diff options
author | Christian Eggers <ceggers@arri.de> | 2020-02-21 13:15:12 +0100 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2020-02-25 09:01:41 +0100 |
commit | ba08e336c85196affabb5983768c6b5996c6bb00 (patch) | |
tree | acdce349d751aaca28948c43c39a66cb7f4d5500 | |
parent | ed5d14afad1c303caab209549b33f795df3d6d6a (diff) | |
download | barebox-ba08e336c85196affabb5983768c6b5996c6bb00.tar.gz barebox-ba08e336c85196affabb5983768c6b5996c6bb00.tar.xz |
gadget: f_fastboot: New Kconfig option USB_GADGET_FASTBOOT_CMD_OEM
Most fastboot commands are suitable for a secure boot environment as
they only allow to download/flash/erase to files/partitions which were
explicitly specified in the usbgadget command.
The "oem" group of commands allows execution of arbitrary barebox
commands. This needs to be disabled for secure boot devices.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
-rw-r--r-- | arch/arm/configs/imx23_defconfig | 1 | ||||
-rw-r--r-- | arch/arm/configs/imx28_defconfig | 1 | ||||
-rw-r--r-- | arch/arm/configs/imx_v7_defconfig | 1 | ||||
-rw-r--r-- | arch/arm/configs/kindle-mx50_defconfig | 1 | ||||
-rw-r--r-- | arch/arm/configs/omap_defconfig | 1 | ||||
-rw-r--r-- | arch/arm/configs/zii_vf610_dev_defconfig | 1 | ||||
-rw-r--r-- | drivers/usb/gadget/Kconfig | 11 | ||||
-rw-r--r-- | drivers/usb/gadget/f_fastboot.c | 4 |
8 files changed, 20 insertions, 1 deletions
diff --git a/arch/arm/configs/imx23_defconfig b/arch/arm/configs/imx23_defconfig index 26c63814b9..bff9c08c40 100644 --- a/arch/arm/configs/imx23_defconfig +++ b/arch/arm/configs/imx23_defconfig @@ -90,6 +90,7 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_DFU=y CONFIG_USB_GADGET_SERIAL=y CONFIG_USB_GADGET_FASTBOOT=y +CONFIG_USB_GADGET_FASTBOOT_CMD_OEM=y CONFIG_VIDEO=y CONFIG_DRIVER_VIDEO_STM=y CONFIG_MCI=y diff --git a/arch/arm/configs/imx28_defconfig b/arch/arm/configs/imx28_defconfig index 58cda937a8..1acc8dd94f 100644 --- a/arch/arm/configs/imx28_defconfig +++ b/arch/arm/configs/imx28_defconfig @@ -93,6 +93,7 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_DFU=y CONFIG_USB_GADGET_SERIAL=y CONFIG_USB_GADGET_FASTBOOT=y +CONFIG_USB_GADGET_FASTBOOT_CMD_OEM=y CONFIG_VIDEO=y CONFIG_DRIVER_VIDEO_STM=y CONFIG_MCI=y diff --git a/arch/arm/configs/imx_v7_defconfig b/arch/arm/configs/imx_v7_defconfig index 8b8178a96f..5bf908ee85 100644 --- a/arch/arm/configs/imx_v7_defconfig +++ b/arch/arm/configs/imx_v7_defconfig @@ -160,6 +160,7 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_DFU=y CONFIG_USB_GADGET_SERIAL=y CONFIG_USB_GADGET_FASTBOOT=y +CONFIG_USB_GADGET_FASTBOOT_CMD_OEM=y CONFIG_VIDEO=y CONFIG_DRIVER_VIDEO_IMX_IPUV3=y CONFIG_DRIVER_VIDEO_IMX_IPUV3_LVDS=y diff --git a/arch/arm/configs/kindle-mx50_defconfig b/arch/arm/configs/kindle-mx50_defconfig index 95b505fda2..855daef71a 100644 --- a/arch/arm/configs/kindle-mx50_defconfig +++ b/arch/arm/configs/kindle-mx50_defconfig @@ -50,6 +50,7 @@ CONFIG_USB_EHCI=y CONFIG_USB_GADGET=y CONFIG_USB_GADGET_SERIAL=y CONFIG_USB_GADGET_FASTBOOT=y +CONFIG_USB_GADGET_FASTBOOT_CMD_OEM=y CONFIG_MCI=y CONFIG_MCI_STARTUP=y CONFIG_MCI_MMC_BOOT_PARTITIONS=y diff --git a/arch/arm/configs/omap_defconfig b/arch/arm/configs/omap_defconfig index ba90158252..9d71d02744 100644 --- a/arch/arm/configs/omap_defconfig +++ b/arch/arm/configs/omap_defconfig @@ -121,6 +121,7 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_DFU=y CONFIG_USB_GADGET_SERIAL=y CONFIG_USB_GADGET_FASTBOOT=y +CONFIG_USB_GADGET_FASTBOOT_CMD_OEM=y CONFIG_USB_MUSB=y CONFIG_USB_MUSB_AM335X=y CONFIG_USB_MUSB_HOST=y diff --git a/arch/arm/configs/zii_vf610_dev_defconfig b/arch/arm/configs/zii_vf610_dev_defconfig index c9aa60c33e..7161d740ac 100644 --- a/arch/arm/configs/zii_vf610_dev_defconfig +++ b/arch/arm/configs/zii_vf610_dev_defconfig @@ -113,6 +113,7 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_DFU=y CONFIG_USB_GADGET_SERIAL=y CONFIG_USB_GADGET_FASTBOOT=y +CONFIG_USB_GADGET_FASTBOOT_CMD_OEM=y CONFIG_MCI=y CONFIG_MCI_MMC_BOOT_PARTITIONS=y CONFIG_MCI_IMX_ESDHC=y diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig index 9d6a262038..a3e2a8b4e3 100644 --- a/drivers/usb/gadget/Kconfig +++ b/drivers/usb/gadget/Kconfig @@ -58,6 +58,7 @@ config USB_GADGET_FASTBOOT config USB_GADGET_FASTBOOT_SPARSE bool + depends on USB_GADGET_FASTBOOT select IMAGE_SPARSE prompt "Enable Fastboot sparse image support" help @@ -77,4 +78,14 @@ config USB_GADGET_FASTBOOT_BUF a buffer, then using a buffer might be better. Say no here unless you know what you are doing. + +config USB_GADGET_FASTBOOT_CMD_OEM + bool + depends on USB_GADGET_FASTBOOT + prompt "Enable OEM commands" + help + This option enables the fastboot "oem" group of commands. They allow to + executing arbitrary barebox commands and may be disabled in secure + environments. + endif diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 0a3aff3cf0..2d760867ad 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -1251,7 +1251,7 @@ static const struct cmd_dispatch_info cmd_oem_dispatch_info[] = { }, }; -static void cb_oem(struct f_fastboot *f_fb, const char *cmd) +static void __maybe_unused cb_oem(struct f_fastboot *f_fb, const char *cmd) { pr_debug("%s: \"%s\"\n", __func__, cmd); @@ -1279,9 +1279,11 @@ static const struct cmd_dispatch_info cmd_dispatch_info[] = { }, { .cmd = "erase:", .cb = cb_erase, +#if defined(CONFIG_USB_GADGET_FASTBOOT_CMD_OEM) }, { .cmd = "oem ", .cb = cb_oem, +#endif }, }; |