diff options
author | Rouven Czerwinski <r.czerwinski@pengutronix.de> | 2019-08-06 07:11:00 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-07 09:42:15 +0200 |
commit | a3a1b708ee192d02603f615d08bfa934ed9464ea (patch) | |
tree | 220176daae30d784f6b86f56d663e8fd70406b59 /pbl | |
parent | 907a76d4eb2ad7e6850cc5fab1fa2cc8fb489aeb (diff) | |
download | barebox-a3a1b708ee192d02603f615d08bfa934ed9464ea.tar.gz barebox-a3a1b708ee192d02603f615d08bfa934ed9464ea.tar.xz |
pbl: add sha256 and piggy verification to PBL
Extract the necessary functions from sha256 into a PBL headder and add a
verification function to the PBL. The function will be called before the
individual architectures decompress functions is run.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'pbl')
-rw-r--r-- | pbl/Kconfig | 4 | ||||
-rw-r--r-- | pbl/decomp.c | 39 |
2 files changed, 43 insertions, 0 deletions
diff --git a/pbl/Kconfig b/pbl/Kconfig index f2250dd73b..7e6077f96d 100644 --- a/pbl/Kconfig +++ b/pbl/Kconfig @@ -44,6 +44,10 @@ config PBL_RELOCATABLE This option only inflluences the PBL image. See RELOCATABLE to also make the real image relocatable. +config PBL_VERIFY_PIGGY + depends on ARM + bool + config IMAGE_COMPRESSION bool depends on HAVE_IMAGE_COMPRESSION diff --git a/pbl/decomp.c b/pbl/decomp.c index 72a162309a..ef713a6c74 100644 --- a/pbl/decomp.c +++ b/pbl/decomp.c @@ -6,6 +6,10 @@ */ #include <common.h> +#include <crypto/sha.h> +#include <crypto/pbl-sha.h> +#include <digest.h> +#include <asm/sections.h> #include <pbl.h> #include <debug_ll.h> @@ -54,3 +58,38 @@ void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len NULL, NULL, dest, NULL, errorfn); } + +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, + unsigned int hash_len) +{ + struct sha256_state sha_state = { 0 }; + struct digest d = { .ctx = &sha_state }; + char computed_hash[SHA256_DIGEST_SIZE]; + int i; + char *char_hash = hash; + + if (hash_len != SHA256_DIGEST_SIZE) + return -1; + + sha256_init(&d); + sha256_update(&d, compressed_start, len); + sha256_final(&d, computed_hash); + if (IS_ENABLED(CONFIG_DEBUG_LL)) { + putc_ll('C'); + putc_ll('H'); + putc_ll('\n'); + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { + puthex_ll(computed_hash[i]); + putc_ll('\n'); + } + putc_ll('I'); + putc_ll('H'); + putc_ll('\n'); + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { + puthex_ll(char_hash[i]); + putc_ll('\n'); + } + } + + return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE); +} |