summaryrefslogtreecommitdiffstats
path: root/pbl
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2019-08-22 09:56:23 +0200
committerSascha Hauer <s.hauer@pengutronix.de>2019-08-23 10:10:05 +0200
commit1cf0d514db41bd3729c14253a62f33e74ef1a43e (patch)
treef14cf66ac6e05745e5e36f55406d3e360e4b0d01 /pbl
parent5f04e5e03e941c8cae4f42f670abba847bfbcf9d (diff)
downloadbarebox-1cf0d514db41bd3729c14253a62f33e74ef1a43e.tar.gz
pbl: Move piggy verification into pbl_barebox_uncompress()
piggy verification is a direct prerequisite of uncompressing the piggydata, so move the verification there. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Diffstat (limited to 'pbl')
-rw-r--r--pbl/decomp.c35
1 files changed, 26 insertions, 9 deletions
diff --git a/pbl/decomp.c b/pbl/decomp.c
index ef713a6..1e0ef81 100644
--- a/pbl/decomp.c
+++ b/pbl/decomp.c
@@ -51,16 +51,11 @@ static void noinline errorfn(char *error)
while (1);
}
-void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len)
-{
- decompress((void *)compressed_start,
- len,
- NULL, NULL,
- dest, NULL, errorfn);
-}
+extern unsigned char sha_sum[];
+extern unsigned char sha_sum_end[];
-int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
- unsigned int hash_len)
+static int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
+ unsigned int hash_len)
{
struct sha256_state sha_state = { 0 };
struct digest d = { .ctx = &sha_state };
@@ -93,3 +88,25 @@ int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE);
}
+
+void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len)
+{
+ uint32_t pbl_hash_len;
+ void *pbl_hash_start, *pbl_hash_end;
+
+ if (IS_ENABLED(CONFIG_PBL_VERIFY_PIGGY)) {
+ pbl_hash_start = sha_sum;
+ pbl_hash_end = sha_sum_end;
+ pbl_hash_len = pbl_hash_end - pbl_hash_start;
+ if (pbl_barebox_verify(compressed_start, len, pbl_hash_start,
+ pbl_hash_len) != 0) {
+ putc_ll('!');
+ panic("hash mismatch, refusing to decompress");
+ }
+ }
+
+ decompress((void *)compressed_start,
+ len,
+ NULL, NULL,
+ dest, NULL, errorfn);
+}