From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH 3/3] ARM: socfpga: xload: evaluate integrity of second stage barebox images
Date: Thu, 5 Nov 2020 12:56:14 +0100 [thread overview]
Message-ID: <20201105115614.8802-3-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20201105115614.8802-1-s.hauer@pengutronix.de>
From: Ulrich Ölmann <u.oelmann@pengutronix.de>
Do not hand over control to a second stage barebox if its embedded CRC checksum
is invalid.
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
---
arch/arm/mach-socfpga/xload.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-socfpga/xload.c b/arch/arm/mach-socfpga/xload.c
index 1131cfee41..5c611ac6e1 100644
--- a/arch/arm/mach-socfpga/xload.c
+++ b/arch/arm/mach-socfpga/xload.c
@@ -8,6 +8,8 @@
#include <fs.h>
#include <io.h>
+#include <image-metadata.h>
+
#include <linux/clkdev.h>
#include <linux/stat.h>
#include <linux/clk.h>
@@ -31,13 +33,14 @@ static __noreturn int socfpga_xload(void)
enum bootsource bootsource = bootsource_get();
const struct socfpga_barebox_part *part;
void *buf = NULL;
+ size_t bufsize;
switch (bootsource) {
case BOOTSOURCE_MMC:
socfpga_cyclone5_mmc_init();
for (part = barebox_parts; part->mmc_disk; part++) {
- buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", NULL);
+ buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", &bufsize);
if (!buf) {
pr_info("failed to load barebox from MMC %s\n",
part->mmc_disk);
@@ -48,17 +51,35 @@ static __noreturn int socfpga_xload(void)
pr_err("failed to load barebox.bin from MMC\n");
hang();
}
+
+ if (IS_ENABLED(CONFIG_IMD))
+ if (imd_verify_crc32(buf, bufsize) == -EILSEQ) {
+ pr_err("failed to verify barebox.bin loaded from eMMC\n");
+ hang();
+ }
+
break;
case BOOTSOURCE_SPI:
socfpga_cyclone5_qspi_init();
for (part = barebox_parts; part->nor_size; part++) {
buf = bootstrap_read_devfs("mtd0", false,
- part->nor_offset, part->nor_size, SZ_1M, NULL);
+ part->nor_offset, part->nor_size, SZ_1M, &bufsize);
if (!buf) {
pr_info("failed to load barebox from QSPI NOR flash at offset %#x\n",
part->nor_offset);
continue;
}
+
+ if (IS_ENABLED(CONFIG_IMD))
+ if (imd_verify_crc32(buf, bufsize) == -EILSEQ) {
+ pr_err("failed to verify barebox loaded from "
+ "QSPI NOR flash at offset %#x\n",
+ part->nor_offset);
+ free(buf);
+ buf = NULL;
+ continue;
+ }
+
break;
}
--
2.20.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
prev parent reply other threads:[~2020-11-05 11:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-05 11:56 [PATCH 1/3] bootstrap_read_devfs(): optionally inform the caller of the buffer size Sascha Hauer
2020-11-05 11:56 ` [PATCH 2/3] bootstrap_read_disk(): " Sascha Hauer
2020-11-05 11:56 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201105115614.8802-3-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox