summaryrefslogtreecommitdiffstats
path: root/pbl
diff options
context:
space:
mode:
authorRouven Czerwinski <r.czerwinski@pengutronix.de>2019-08-06 07:11:00 +0200
committerSascha Hauer <s.hauer@pengutronix.de>2019-08-07 09:42:15 +0200
commita3a1b708ee192d02603f615d08bfa934ed9464ea (patch)
tree220176daae30d784f6b86f56d663e8fd70406b59 /pbl
parent907a76d4eb2ad7e6850cc5fab1fa2cc8fb489aeb (diff)
downloadbarebox-a3a1b708ee192d02603f615d08bfa934ed9464ea.tar.gz
barebox-a3a1b708ee192d02603f615d08bfa934ed9464ea.tar.xz
pbl: add sha256 and piggy verification to PBL
Extract the necessary functions from sha256 into a PBL headder and add a verification function to the PBL. The function will be called before the individual architectures decompress functions is run. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'pbl')
-rw-r--r--pbl/Kconfig4
-rw-r--r--pbl/decomp.c39
2 files changed, 43 insertions, 0 deletions
diff --git a/pbl/Kconfig b/pbl/Kconfig
index f2250dd73b..7e6077f96d 100644
--- a/pbl/Kconfig
+++ b/pbl/Kconfig
@@ -44,6 +44,10 @@ config PBL_RELOCATABLE
This option only inflluences the PBL image. See RELOCATABLE to also make
the real image relocatable.
+config PBL_VERIFY_PIGGY
+ depends on ARM
+ bool
+
config IMAGE_COMPRESSION
bool
depends on HAVE_IMAGE_COMPRESSION
diff --git a/pbl/decomp.c b/pbl/decomp.c
index 72a162309a..ef713a6c74 100644
--- a/pbl/decomp.c
+++ b/pbl/decomp.c
@@ -6,6 +6,10 @@
*/
#include <common.h>
+#include <crypto/sha.h>
+#include <crypto/pbl-sha.h>
+#include <digest.h>
+#include <asm/sections.h>
#include <pbl.h>
#include <debug_ll.h>
@@ -54,3 +58,38 @@ void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len
NULL, NULL,
dest, NULL, errorfn);
}
+
+int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
+ unsigned int hash_len)
+{
+ struct sha256_state sha_state = { 0 };
+ struct digest d = { .ctx = &sha_state };
+ char computed_hash[SHA256_DIGEST_SIZE];
+ int i;
+ char *char_hash = hash;
+
+ if (hash_len != SHA256_DIGEST_SIZE)
+ return -1;
+
+ sha256_init(&d);
+ sha256_update(&d, compressed_start, len);
+ sha256_final(&d, computed_hash);
+ if (IS_ENABLED(CONFIG_DEBUG_LL)) {
+ putc_ll('C');
+ putc_ll('H');
+ putc_ll('\n');
+ for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
+ puthex_ll(computed_hash[i]);
+ putc_ll('\n');
+ }
+ putc_ll('I');
+ putc_ll('H');
+ putc_ll('\n');
+ for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
+ puthex_ll(char_hash[i]);
+ putc_ll('\n');
+ }
+ }
+
+ return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE);
+}