From: Jan Luebbe <jlu@xxxxxxxxxxxxxx> Signed-off-by: Jan Luebbe <jlu@xxxxxxxxxxxxxx> Signed-off-by: Ulrich Ölmann <u.oelmann@xxxxxxxxxxxxxx> --- common/Kconfig | 9 ++++++ common/Makefile | 1 + common/barebox-image.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ include/common.h | 9 ++++++ 4 files changed, 104 insertions(+) create mode 100644 common/barebox-image.c diff --git a/common/Kconfig b/common/Kconfig index 928db0a159e1..bebbb614509d 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -580,6 +580,15 @@ config IMD_TARGET depends on IMD depends on !SANDBOX +config VERIFY_EMBEDDED_CRC + prompt "Verify the CRC checksum embedded into barebox images" + bool + select CRC32 + help + If you say Y here, the CRC checksum that is embedded into every + barebox image directly after the header can be verified to guarantee + the integrity of the image. + config KERNEL_INSTALL_TARGET bool depends on !SANDBOX diff --git a/common/Makefile b/common/Makefile index 99681e21215b..0106f0fe7bd9 100644 --- a/common/Makefile +++ b/common/Makefile @@ -48,6 +48,7 @@ obj-$(CONFIG_STATE) += state.o obj-$(CONFIG_RATP) += ratp.o obj-$(CONFIG_UIMAGE) += image.o uimage.o obj-$(CONFIG_FITIMAGE) += image-fit.o +obj-$(CONFIG_VERIFY_EMBEDDED_CRC) += barebox-image.o obj-$(CONFIG_MENUTREE) += menutree.o obj-$(CONFIG_EFI_GUID) += efi-guid.o obj-$(CONFIG_EFI_DEVICEPATH) += efi-devicepath.o diff --git a/common/barebox-image.c b/common/barebox-image.c new file mode 100644 index 000000000000..733d9ea2ecdf --- /dev/null +++ b/common/barebox-image.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2016 Pengutronix, Jan Luebbe <j.luebbe@xxxxxxxxxxxxxx> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +#include <common.h> +#include <io.h> +#include <filetype.h> + +static inline size_t get_barebox_head_size(const void *buf) +{ + if (is_barebox_arm_head(buf)) + return ARM_HEAD_SIZE; + else if (is_barebox_mips_head(buf)) + return MIPS_HEAD_SIZE; + + return 0; +} + +static inline size_t get_barebox_head_size_offset(const void *buf) +{ + if (is_barebox_arm_head(buf)) + return ARM_HEAD_SIZE_OFFSET; + else if (is_barebox_mips_head(buf)) + return MIPS_HEAD_SIZE_OFFSET; + + return 0; +} + +bool barebox_verify_image(void *buf, size_t bufsize) +{ + unsigned int *psize; + size_t head_size; + uint32_t crc = 0; + uint32_t *p; + + if (bufsize < ARM_HEAD_SIZE) { + pr_err("buffer is smaller than ARM_HEAD_SIZE\n"); + return false; + } + + head_size = get_barebox_head_size(buf); + if (!head_size) { + pr_err("image does not contain a barebox header\n"); + return false; + } + + psize = buf + get_barebox_head_size_offset(buf); + + if (bufsize < *psize) { + pr_err("buffer is too small for image\n"); + return false; + } + + if (*psize < head_size + 2 * sizeof(uint32_t)) { + pr_err("image is too small\n"); + return false; + } + + p = buf + head_size; + + if (strcmp((const char*) p, BAREBOX_CRC_MAGIC_VALUE)) { + pr_debug("image does not contain a checksum\n"); + return true; + } + + crc = crc32(crc, buf, head_size + sizeof(uint32_t)); + crc = crc32(crc, buf + head_size + 2 * sizeof(uint32_t), + *psize - (head_size + 2 * sizeof(uint32_t))); + crc = cpu_to_be32(crc); + + if (crc != *(p + 1)) { + pr_err("embedded checksum is faulty\n"); + return false; + } + + return true; +} diff --git a/include/common.h b/include/common.h index 680a0affb6bc..9200328c3e10 100644 --- a/include/common.h +++ b/include/common.h @@ -164,4 +164,13 @@ static inline bool region_overlap(unsigned long starta, unsigned long lena, return 1; } +#ifdef CONFIG_VERIFY_EMBEDDED_CRC +bool barebox_verify_image(void*, size_t); +#else +static inline bool barebox_verify_image(void *buf, size_t bufsize) +{ + return true; +} +#endif + #endif /* __COMMON_H_ */ -- 2.8.1 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox