diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-22 09:56:23 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-23 10:10:05 +0200 |
commit | 1cf0d514db41bd3729c14253a62f33e74ef1a43e (patch) | |
tree | f14cf66ac6e05745e5e36f55406d3e360e4b0d01 /pbl/decomp.c | |
parent | 5f04e5e03e941c8cae4f42f670abba847bfbcf9d (diff) | |
download | barebox-1cf0d514db41bd3729c14253a62f33e74ef1a43e.tar.gz barebox-1cf0d514db41bd3729c14253a62f33e74ef1a43e.tar.xz |
pbl: Move piggy verification into pbl_barebox_uncompress()
piggy verification is a direct prerequisite of uncompressing the
piggydata, so move the verification there.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Diffstat (limited to 'pbl/decomp.c')
-rw-r--r-- | pbl/decomp.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/pbl/decomp.c b/pbl/decomp.c index ef713a6c74..1e0ef81ada 100644 --- a/pbl/decomp.c +++ b/pbl/decomp.c @@ -51,16 +51,11 @@ static void noinline errorfn(char *error) while (1); } -void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len) -{ - decompress((void *)compressed_start, - len, - NULL, NULL, - dest, NULL, errorfn); -} +extern unsigned char sha_sum[]; +extern unsigned char sha_sum_end[]; -int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, - unsigned int hash_len) +static int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, + unsigned int hash_len) { struct sha256_state sha_state = { 0 }; struct digest d = { .ctx = &sha_state }; @@ -93,3 +88,25 @@ int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE); } + +void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len) +{ + uint32_t pbl_hash_len; + void *pbl_hash_start, *pbl_hash_end; + + if (IS_ENABLED(CONFIG_PBL_VERIFY_PIGGY)) { + pbl_hash_start = sha_sum; + pbl_hash_end = sha_sum_end; + pbl_hash_len = pbl_hash_end - pbl_hash_start; + if (pbl_barebox_verify(compressed_start, len, pbl_hash_start, + pbl_hash_len) != 0) { + putc_ll('!'); + panic("hash mismatch, refusing to decompress"); + } + } + + decompress((void *)compressed_start, + len, + NULL, NULL, + dest, NULL, errorfn); +} |