diff options
author | Ulrich Ölmann <u.oelmann@pengutronix.de> | 2016-04-20 09:57:23 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2020-11-05 12:56:00 +0100 |
commit | 7a8def6214adf1bae8c34ab7807ea9953de7d579 (patch) | |
tree | 5a1992eaabcabab62d714b01d99f7b7a6930e60e /arch/arm/mach-socfpga | |
parent | c98507f40d39633e345230caa00f78c9065da845 (diff) | |
download | barebox-7a8def6214adf1bae8c34ab7807ea9953de7d579.tar.gz barebox-7a8def6214adf1bae8c34ab7807ea9953de7d579.tar.xz |
ARM: socfpga: xload: evaluate integrity of second stage barebox images
Do not hand over control to a second stage barebox if its embedded CRC checksum
is invalid.
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Diffstat (limited to 'arch/arm/mach-socfpga')
-rw-r--r-- | arch/arm/mach-socfpga/xload.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/arch/arm/mach-socfpga/xload.c b/arch/arm/mach-socfpga/xload.c index 1131cfee41..5c611ac6e1 100644 --- a/arch/arm/mach-socfpga/xload.c +++ b/arch/arm/mach-socfpga/xload.c @@ -8,6 +8,8 @@ #include <fs.h> #include <io.h> +#include <image-metadata.h> + #include <linux/clkdev.h> #include <linux/stat.h> #include <linux/clk.h> @@ -31,13 +33,14 @@ static __noreturn int socfpga_xload(void) enum bootsource bootsource = bootsource_get(); const struct socfpga_barebox_part *part; void *buf = NULL; + size_t bufsize; switch (bootsource) { case BOOTSOURCE_MMC: socfpga_cyclone5_mmc_init(); for (part = barebox_parts; part->mmc_disk; part++) { - buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", NULL); + buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", &bufsize); if (!buf) { pr_info("failed to load barebox from MMC %s\n", part->mmc_disk); @@ -48,17 +51,35 @@ static __noreturn int socfpga_xload(void) pr_err("failed to load barebox.bin from MMC\n"); hang(); } + + if (IS_ENABLED(CONFIG_IMD)) + if (imd_verify_crc32(buf, bufsize) == -EILSEQ) { + pr_err("failed to verify barebox.bin loaded from eMMC\n"); + hang(); + } + break; case BOOTSOURCE_SPI: socfpga_cyclone5_qspi_init(); for (part = barebox_parts; part->nor_size; part++) { buf = bootstrap_read_devfs("mtd0", false, - part->nor_offset, part->nor_size, SZ_1M, NULL); + part->nor_offset, part->nor_size, SZ_1M, &bufsize); if (!buf) { pr_info("failed to load barebox from QSPI NOR flash at offset %#x\n", part->nor_offset); continue; } + + if (IS_ENABLED(CONFIG_IMD)) + if (imd_verify_crc32(buf, bufsize) == -EILSEQ) { + pr_err("failed to verify barebox loaded from " + "QSPI NOR flash at offset %#x\n", + part->nor_offset); + free(buf); + buf = NULL; + continue; + } + break; } |