summaryrefslogtreecommitdiffstats
path: root/arch/arm/cpu
diff options
context:
space:
mode:
authorRouven Czerwinski <r.czerwinski@pengutronix.de>2019-08-06 07:11:03 +0200
committerSascha Hauer <s.hauer@pengutronix.de>2019-08-07 09:42:15 +0200
commita0dbc68b50a288853e647e868117ba62d2d3aac7 (patch)
tree1ce8916b31eb18b9c1cca0bf69eee8cade98d521 /arch/arm/cpu
parent6ca22c92e949619395d0c186cdb78a37ec2c9201 (diff)
downloadbarebox-a0dbc68b50a288853e647e868117ba62d2d3aac7.tar.gz
barebox-a0dbc68b50a288853e647e868117ba62d2d3aac7.tar.xz
arm: uncompress: verify sha256 if enabled
Add piggydata verification before the ARM uncompress function. This calculates the sha256sum of the compressed barebox binary and only continues if the builtin sha256sum matches the calculated sha256sum. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'arch/arm/cpu')
-rw-r--r--arch/arm/cpu/uncompress.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/arch/arm/cpu/uncompress.c b/arch/arm/cpu/uncompress.c
index c7851c5c75..7ea07d0886 100644
--- a/arch/arm/cpu/uncompress.c
+++ b/arch/arm/cpu/uncompress.c
@@ -42,14 +42,18 @@ unsigned long free_mem_end_ptr;
extern unsigned char input_data[];
extern unsigned char input_data_end[];
+extern unsigned char sha_sum[];
+extern unsigned char sha_sum_end[];
+
void __noreturn barebox_multi_pbl_start(unsigned long membase,
unsigned long memsize, void *boarddata)
{
- uint32_t pg_len, uncompressed_len;
+ uint32_t pg_len, uncompressed_len, pbl_hash_len;
void __noreturn (*barebox)(unsigned long, unsigned long, void *);
unsigned long endmem = membase + memsize;
unsigned long barebox_base;
void *pg_start, *pg_end;
+ void *pbl_hash_start, *pbl_hash_end;
unsigned long pc = get_pc();
pg_start = input_data + global_variable_offset();
@@ -92,6 +96,17 @@ void __noreturn barebox_multi_pbl_start(unsigned long membase,
pr_debug("uncompressing barebox binary at 0x%p (size 0x%08x) to 0x%08lx (uncompressed size: 0x%08x)\n",
pg_start, pg_len, barebox_base, uncompressed_len);
+ if (IS_ENABLED(CONFIG_PBL_VERIFY_PIGGY)) {
+ pbl_hash_start = sha_sum;
+ pbl_hash_end = sha_sum_end;
+ pbl_hash_len = pbl_hash_end - pbl_hash_start;
+ if (pbl_barebox_verify(pg_start, pg_len, pbl_hash_start,
+ pbl_hash_len) != 0) {
+ putc_ll('!');
+ panic("hash mismatch, refusing to decompress");
+ }
+ }
+
pbl_barebox_uncompress((void*)barebox_base, pg_start, pg_len);
sync_caches_for_execution();