Am Montag, den 05.08.2019, 11:23 +0200 schrieb Rouven Czerwinski: > Extract the necessary functions from sha256 into a PBL headder and add a > verification function to the PBL. The function will be called before the > individual architectures decompress functions is run. > > > Signed-off-by: Rouven Czerwinski <r.czerwinski@xxxxxxxxxxxxxx> > --- > crypto/Makefile | 2 ++ > crypto/sha2.c | 11 +++++++---- > include/crypto/pbl-sha.h | 13 +++++++++++++ > include/pbl.h | 2 ++ > pbl/Kconfig | 9 +++++++++ > pbl/decomp.c | 39 +++++++++++++++++++++++++++++++++++++++ > 6 files changed, 72 insertions(+), 4 deletions(-) > create mode 100644 include/crypto/pbl-sha.h > > diff --git a/crypto/Makefile b/crypto/Makefile > index 3402f57..d6fb74a 100644 > --- a/crypto/Makefile > +++ b/crypto/Makefile > > @@ -8,6 +8,8 @@ obj-$(CONFIG_DIGEST_MD5_GENERIC) += md5.o > > obj-$(CONFIG_DIGEST_SHA1_GENERIC) += sha1.o > > obj-$(CONFIG_DIGEST_SHA224_GENERIC) += sha2.o > > obj-$(CONFIG_DIGEST_SHA256_GENERIC) += sha2.o > > +pbl-$(CONFIG_PBL_VERIFY_PIGGY) += sha2.o > > +pbl-$(CONFIG_PBL_VERIFY_PIGGY) += digest.o > > obj-$(CONFIG_DIGEST_SHA384_GENERIC) += sha4.o > > obj-$(CONFIG_DIGEST_SHA512_GENERIC) += sha4.o > > diff --git a/crypto/sha2.c b/crypto/sha2.c > index c62ddb8..3947a09 100644 > --- a/crypto/sha2.c > +++ b/crypto/sha2.c > @@ -27,6 +27,7 @@ > > #include <crypto/sha.h> > #include <crypto/internal.h> > +#include <crypto/pbl-sha.h> > > static inline u32 Ch(u32 x, u32 y, u32 z) > { > @@ -232,7 +233,7 @@ static int sha224_init(struct digest *desc) > > return 0; > } > > -static int sha256_init(struct digest *desc) > +int sha256_init(struct digest *desc) > { > > struct sha256_state *sctx = digest_ctx(desc); > > sctx->state[0] = SHA256_H0; > @@ -248,7 +249,7 @@ static int sha256_init(struct digest *desc) > > return 0; > } > > -static int sha256_update(struct digest *desc, const void *data, > +int sha256_update(struct digest *desc, const void *data, > > unsigned long len) > { > > struct sha256_state *sctx = digest_ctx(desc); > @@ -280,7 +281,7 @@ static int sha256_update(struct digest *desc, const void *data, > > return 0; > } > > -static int sha256_final(struct digest *desc, u8 *out) > +int sha256_final(struct digest *desc, u8 *out) > { > > struct sha256_state *sctx = digest_ctx(desc); > > __be32 *dst = (__be32 *)out; > @@ -348,7 +349,7 @@ static int sha224_digest_register(void) > } > device_initcall(sha224_digest_register); > > -static struct digest_algo m256 = { > +struct digest_algo m256 = { > > .base = { > > > > .name = "sha256", > > > > .driver_name = "sha256-generic", > @@ -365,6 +366,7 @@ static struct digest_algo m256 = { > > > .ctx_length = sizeof(struct sha256_state), > }; > > +#ifndef __PBL__ > static int sha256_digest_register(void) > { > > if (!IS_ENABLED(CONFIG_SHA256)) > @@ -373,3 +375,4 @@ static int sha256_digest_register(void) > > return digest_algo_register(&m256); > } > coredevice_initcall(sha256_digest_register); > +#endif /* __PBL__ */ > diff --git a/include/crypto/pbl-sha.h b/include/crypto/pbl-sha.h > new file mode 100644 > index 0000000..7d323ab > --- /dev/null > +++ b/include/crypto/pbl-sha.h > @@ -0,0 +1,13 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#ifndef __PBL_SHA_H_ > + > +#define __PBL_SHA_H_ > + > +#include <digest.h> > +#include <types.h> > + > +int sha256_init(struct digest *desc); > +int sha256_update(struct digest *desc, const void *data, unsigned long len); > +int sha256_final(struct digest *desc, u8 *out); > + > +#endif /* __PBL-SHA_H_ */ > diff --git a/include/pbl.h b/include/pbl.h > index 787bd82..1917a76 100644 > --- a/include/pbl.h > +++ b/include/pbl.h > @@ -11,6 +11,8 @@ extern unsigned long free_mem_ptr; > extern unsigned long free_mem_end_ptr; > > void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len); > +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, > > + unsigned int hash_len); > > #ifdef __PBL__ > > #define IN_PBL 1 > diff --git a/pbl/Kconfig b/pbl/Kconfig > index f2250dd..38f1003 100644 > --- a/pbl/Kconfig > +++ b/pbl/Kconfig > @@ -44,6 +44,15 @@ config PBL_RELOCATABLE > > This option only inflluences the PBL image. See RELOCATABLE to also make > > the real image relocatable. > > +config PBL_VERIFY_PIGGY > + depends on ARM Why? What exactly is ARM specific about this mechanism? > + bool "Verify piggydata" > > + help > > + Use a PBL builtin sha256sum to verify the piggydata before decompression. > > + WARNING: your board will not boot if a mismatch is detected, enable DEBUG_LL > > + to see the builtin and calculated hash. > + This effectively locks a given PBL to the matching main barebox. Does it make sense to have this as a user-visible option? We want this in a very specific use-case, in which case it's selected anyways, so the user can't break the security model via a wrong configuration. I don't see any use for piggydata verification outside of this use-case. Regards, Lucas > + > config IMAGE_COMPRESSION > > bool > > depends on HAVE_IMAGE_COMPRESSION > diff --git a/pbl/decomp.c b/pbl/decomp.c > index 72a1623..ef713a6 100644 > --- a/pbl/decomp.c > +++ b/pbl/decomp.c > @@ -6,6 +6,10 @@ > */ > > #include <common.h> > +#include <crypto/sha.h> > +#include <crypto/pbl-sha.h> > +#include <digest.h> > +#include <asm/sections.h> > #include <pbl.h> > #include <debug_ll.h> > > @@ -54,3 +58,38 @@ void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len > > NULL, NULL, > > dest, NULL, errorfn); > } > + > +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, > > + unsigned int hash_len) > +{ > > + struct sha256_state sha_state = { 0 }; > > + struct digest d = { .ctx = &sha_state }; > > + char computed_hash[SHA256_DIGEST_SIZE]; > > + int i; > > + char *char_hash = hash; > + > > + if (hash_len != SHA256_DIGEST_SIZE) > > + return -1; > + > > + sha256_init(&d); > > + sha256_update(&d, compressed_start, len); > > + sha256_final(&d, computed_hash); > > + if (IS_ENABLED(CONFIG_DEBUG_LL)) { > > + putc_ll('C'); > > + putc_ll('H'); > > + putc_ll('\n'); > > + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { > > + puthex_ll(computed_hash[i]); > > + putc_ll('\n'); > > + } > > + putc_ll('I'); > > + putc_ll('H'); > > + putc_ll('\n'); > > + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { > > + puthex_ll(char_hash[i]); > > + putc_ll('\n'); > > + } > > + } > + > > + return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE); > +} _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox