Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@xxxxxxxxxxxx> --- commands/bootm.c | 2 +- common/boot_verify.c | 39 +++++++++++++++++++++++++++++++++------ common/bootm.c | 2 +- include/boot_verify.h | 15 ++++++++++++--- 4 files changed, 47 insertions(+), 11 deletions(-) diff --git a/commands/bootm.c b/commands/bootm.c index b35aaa914..cb520a1ba 100644 --- a/commands/bootm.c +++ b/commands/bootm.c @@ -64,7 +64,7 @@ static int do_bootm(int argc, char *argv[]) while ((opt = getopt(argc, argv, BOOTM_OPTS)) > 0) { switch(opt) { case 'c': - if (data.verify < BOOT_VERIFY_HASH) + if (data.verify > BOOT_VERIFY_HASH) data.verify = BOOT_VERIFY_HASH; break; case 's': diff --git a/common/boot_verify.c b/common/boot_verify.c index afe929e68..9cbeb7a65 100644 --- a/common/boot_verify.c +++ b/common/boot_verify.c @@ -11,22 +11,49 @@ enum boot_verify boot_get_verify_mode(void) return boot_verify_mode; } +/* keep it for the most secure to the less */ static const char * const boot_verify_names[] = { -#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES - [BOOT_VERIFY_NONE] = "none", - [BOOT_VERIFY_HASH] = "hash", - [BOOT_VERIFY_AVAILABLE] = "available", -#endif [BOOT_VERIFY_SIGNATURE] = "signature", + [BOOT_VERIFY_AVAILABLE] = "available", + [BOOT_VERIFY_HASH] = "hash", + [BOOT_VERIFY_NONE] = "none", }; +/* allow architecture to overwrite it such as EFI */ +static int default_is_secure_mode(void) +{ + if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES)) + return 1; + + return 0; +} + +static int (*__is_secure_mode)(void) = default_is_secure_mode; + +int is_secure_mode(void) +{ + return __is_secure_mode(); +} + +void boot_set_is_secure_mode(int (*fn)(void)) +{ + __is_secure_mode = fn; +} + static int init_boot_verify(void) { + int size; + if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES)) boot_verify_mode = BOOT_VERIFY_SIGNATURE; + if (is_secure_mode()) + size = 1; + else + size = ARRAY_SIZE(boot_verify_names); + globalvar_add_simple_enum("boot.verify", (unsigned int *)&boot_verify_mode, - boot_verify_names, ARRAY_SIZE(boot_verify_names)); + boot_verify_names, size); return 0; } diff --git a/common/bootm.c b/common/bootm.c index 74202a829..1558f3c5d 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -159,7 +159,7 @@ static int bootm_open_initrd_uimage(struct image_data *data) if (!data->initrd) return -EINVAL; - if (boot_get_verify_mode() > BOOT_VERIFY_NONE) { + if (boot_get_verify_mode() != BOOT_VERIFY_NONE) { ret = uimage_verify(data->initrd); if (ret) { printf("Checking data crc failed with %s\n", diff --git a/include/boot_verify.h b/include/boot_verify.h index 3a4436584..ee830bf5c 100644 --- a/include/boot_verify.h +++ b/include/boot_verify.h @@ -2,10 +2,10 @@ #define __BOOT_VERIFY_H__ enum boot_verify { - BOOT_VERIFY_NONE, - BOOT_VERIFY_HASH, - BOOT_VERIFY_AVAILABLE, BOOT_VERIFY_SIGNATURE, + BOOT_VERIFY_AVAILABLE, + BOOT_VERIFY_HASH, + BOOT_VERIFY_NONE, }; #ifndef CONFIG_BOOT_VERIFY @@ -13,8 +13,17 @@ static inline enum boot_verify boot_get_verify_mode(void) { return BOOT_VERIFY_NONE; } + +static int inline is_secure_mode(void) +{ + return 0; +} + +static void inline boot_set_is_secure_mode(int (*fn)(void)) {} #else enum boot_verify boot_get_verify_mode(void); +int is_secure_mode(void); +void boot_set_is_secure_mode(int (*fn)(void)); #endif #endif /* __BOOT_VERIFY_H__ */ -- 2.11.0 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox