From: Christian Eggers <ceggers@arri.de>
To: barebox@lists.infradead.org
Cc: Christian Eggers <ceggers@arri.de>
Subject: [PATCH] gadget: f_fastboot: New Kconfig option USB_GADGET_FASTBOOT_CMD_OEM
Date: Fri, 21 Feb 2020 13:15:12 +0100 [thread overview]
Message-ID: <20200221121512.15942-1-ceggers@arri.de> (raw)
Most fastboot commands are suitable for a secure boot environment as
they only allow to download/flash/erase to files/partitions which were
explicitly specified in the usbgadget command.
The "oem" group of commands allows execution of arbitrary barebox
commands. This needs to be disabled for secure boot devices.
Signed-off-by: Christian Eggers <ceggers@arri.de>
---
drivers/usb/gadget/Kconfig | 11 +++++++++++
drivers/usb/gadget/f_fastboot.c | 4 +++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig
index 9d6a262038..a3e2a8b4e3 100644
--- a/drivers/usb/gadget/Kconfig
+++ b/drivers/usb/gadget/Kconfig
@@ -58,6 +58,7 @@ config USB_GADGET_FASTBOOT
config USB_GADGET_FASTBOOT_SPARSE
bool
+ depends on USB_GADGET_FASTBOOT
select IMAGE_SPARSE
prompt "Enable Fastboot sparse image support"
help
@@ -77,4 +78,14 @@ config USB_GADGET_FASTBOOT_BUF
a buffer, then using a buffer might be better.
Say no here unless you know what you are doing.
+
+config USB_GADGET_FASTBOOT_CMD_OEM
+ bool
+ depends on USB_GADGET_FASTBOOT
+ prompt "Enable OEM commands"
+ help
+ This option enables the fastboot "oem" group of commands. They allow to
+ executing arbitrary barebox commands and may be disabled in secure
+ environments.
+
endif
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index 0a3aff3cf0..2d760867ad 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -1251,7 +1251,7 @@ static const struct cmd_dispatch_info cmd_oem_dispatch_info[] = {
},
};
-static void cb_oem(struct f_fastboot *f_fb, const char *cmd)
+static void __maybe_unused cb_oem(struct f_fastboot *f_fb, const char *cmd)
{
pr_debug("%s: \"%s\"\n", __func__, cmd);
@@ -1279,9 +1279,11 @@ static const struct cmd_dispatch_info cmd_dispatch_info[] = {
}, {
.cmd = "erase:",
.cb = cb_erase,
+#if defined(CONFIG_USB_GADGET_FASTBOOT_CMD_OEM)
}, {
.cmd = "oem ",
.cb = cb_oem,
+#endif
},
};
--
Christian Eggers
Embedded software developer
Arnold & Richter Cine Technik GmbH & Co. Betriebs KG
Sitz: Muenchen - Registergericht: Amtsgericht Muenchen - Handelsregisternummer: HRA 57918
Persoenlich haftender Gesellschafter: Arnold & Richter Cine Technik GmbH
Sitz: Muenchen - Registergericht: Amtsgericht Muenchen - Handelsregisternummer: HRB 54477
Geschaeftsfuehrer: Dr. Michael Neuhaeuser; Stephan Schenk; Walter Trauninger; Markus Zeiler
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next reply other threads:[~2020-02-21 12:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-21 12:15 Christian Eggers [this message]
2020-02-25 8:02 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200221121512.15942-1-ceggers@arri.de \
--to=ceggers@arri.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox