From 1cf0d514db41bd3729c14253a62f33e74ef1a43e Mon Sep 17 00:00:00 2001
From: Sascha Hauer <s.hauer@pengutronix.de>
Date: Thu, 22 Aug 2019 09:56:23 +0200
Subject: pbl: Move piggy verification into pbl_barebox_uncompress()

piggy verification is a direct prerequisite of uncompressing the
piggydata, so move the verification there.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
 pbl/decomp.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'pbl')

diff --git a/pbl/decomp.c b/pbl/decomp.c
index ef713a6c74..1e0ef81ada 100644
--- a/pbl/decomp.c
+++ b/pbl/decomp.c
@@ -51,16 +51,11 @@ static void noinline errorfn(char *error)
 	while (1);
 }
 
-void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len)
-{
-	decompress((void *)compressed_start,
-			len,
-			NULL, NULL,
-			dest, NULL, errorfn);
-}
+extern unsigned char sha_sum[];
+extern unsigned char sha_sum_end[];
 
-int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
-		       unsigned int hash_len)
+static int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
+			      unsigned int hash_len)
 {
 	struct sha256_state sha_state = { 0 };
 	struct digest d = { .ctx = &sha_state };
@@ -93,3 +88,25 @@ int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
 
 	return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE);
 }
+
+void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len)
+{
+	uint32_t pbl_hash_len;
+	void *pbl_hash_start, *pbl_hash_end;
+
+	if (IS_ENABLED(CONFIG_PBL_VERIFY_PIGGY)) {
+		pbl_hash_start = sha_sum;
+		pbl_hash_end = sha_sum_end;
+		pbl_hash_len = pbl_hash_end - pbl_hash_start;
+		if (pbl_barebox_verify(compressed_start, len, pbl_hash_start,
+				       pbl_hash_len) != 0) {
+			putc_ll('!');
+			panic("hash mismatch, refusing to decompress");
+		}
+	}
+
+	decompress((void *)compressed_start,
+			len,
+			NULL, NULL,
+			dest, NULL, errorfn);
+}
-- 
cgit v1.2.3