[J-u-boot.git] / common / autoboot.c

// SPDX-License-Identifier: GPL-2.0+
/*
 * (C) Copyright 2000
 * Wolfgang Denk, DENX Software Engineering, [email protected].
 */

#include <config.h>
#include <autoboot.h>
#include <bootretry.h>
#include <cli.h>
#include <command.h>
#include <console.h>
#include <env.h>
#include <errno.h>
#include <fdtdec.h>
#include <hash.h>
#include <log.h>
#include <malloc.h>
#include <memalign.h>
#include <menu.h>
#include <post.h>
#include <time.h>
#include <asm/global_data.h>
#include <linux/delay.h>
#include <u-boot/sha256.h>
#include <bootcount.h>
#include <crypt.h>
#include <dm/ofnode.h>

DECLARE_GLOBAL_DATA_PTR;

#define DELAY_STOP_STR_MAX_LENGTH 64

#ifndef DEBUG_BOOTKEYS
#define DEBUG_BOOTKEYS 0
#endif
#define debug_bootkeys(fmt, args...)		\
	debug_cond(DEBUG_BOOTKEYS, fmt, ##args)

/* Stored value of bootdelay, used by autoboot_command() */
static int stored_bootdelay;
static int menukey;

#if defined(CONFIG_AUTOBOOT_STOP_STR_CRYPT)
#define AUTOBOOT_STOP_STR_CRYPT	CONFIG_AUTOBOOT_STOP_STR_CRYPT
#else
#define AUTOBOOT_STOP_STR_CRYPT	""
#endif
#if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
#define AUTOBOOT_STOP_STR_SHA256	CONFIG_AUTOBOOT_STOP_STR_SHA256
#else
#define AUTOBOOT_STOP_STR_SHA256	""
#endif

#ifdef CONFIG_AUTOBOOT_USE_MENUKEY
#define AUTOBOOT_MENUKEY CONFIG_AUTOBOOT_MENUKEY
#else
#define AUTOBOOT_MENUKEY 0
#endif

/**
 * passwd_abort_crypt() - check for a crypt-style hashed key sequence to abort booting
 *
 * This checks for the user entering a password within a given time.
 *
 * The entered password is hashed via one of the crypt-style hash methods
 * and compared to the pre-defined value from either
 *   the environment variable "bootstopkeycrypt"
 * or
 *   the config value CONFIG_AUTOBOOT_STOP_STR_CRYPT
 *
 * In case the config value CONFIG_AUTOBOOT_NEVER_TIMEOUT has been enabled
 * this function never times out if the user presses the <Enter> key
 * before starting to enter the password.
 *
 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
 * Return: 0 if autoboot should continue, 1 if it should stop
 */
static int passwd_abort_crypt(uint64_t etime)
{
	const char *crypt_env_str = env_get("bootstopkeycrypt");
	char presskey[DELAY_STOP_STR_MAX_LENGTH];
	u_int presskey_len = 0;
	int abort = 0;
	int never_timeout = 0;
	int err;

	if (IS_ENABLED(CONFIG_AUTOBOOT_STOP_STR_ENABLE) && !crypt_env_str)
		crypt_env_str = AUTOBOOT_STOP_STR_CRYPT;

	if (!crypt_env_str)
		return 0;

	/* We expect the stop-string to be newline-terminated */
	do {
		if (tstc()) {
			/* Check for input string overflow */
			if (presskey_len >= sizeof(presskey))
				return 0;

			presskey[presskey_len] = getchar();

			if ((presskey[presskey_len] == '\r') ||
			    (presskey[presskey_len] == '\n')) {
				if (IS_ENABLED(CONFIG_AUTOBOOT_NEVER_TIMEOUT) &&
				    !presskey_len) {
					never_timeout = 1;
					continue;
				}
				presskey[presskey_len] = '\0';
				err = crypt_compare(crypt_env_str, presskey,
						    &abort);
				if (err)
					debug_bootkeys(
						"crypt_compare() failed with: %s\n",
						errno_str(err));
				/* you had one chance */
				break;
			} else {
				presskey_len++;
			}
		}
		udelay(10000);
	} while (never_timeout || get_ticks() <= etime);

