Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-27 16:01:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

autoboot: Improve docs for CONFIG_AUTOBOOT_ENCRYPTION

Browse source 
This option is not documented properly at present. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Glass 2019-07-20 20:51:17 -06:00 committed by Tom Rini
parent e8c780560a
commit 88fa4beb63
4 changed files with 41 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README
View file

@ -3421,6 +3421,8 @@ List of environment variables (most likely not complete):
allowed for use by the bootm command. See also "bootm_low" allowed for use by the bootm command. See also "bootm_low"
environment variable. environment variable.
bootstopkeysha256, bootdelaykey, bootstopkey - See README.autoboot
updatefile - Location of the software update file on a TFTP server, used updatefile - Location of the software update file on a TFTP server, used
by the automatic software update feature. Please refer to by the automatic software update feature. Please refer to
documentation in doc/README.update for more details. documentation in doc/README.update for more details.

9
cmd/Kconfig
View file

@ -101,7 +101,14 @@ config AUTOBOOT_PROMPT
config AUTOBOOT_ENCRYPTION config AUTOBOOT_ENCRYPTION
bool "Enable encryption in autoboot stopping" bool "Enable encryption in autoboot stopping"
depends on AUTOBOOT_KEYED depends on AUTOBOOT_KEYED
default n help
This option allows a string to be entered into U-Boot to stop the
autoboot. The string itself is hashed and compared against the hash
in the environment variable 'bootstopkeysha256'. If it matches then
boot stops and a command-line prompt is presented.
This provides a way to ship a secure production device which can also
be accessed at the U-Boot command line.
config AUTOBOOT_DELAY_STR config AUTOBOOT_DELAY_STR
string "Delay autobooting via specific input key / string" string "Delay autobooting via specific input key / string"

16
common/autoboot.c
View file

@ -54,6 +54,14 @@ static int slow_equals(u8 *a, u8 *b, int len)
return diff == 0; return diff == 0;
} }
/**
* passwd_abort_sha256() - check for a hashed key sequence to abort booting
*
* This checks for the user entering a SHA256 hash within a given time.
*
* @etime: Timeout value ticks (stop when get_ticks() reachs this)
* @return 0 if autoboot should continue, 1 if it should stop
*/
static int passwd_abort_sha256(uint64_t etime) static int passwd_abort_sha256(uint64_t etime)
{ {
const char *sha_env_str = env_get("bootstopkeysha256"); const char *sha_env_str = env_get("bootstopkeysha256");
@ -106,6 +114,14 @@ static int passwd_abort_sha256(uint64_t etime)
return abort; return abort;
} }
/**
* passwd_abort_key() - check for a key sequence to aborted booting
*
* This checks for the user entering a string within a given time.
*
* @etime: Timeout value ticks (stop when get_ticks() reachs this)
* @return 0 if autoboot should continue, 1 if it should stop
*/
static int passwd_abort_key(uint64_t etime) static int passwd_abort_key(uint64_t etime)
{ {
int abort = 0; int abort = 0;

15
doc/README.autoboot
View file

@ -132,6 +132,21 @@ What they do
provides an escape sequence from the limited "password" provides an escape sequence from the limited "password"
strings. strings.
CONFIG_AUTOBOOT_ENCRYPTION
"bootstopkeysha256" environment variable
- Hash value of the input which unlocks the device and
stops autoboot.
This option allows a string to be entered into U-Boot to stop the
autoboot. The string itself is hashed and compared against the hash
in the environment variable 'bootstopkeysha256'. If it matches then
boot stops and a command-line prompt is presented.
This provides a way to ship a secure production device which can also
be accessed at the U-Boot command line.
CONFIG_RESET_TO_RETRY CONFIG_RESET_TO_RETRY
(Only effective when CONFIG_BOOT_RETRY_TIME is also set) (Only effective when CONFIG_BOOT_RETRY_TIME is also set)