootretry_dont_retry();
307 } while (!abort && get_ticks() <= etime);
313 * flush_stdin() - drops all pending characters from stdin
315 static void flush_stdin(void)
322 * fallback_to_sha256() - check whether we should fall back to sha256
325 * This checks for the environment variable `bootstopusesha256` in case
326 * sha256-fallback has been enabled via the config setting
327 * `AUTOBOOT_SHA256_FALLBACK`.
329 * Return: `false` if we must not fall-back, `true` if plain sha256 should be tried
331 static bool fallback_to_sha256(void)
333 if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK))
334 return env_get_yesno("bootstopusesha256") == 1;
335 else if (IS_ENABLED(CONFIG_CRYPT_PW))
341 /***************************************************************************
342 * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
343 * returns: 0 - no key string, allow autoboot 1 - got key string, abort
345 static int abortboot_key_sequence(int bootdelay)
348 uint64_t etime = endtick(bootdelay);
350 if (IS_ENABLED(CONFIG_AUTOBOOT_FLUSH_STDIN))
352 # ifdef CONFIG_AUTOBOOT_PROMPT
354 * CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
355 * To print the bootdelay value upon bootup.
357 printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
360 if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
361 if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
362 abort = passwd_abort_crypt(etime);
364 abort = passwd_abort_sha256(etime);
366 abort = passwd_abort_key(etime);
369 debug_bootkeys("key timeout\n");
374 static int abortboot_single_key(int bootdelay)
379 printf("Hit any key to stop autoboot: %2d ", bootdelay);
382 * Check if key already pressed
384 if (tstc()) { /* we got a key press */
385 getchar(); /* consume input */
387 abort = 1; /* don't auto boot */
390 while ((bootdelay > 0) && (!abort)) {
395 if (tstc()) { /* we got a key press */
398 abort = 1; /* don't auto boot */
399 bootdelay = 0; /* no more delay */
400 key = getchar();/* consume input */
401 if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY))
406 } while (!abort && get_timer(ts) < 1000);
408 printf("\b\b\b%2d ", bootdelay);
416 static int abortboot(int bootdelay)
420 if (bootdelay >= 0) {
421 if (autoboot_keyed())
422 abort = abortboot_key_sequence(bootdelay);
424 abort = abortboot_single_key(bootdelay);
427 if (IS_ENABLED(CONFIG_SILENT_CONSOLE) && abort)
428 gd->flags &= ~GD_FLG_SILENT;
433 static void process_fdt_options(void)
435 #ifdef CONFIG_TEXT_BASE
438 /* Add an env variable to point to a kernel payload, if available */
439 addr = ofnode_conf_read_int("kernel-offset", 0);
441 env_set_addr("kernaddr", (void *)(CONFIG_TEXT_BASE + addr));
443 /* Add an env variable to point to a root disk, if available */
444 addr = ofnode_conf_read_int("rootdisk-offset", 0);
446 env_set_addr("rootaddr", (void *)(CONFIG_TEXT_BASE + addr));
447 #endif /* CONFIG_TEXT_BASE */
450 const char *bootdelay_process(void)
457 s = env_get("bootdelay");
458 bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY;
461 * Does it really make sense that the devicetree overrides the user
462 * setting? It is possibly helpful for security since the device tree
463 * may be signed whereas the environment is often loaded from storage.
465 if (IS_ENABLED(CONFIG_OF_CONTROL))
466 bootdelay = ofnode_conf_read_int("bootdelay", bootdelay);
468 debug("### main_loop entered: bootdelay=%d\n\n", bootdelay);
470 if (IS_ENABLED(CONFIG_AUTOBOOT_MENU_SHOW))
471 bootdelay = menu_show(bootdelay);
472 bootretry_init_cmd_timeout();
475 if (gd->flags & GD_FLG_POSTFAIL) {
476 s = env_get("failbootcmd");
478 #endif /* CONFIG_POST */
479 if (bootcount_error())
480 s = env_get("altbootcmd");
482 s = env_get("bootcmd");
484 if (IS_ENABLED(CONFIG_OF_CONTROL))
485 process_fdt_options();
486 stored_bootdelay = bootdelay;
491 void autoboot_command(const char *s)
493 debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");
495 if (s && (stored_bootdelay == -2 ||
496 (stored_bootdelay != -1 && !abortboot(stored_bootdelay)))) {
500 lock = autoboot_keyed() &&
501 !IS_ENABLED(CONFIG_AUTOBOOT_KEYED_CTRLC);
503 prev = disable_ctrlc(1); /* disable Ctrl-C checking */
505 run_command_list(s, -1, 0);
508 disable_ctrlc(prev); /* restore Ctrl-C checking */
511 if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY) &&
512 menukey == AUTOBOOT_MENUKEY) {
513 s = env_get("menucmd");
515 run_command_list(s, -1, 0);
projects / platform / kernel / u-boot.git / blob