	return abort;
}

/*
 * Use a "constant-length" time compare function for this
 * hash compare:
 *
 * https://crackstation.net/hashing-security.htm
 */
static int slow_equals(u8 *a, u8 *b, int len)
{
	int diff = 0;
	int i;

	for (i = 0; i < len; i++)
		diff |= a[i] ^ b[i];

	return diff == 0;
}

/**
 * passwd_abort_sha256() - check for a hashed key sequence to abort booting
 *
 * This checks for the user entering a SHA256 hash within a given time.
 *
 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
 * Return: 0 if autoboot should continue, 1 if it should stop
 */
static int passwd_abort_sha256(uint64_t etime)
{
	const char *sha_env_str = env_get("bootstopkeysha256");
	u8 sha_env[SHA256_SUM_LEN];
	u8 *sha;
	char *presskey;
	char *c;
	const char *algo_name = "sha256";
	u_int presskey_len = 0;
	int abort = 0;
	int size = sizeof(sha);
	int ret;

	if (sha_env_str == NULL)
		sha_env_str = AUTOBOOT_STOP_STR_SHA256;

	presskey = malloc_cache_aligned(DELAY_STOP_STR_MAX_LENGTH);
	if (!presskey)
		return -ENOMEM;

	c = strstr(sha_env_str, ":");
	if (c && (c - sha_env_str < DELAY_STOP_STR_MAX_LENGTH)) {
		/* preload presskey with salt */
		memcpy(presskey, sha_env_str, c - sha_env_str);
		presskey_len = c - sha_env_str;
		sha_env_str = c + 1;
	}
	/*
	 * Generate the binary value from the environment hash value
	 * so that we can compare this value with the computed hash
	 * from the user input
	 */
	ret = hash_parse_string(algo_name, sha_env_str, sha_env);
	if (ret) {
		printf("Hash %s not supported!\n", algo_name);
		return 0;
	}

	sha = malloc_cache_aligned(SHA256_SUM_LEN);
	size = SHA256_SUM_LEN;
	/*
	 * We don't know how long the stop-string is, so we need to
	 * generate the sha256 hash upon each input character and
	 * compare the value with the one saved in the environment
	 */
	do {
		if (tstc()) {
			/* Check for input string overflow */
			if (presskey_len >= DELAY_STOP_STR_MAX_LENGTH) {
				free(presskey);
				free(sha);
				return 0;
			}

			presskey[presskey_len++] = getchar();

			/* Calculate sha256 upon each new char */
			hash_block(algo_name, (const void *)presskey,
				   presskey_len, sha, &size);

			/* And check if sha matches saved value in env */
			if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
				abort = 1;
		}
		udelay(10000);
	} while (!abort && get_ticks() <= etime);

	free(presskey);
	free(sha);
	return abort;
}

/**
 * passwd_abort_key() - check for a key sequence to aborted booting
 *
 * This checks for the user entering a string within a given time.
 *
 * @etime: Timeout value ticks (stop when get_ticks() reachs this)
 * Return: 0 if autoboot should continue, 1 if it should stop
 */
static int passwd_abort_key(uint64_t etime)
{
	int abort = 0;
	struct {
		char *str;
		u_int len;
		int retry;
	}
	delaykey[] = {
		{ .str = env_get("bootdelaykey"),  .retry = 1 },
		{ .str = env_get("bootstopkey"),   .retry = 0 },
	};

	char presskey[DELAY_STOP_STR_MAX_LENGTH];
	int presskey_len = 0;
	int presskey_max = 0;
	int i;

#  ifdef CONFIG_AUTOBOOT_DELAY_STR
	if (delaykey[0].str == NULL)
		delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
#  endif
#  ifdef CONFIG_AUTOBOOT_STOP_STR
	if (delaykey[1].str == NULL)
		delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
#  endif

	for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
		delaykey[i].len = delaykey[i].str == NULL ?
				    0 : strlen(delaykey[i].str);
		delaykey[i].len = delaykey[i].len > DELAY_STOP_STR_MAX_LENGTH ?
				    DELAY_STOP_STR_MAX_LENGTH : delaykey[i].len;

		presskey_max = presskey_max > delaykey[i].len ?
				    presskey_max : delaykey[i].len;

		debug_bootkeys("%s key:<%s>\n",
			       delaykey[i].retry ? "delay" : "stop",
			       delaykey[i].str ? delaykey[i].str : "NULL");
	}

