Re: [PATCH 10/13] arm: uncompress: verify sha256 if enabled

Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> · Wed, 26 Jun 2019 09:52:05 +0200

On Wed, Jun 26, 2019 at 06:58:51AM +0200, Rouven Czerwinski wrote:
> Add piggydata verification before the ARM uncompress function.
> This calculates the sha256sum of the compressed barebox binary and only
> continues if the builtin sha256sum matches the calculated sha256sum.
> 
> Signed-off-by: Rouven Czerwinski <r.czerwinski@xxxxxxxxxxxxxx>
> ---
>  arch/arm/cpu/uncompress.c | 18 +++++++++++++++++-
>  1 file changed, 17 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/cpu/uncompress.c b/arch/arm/cpu/uncompress.c
> index e527165..ce5f2c1 100644
> --- a/arch/arm/cpu/uncompress.c
> +++ b/arch/arm/cpu/uncompress.c
> @@ -42,14 +42,18 @@ unsigned long free_mem_end_ptr;
>  extern unsigned char input_data[];
>  extern unsigned char input_data_end[];
>  
> +extern unsigned char sha_sum[];
> +extern unsigned char sha_sum_end[];
> +
>  void __noreturn barebox_multi_pbl_start(unsigned long membase,
>  		unsigned long memsize, void *boarddata)
>  {
> -	uint32_t pg_len, uncompressed_len;
> +	uint32_t pg_len, uncompressed_len, pbl_hash_len;
>  	void __noreturn (*barebox)(unsigned long, unsigned long, void *);
>  	unsigned long endmem = membase + memsize;
>  	unsigned long barebox_base;
>  	void *pg_start, *pg_end;
> +	void *pbl_hash_start, *pbl_hash_end;
>  	unsigned long pc = get_pc();
>  
>  	pg_start = input_data + global_variable_offset();
> @@ -92,6 +96,18 @@ void __noreturn barebox_multi_pbl_start(unsigned long membase,
>  	pr_debug("uncompressing barebox binary at 0x%p (size 0x%08x) to 0x%08lx (uncompressed size: 0x%08x)\n",
>  			pg_start, pg_len, barebox_base, uncompressed_len);
>  
> +	if (IS_ENABLED(CONFIG_PBL_VERIFY_PIGGY)) {
> +		pbl_hash_start = sha_sum + global_variable_offset();
> +		pbl_hash_end = sha_sum_end + global_variable_offset();
> +		pbl_hash_len = pbl_hash_end - pbl_hash_start;
> +		if (pbl_barebox_verify(pg_start, pg_len, pbl_hash_start,
> +				       pbl_hash_len) != 0) {
> +			putc_ll('!');
> +			pr_err("hash mismatch, refusing to decompress");
> +			panic("hash mismatch, refusing to decompress");

Isn't printing the string in panic() enough?

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox