[PATCH 3/3] ARM: socfpga: xload: evaluate integrity of second stage barebox images

From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH 3/3] ARM: socfpga: xload: evaluate integrity of second stage barebox images
Date: Thu,  5 Nov 2020 12:56:14 +0100	[thread overview]
Message-ID: <20201105115614.8802-3-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20201105115614.8802-1-s.hauer@pengutronix.de>

From: Ulrich Ölmann <u.oelmann@pengutronix.de>

Do not hand over control to a second stage barebox if its embedded CRC checksum
is invalid.

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
---
 arch/arm/mach-socfpga/xload.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-socfpga/xload.c b/arch/arm/mach-socfpga/xload.c
index 1131cfee41..5c611ac6e1 100644
--- a/arch/arm/mach-socfpga/xload.c
+++ b/arch/arm/mach-socfpga/xload.c
@@ -8,6 +8,8 @@
 #include <fs.h>
 #include <io.h>
 
+#include <image-metadata.h>
+
 #include <linux/clkdev.h>
 #include <linux/stat.h>
 #include <linux/clk.h>
@@ -31,13 +33,14 @@ static __noreturn int socfpga_xload(void)
 	enum bootsource bootsource = bootsource_get();
 	const struct socfpga_barebox_part *part;
 	void *buf = NULL;
+	size_t bufsize;
 
 	switch (bootsource) {
 	case BOOTSOURCE_MMC:
 		socfpga_cyclone5_mmc_init();
 
 		for (part = barebox_parts; part->mmc_disk; part++) {
-			buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", NULL);
+			buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", &bufsize);
 			if (!buf) {
 				pr_info("failed to load barebox from MMC %s\n",
 					part->mmc_disk);
@@ -48,17 +51,35 @@ static __noreturn int socfpga_xload(void)
 			pr_err("failed to load barebox.bin from MMC\n");
 			hang();
 		}
+
+		if (IS_ENABLED(CONFIG_IMD))
+			if (imd_verify_crc32(buf, bufsize) == -EILSEQ) {
+				pr_err("failed to verify barebox.bin loaded from eMMC\n");
+				hang();
+			}
+
 		break;
 	case BOOTSOURCE_SPI:
 		socfpga_cyclone5_qspi_init();
 		for (part = barebox_parts; part->nor_size; part++) {
 			buf = bootstrap_read_devfs("mtd0", false,
-					part->nor_offset, part->nor_size, SZ_1M, NULL);
+					part->nor_offset, part->nor_size, SZ_1M, &bufsize);
 			if (!buf) {
 				pr_info("failed to load barebox from QSPI NOR flash at offset %#x\n",
 					part->nor_offset);
 				continue;
 			}
+
+			if (IS_ENABLED(CONFIG_IMD))
+				if (imd_verify_crc32(buf, bufsize) == -EILSEQ) {
+					pr_err("failed to verify barebox loaded from "
+					       "QSPI NOR flash at offset %#x\n",
+					       part->nor_offset);
+					free(buf);
+					buf = NULL;
+					continue;
+				}
+
 			break;
 		}
 
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
