mirror of
https://github.com/u-boot/u-boot.git
synced 2024-11-26 05:34:30 +08:00
common: add support to fallback to plain SHA256
In case crypt-based hashing is enabled this will be the default mechanism that is used. If a user wants to have support for both, the environment variable `bootstopusesha256` can be set to `true` to allow plain SHA256 based hashing of the password. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
d199c3ab1c
commit
33198740ac
@ -835,6 +835,14 @@ config AUTOBOOT_ENCRYPTION
|
||||
This provides a way to ship a secure production device which can also
|
||||
be accessed at the U-Boot command line.
|
||||
|
||||
config AUTOBOOT_SHA256_FALLBACK
|
||||
bool "Allow fallback from crypt-hashed password to sha256"
|
||||
depends on AUTOBOOT_ENCRYPTION && CRYPT_PW
|
||||
help
|
||||
This option adds support to fall back from crypt-hashed
|
||||
passwords to checking a SHA256 hashed password in case the
|
||||
'bootstopusesha256' environment variable is set to 'true'.
|
||||
|
||||
config AUTOBOOT_DELAY_STR
|
||||
string "Delay autobooting via specific input key / string"
|
||||
depends on AUTOBOOT_KEYED && !AUTOBOOT_ENCRYPTION
|
||||
|
@ -306,6 +306,26 @@ static void flush_stdin(void)
|
||||
(void)getchar();
|
||||
}
|
||||
|
||||
/**
|
||||
* fallback_to_sha256() - check whether we should fall back to sha256
|
||||
* password checking
|
||||
*
|
||||
* This checks for the environment variable `bootstopusesha256` in case
|
||||
* sha256-fallback has been enabled via the config setting
|
||||
* `AUTOBOOT_SHA256_FALLBACK`.
|
||||
*
|
||||
* @return `false` if we must not fall-back, `true` if plain sha256 should be tried
|
||||
*/
|
||||
static bool fallback_to_sha256(void)
|
||||
{
|
||||
if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK))
|
||||
return env_get_yesno("bootstopusesha256") == 1;
|
||||
else if (IS_ENABLED(CONFIG_CRYPT_PW))
|
||||
return false;
|
||||
else
|
||||
return true;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
* Watch for 'delay' seconds for autoboot stop or autoboot delay string.
|
||||
* returns: 0 - no key string, allow autoboot 1 - got key string, abort
|
||||
@ -326,7 +346,7 @@ static int abortboot_key_sequence(int bootdelay)
|
||||
# endif
|
||||
|
||||
if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
|
||||
if (IS_ENABLED(CONFIG_CRYPT_PW))
|
||||
if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
|
||||
abort = passwd_abort_crypt(etime);
|
||||
else
|
||||
abort = passwd_abort_sha256(etime);
|
||||
|
Loading…
Reference in New Issue
Block a user