From 7c70e8e153012ca743ffb3b967bdb112fd6ecfd5 Mon Sep 17 00:00:00 2001 From: Ulrich Ölmann Date: Fri, 29 Apr 2016 19:17:59 +0200 Subject: bootstrap_read_devfs(): optionally inform the caller of the buffer size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The size of the buffer allocated in the function is needed if it shall be inspected more closely later. Therefore optionally return it via a new pointer argument. Signed-off-by: Ulrich Ölmann --- arch/arm/boards/tny-a926x/tny_a9263_bootstrap.c | 2 +- arch/arm/boards/usb-a926x/usb_a9263_bootstrap.c | 2 +- arch/arm/mach-at91/bootstrap.c | 2 +- arch/arm/mach-socfpga/xload.c | 2 +- include/bootstrap.h | 8 ++++---- lib/bootstrap/devfs.c | 11 +++++++---- 6 files changed, 15 insertions(+), 12 deletions(-) diff --git a/arch/arm/boards/tny-a926x/tny_a9263_bootstrap.c b/arch/arm/boards/tny-a926x/tny_a9263_bootstrap.c index 368c67744f..f26f1eaecb 100644 --- a/arch/arm/boards/tny-a926x/tny_a9263_bootstrap.c +++ b/arch/arm/boards/tny-a926x/tny_a9263_bootstrap.c @@ -11,6 +11,6 @@ #ifdef CONFIG_MTD_DATAFLASH void * bootstrap_board_read_dataflash(void) { - return bootstrap_read_devfs("dataflash0", false, 0xffc0, 204864, 204864); + return bootstrap_read_devfs("dataflash0", false, 0xffc0, 204864, 204864, NULL); } #endif diff --git a/arch/arm/boards/usb-a926x/usb_a9263_bootstrap.c b/arch/arm/boards/usb-a926x/usb_a9263_bootstrap.c index 368c67744f..f26f1eaecb 100644 --- a/arch/arm/boards/usb-a926x/usb_a9263_bootstrap.c +++ b/arch/arm/boards/usb-a926x/usb_a9263_bootstrap.c @@ -11,6 +11,6 @@ #ifdef CONFIG_MTD_DATAFLASH void * bootstrap_board_read_dataflash(void) { - return bootstrap_read_devfs("dataflash0", false, 0xffc0, 204864, 204864); + return bootstrap_read_devfs("dataflash0", false, 0xffc0, 204864, 204864, NULL); } #endif diff --git a/arch/arm/mach-at91/bootstrap.c b/arch/arm/mach-at91/bootstrap.c index 5d21b2d021..90b7b33fc9 100644 --- a/arch/arm/mach-at91/bootstrap.c +++ b/arch/arm/mach-at91/bootstrap.c @@ -78,7 +78,7 @@ static void at91bootstrap_boot_nand(bool is_barebox) kernel_entry_func func = NULL; printf("Boot %s from nand\n", name); - func = bootstrap_read_devfs("nand0", true, SZ_128K, SZ_256K, SZ_1M); + func = bootstrap_read_devfs("nand0", true, SZ_128K, SZ_256K, SZ_1M, NULL); bootstrap_boot(func, is_barebox); bootstrap_err("... failed\n"); free(func); diff --git a/arch/arm/mach-socfpga/xload.c b/arch/arm/mach-socfpga/xload.c index ee7d194427..8be2827e62 100644 --- a/arch/arm/mach-socfpga/xload.c +++ b/arch/arm/mach-socfpga/xload.c @@ -53,7 +53,7 @@ static __noreturn int socfpga_xload(void) socfpga_cyclone5_qspi_init(); for (part = barebox_parts; part->nor_size; part++) { buf = bootstrap_read_devfs("mtd0", false, - part->nor_offset, part->nor_size, SZ_1M); + part->nor_offset, part->nor_size, SZ_1M, NULL); if (!buf) { pr_info("failed to load barebox from QSPI NOR flash at offset %#x\n", part->nor_offset); diff --git a/include/bootstrap.h b/include/bootstrap.h index 05734a920c..8b3bb34a03 100644 --- a/include/bootstrap.h +++ b/include/bootstrap.h @@ -14,11 +14,11 @@ typedef void (*kernel_entry_func)(int zero, int arch, void *params); void bootstrap_boot(kernel_entry_func func, bool barebox); #ifdef CONFIG_BOOTSTRAP_DEVFS -void* bootstrap_read_devfs(const char *devname, bool use_bb, int offset, - int default_size, int max_size); +void* bootstrap_read_devfs(char *devname, bool use_bb, int offset, + int default_size, int max_size, size_t *bufsize); #else -static inline void* bootstrap_read_devfs(const char *devname, bool use_bb, int offset, - int default_size, int max_size) +static inline void* bootstrap_read_devfs(char *devname, bool use_bb, int offset, + int default_size, int max_size, size_t *bufsize) { return NULL; } diff --git a/lib/bootstrap/devfs.c b/lib/bootstrap/devfs.c index 6a3dd76cdd..6d28b1cb4d 100644 --- a/lib/bootstrap/devfs.c +++ b/lib/bootstrap/devfs.c @@ -80,8 +80,8 @@ static unsigned int get_image_size(void *head) } #endif -void* bootstrap_read_devfs(const char *devname, bool use_bb, int offset, - int default_size, int max_size) +void* bootstrap_read_devfs(char *devname, bool use_bb, int offset, + int default_size, int max_size, size_t *bufsize) { int ret; int size = 0; @@ -133,10 +133,13 @@ void* bootstrap_read_devfs(const char *devname, bool use_bb, int offset, ret = cdev_read(cdev, to, size, 0, 0); cdev_close(cdev); - if (ret != size) + if (ret != size) { bootstrap_err("%s: failed to read from %s\n", devname, partname); - else + } else { result = to; + if (bufsize) + *bufsize = size; + } free_memory: free(header); -- cgit v1.2.3 From c98507f40d39633e345230caa00f78c9065da845 Mon Sep 17 00:00:00 2001 From: Ulrich Ölmann Date: Fri, 29 Apr 2016 19:36:21 +0200 Subject: bootstrap_read_disk(): optionally inform the caller of the buffer size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The size of the buffer allocated in the function is needed if it shall be inspected more closely later. Therefore optionally return it via a new pointer argument. Signed-off-by: Ulrich Ölmann --- arch/arm/mach-at91/bootstrap.c | 2 +- arch/arm/mach-socfpga/xload.c | 2 +- include/bootstrap.h | 4 ++-- lib/bootstrap/disk.c | 5 ++++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-at91/bootstrap.c b/arch/arm/mach-at91/bootstrap.c index 90b7b33fc9..0b1567cd23 100644 --- a/arch/arm/mach-at91/bootstrap.c +++ b/arch/arm/mach-at91/bootstrap.c @@ -89,7 +89,7 @@ static void at91bootstrap_boot_mmc(void) kernel_entry_func func = NULL; printf("Boot from mmc\n"); - func = bootstrap_read_disk("disk0.0", NULL); + func = bootstrap_read_disk("disk0.0", NULL, NULL); bootstrap_boot(func, false); bootstrap_err("... failed\n"); free(func); diff --git a/arch/arm/mach-socfpga/xload.c b/arch/arm/mach-socfpga/xload.c index 8be2827e62..1131cfee41 100644 --- a/arch/arm/mach-socfpga/xload.c +++ b/arch/arm/mach-socfpga/xload.c @@ -37,7 +37,7 @@ static __noreturn int socfpga_xload(void) socfpga_cyclone5_mmc_init(); for (part = barebox_parts; part->mmc_disk; part++) { - buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat"); + buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", NULL); if (!buf) { pr_info("failed to load barebox from MMC %s\n", part->mmc_disk); diff --git a/include/bootstrap.h b/include/bootstrap.h index 8b3bb34a03..3e006d3cc9 100644 --- a/include/bootstrap.h +++ b/include/bootstrap.h @@ -25,9 +25,9 @@ static inline void* bootstrap_read_devfs(char *devname, bool use_bb, int offset, #endif #ifdef CONFIG_BOOTSTRAP_DISK -void* bootstrap_read_disk(const char *devname, const char *fstype); +void* bootstrap_read_disk(const char *devname, char *fstype, size_t *bufsize); #else -static inline void* bootstrap_read_disk(const char *devname, const char *fstype) +static inline void* bootstrap_read_disk(const char *devname, char *fstype, size_t *bufsize) { return NULL; } diff --git a/lib/bootstrap/disk.c b/lib/bootstrap/disk.c index fd016166e6..ed8b1aa407 100644 --- a/lib/bootstrap/disk.c +++ b/lib/bootstrap/disk.c @@ -14,7 +14,7 @@ #include #include -void* bootstrap_read_disk(const char *dev, const char *fstype) +void* bootstrap_read_disk(const char *dev, char *fstype, size_t *bufsize) { int ret; void *buf; @@ -34,5 +34,8 @@ void* bootstrap_read_disk(const char *dev, const char *fstype) return NULL; } + if (bufsize) + *bufsize = len; + return buf; } -- cgit v1.2.3 From 7a8def6214adf1bae8c34ab7807ea9953de7d579 Mon Sep 17 00:00:00 2001 From: Ulrich Ölmann Date: Wed, 20 Apr 2016 09:57:23 +0200 Subject: ARM: socfpga: xload: evaluate integrity of second stage barebox images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do not hand over control to a second stage barebox if its embedded CRC checksum is invalid. Signed-off-by: Ulrich Ölmann --- arch/arm/mach-socfpga/xload.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-socfpga/xload.c b/arch/arm/mach-socfpga/xload.c index 1131cfee41..5c611ac6e1 100644 --- a/arch/arm/mach-socfpga/xload.c +++ b/arch/arm/mach-socfpga/xload.c @@ -8,6 +8,8 @@ #include #include +#include + #include #include #include @@ -31,13 +33,14 @@ static __noreturn int socfpga_xload(void) enum bootsource bootsource = bootsource_get(); const struct socfpga_barebox_part *part; void *buf = NULL; + size_t bufsize; switch (bootsource) { case BOOTSOURCE_MMC: socfpga_cyclone5_mmc_init(); for (part = barebox_parts; part->mmc_disk; part++) { - buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", NULL); + buf = bootstrap_read_disk(barebox_parts->mmc_disk, "fat", &bufsize); if (!buf) { pr_info("failed to load barebox from MMC %s\n", part->mmc_disk); @@ -48,17 +51,35 @@ static __noreturn int socfpga_xload(void) pr_err("failed to load barebox.bin from MMC\n"); hang(); } + + if (IS_ENABLED(CONFIG_IMD)) + if (imd_verify_crc32(buf, bufsize) == -EILSEQ) { + pr_err("failed to verify barebox.bin loaded from eMMC\n"); + hang(); + } + break; case BOOTSOURCE_SPI: socfpga_cyclone5_qspi_init(); for (part = barebox_parts; part->nor_size; part++) { buf = bootstrap_read_devfs("mtd0", false, - part->nor_offset, part->nor_size, SZ_1M, NULL); + part->nor_offset, part->nor_size, SZ_1M, &bufsize); if (!buf) { pr_info("failed to load barebox from QSPI NOR flash at offset %#x\n", part->nor_offset); continue; } + + if (IS_ENABLED(CONFIG_IMD)) + if (imd_verify_crc32(buf, bufsize) == -EILSEQ) { + pr_err("failed to verify barebox loaded from " + "QSPI NOR flash at offset %#x\n", + part->nor_offset); + free(buf); + buf = NULL; + continue; + } + break; } -- cgit v1.2.3