	/* In order to keep up with incoming data, check timeout only
	 * when catch up.
	 */
	do {
		if (tstc()) {
			if (presskey_len < presskey_max) {
				presskey[presskey_len++] = getchar();
			} else {
				for (i = 0; i < presskey_max - 1; i++)
					presskey[i] = presskey[i + 1];

				presskey[i] = getchar();
			}
		}

		for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
			if (delaykey[i].len > 0 &&
			    presskey_len >= delaykey[i].len &&
				memcmp(presskey + presskey_len -
					delaykey[i].len, delaykey[i].str,
					delaykey[i].len) == 0) {
					debug_bootkeys("got %skey\n",
						delaykey[i].retry ? "delay" :
						"stop");

				/* don't retry auto boot */
				if (!delaykey[i].retry)
					bootretry_dont_retry();
				abort = 1;
			}
		}
		udelay(10000);
	} while (!abort && get_ticks() <= etime);

	return abort;
}

/**
 * flush_stdin() - drops all pending characters from stdin
 */
static void flush_stdin(void)
{
	while (tstc())
		(void)getchar();
}

/**
 * fallback_to_sha256() - check whether we should fall back to sha256
 *                        password checking
 *
 * This checks for the environment variable `bootstopusesha256` in case
 * sha256-fallback has been enabled via the config setting
 * `AUTOBOOT_SHA256_FALLBACK`.
 *
 * Return: `false` if we must not fall-back, `true` if plain sha256 should be tried
 */
static bool fallback_to_sha256(void)
{
	if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK))
		return env_get_yesno("bootstopusesha256") == 1;
	else if (IS_ENABLED(CONFIG_CRYPT_PW))
		return false;
	else
		return true;
}

/***************************************************************************
 * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
 * returns: 0 -  no key string, allow autoboot 1 - got key string, abort
 */
static int abortboot_key_sequence(int bootdelay)
{
	int abort;
	uint64_t etime = endtick(bootdelay);

	if (IS_ENABLED(CONFIG_AUTOBOOT_FLUSH_STDIN))
		flush_stdin();
#  ifdef CONFIG_AUTOBOOT_PROMPT
	/*
	 * CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
	 * To print the bootdelay value upon bootup.
	 */
	printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
#  endif

	if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
		if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
			abort = passwd_abort_crypt(etime);
		else
			abort = passwd_abort_sha256(etime);
	} else {
		abort = passwd_abort_key(etime);
	}
	if (!abort)
		debug_bootkeys("key timeout\n");

	return abort;
}

static int abortboot_single_key(int bootdelay)
{
	int abort = 0;
	unsigned long ts;

	printf("Hit any key to stop autoboot: %2d ", bootdelay);

	/*
	 * Check if key already pressed
	 */
	if (tstc()) {	/* we got a key press	*/
		getchar();	/* consume input	*/
		puts("\b\b\b 0");
		abort = 1;	/* don't auto boot	*/
	}

	while ((bootdelay > 0) && (!abort)) {
		--bootdelay;
		/* delay 1000 ms */
		ts = get_timer(0);
		do {
			if (tstc()) {	/* we got a key press	*/
				int key;

				abort  = 1;	/* don't auto boot	*/
				bootdelay = 0;	/* no more delay	*/
				key = getchar();/* consume input	*/
				if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY))
					menukey = key;
				break;
			}
			udelay(10000);
		} while (!abort && get_timer(ts) < 1000);

		printf("\b\b\b%2d ", bootdelay);
	}

	putc('\n');

	return abort;
}

static int abortboot(int bootdelay)
{
	int abort = 0;

	if (bootdelay >= 0) {
		if (autoboot_keyed())
			abort = abortboot_key_sequence(bootdelay);
		else
			abort = abortboot_single_key(bootdelay);
	}

	if (IS_ENABLED(CONFIG_SILENT_CONSOLE) && abort)
		gd->flags &= ~GD_FLG_SILENT;

	return abort;
}

static void process_fdt_options(void)
{
#ifdef CONFIG_TEXT_BASE
	ulong addr;

	/* Add an env variable to point to a kernel payload, if available */
	addr = ofnode_conf_read_int("kernel-offset", 0);
	if (addr)
		env_set_addr("kernaddr", (void *)(CONFIG_TEXT_BASE + addr));

	/* Add an env variable to point to a root disk, if available */
	addr = ofnode_conf_read_int("rootdisk-offset", 0);
	if (addr)
		env_set_addr("rootaddr", (void *)(CONFIG_TEXT_BASE + addr));
#endif /* CONFIG_TEXT_BASE */
}

const char *bootdelay_process(void)
{
	char *s;
	int bootdelay;

	bootcount_inc();

	s = env_get("bootdelay");
	bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY;

	/*
	 * Does it really make sense that the devicetree overrides the user
	 * setting? It is possibly helpful for security since the device tree
	 * may be signed whereas the environment is often loaded from storage.
	 */
	if (IS_ENABLED(CONFIG_OF_CONTROL))
		bootdelay = ofnode_conf_read_int("bootdelay", bootdelay);

	debug("### main_loop entered: bootdelay=%d\n\n", bootdelay);

	if (IS_ENABLED(CONFIG_AUTOBOOT_MENU_SHOW))
		bootdelay = menu_show(bootdelay);
	bootretry_init_cmd_timeout();

#ifdef CONFIG_POST
	if (gd->flags & GD_FLG_POSTFAIL) {
		s = env_get("failbootcmd");
	} else
#endif /* CONFIG_POST */
	if (bootcount_error())
		s = env_get("altbootcmd");
	else
		s = env_get("bootcmd");

	if (IS_ENABLED(CONFIG_OF_CONTROL))
		process_fdt_options();
	stored_bootdelay = bootdelay;

	return s;
}

void autoboot_command(const char *s)
{
	debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");

	if (s && (stored_bootdelay == -2 ||
		 (stored_bootdelay != -1 && !abortboot(stored_bootdelay)))) {
		bool lock;
		int prev;

		lock = autoboot_keyed() &&
			!IS_ENABLED(CONFIG_AUTOBOOT_KEYED_CTRLC);
		if (lock)
			prev = disable_ctrlc(1); /* disable Ctrl-C checking */

		run_command_list(s, -1, 0);

		if (lock)
			disable_ctrlc(prev);	/* restore Ctrl-C checking */
	}

	if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY) &&
	    menukey == AUTOBOOT_MENUKEY) {
		s = env_get("menucmd");
		if (s)
			run_command_list(s, -1, 0);
	}
}
Commit	Line	Data
83d290c5	1	// SPDX-License-Identifier: GPL-2.0+
66ded17d SG	2	/*
	3	* (C) Copyright 2000
	4	* Wolfgang Denk, DENX Software Engineering, [email protected].
66ded17d SG	5	*/
66ded17d SG	6
03de305e	7	#include <config.h>
39e1230e	8	#include <autoboot.h>
0098e179	9	#include <bootretry.h>
66ded17d	10	#include <cli.h>
288b29e4	11	#include <command.h>
24b852a7	12	#include <console.h>
c7694dd4	13	#include <env.h>
03de305e	14	#include <errno.h>
66ded17d	15	#include <fdtdec.h>
e8c78056	16	#include <hash.h>
f7ae49fc	17	#include <log.h>
336d4615	18	#include <malloc.h>
ecaae801	19	#include <memalign.h>
66ded17d SG	20	#include <menu.h>
66ded17d SG	21	#include <post.h>
1045315d	22	#include <time.h>
401d1c4f	23	#include <asm/global_data.h>
c05ed00a	24	#include <linux/delay.h>
8f0b1e24	25	#include <u-boot/sha256.h>
bc8c440f	26	#include <bootcount.h>
1a4a7786	27	#include <crypt.h>
7de8bd03	28	#include <dm/ofnode.h>
66ded17d SG	29
	30	DECLARE_GLOBAL_DATA_PTR;
	31
1b2d6803	32	#define DELAY_STOP_STR_MAX_LENGTH 64
66ded17d SG	33
	34	#ifndef DEBUG_BOOTKEYS
	35	#define DEBUG_BOOTKEYS 0
	36	#endif
	37	#define debug_bootkeys(fmt, args...) \
	38	debug_cond(DEBUG_BOOTKEYS, fmt, ##args)
	39
affb2156 SG	40	/* Stored value of bootdelay, used by autoboot_command() */
affb2156 SG	41	static int stored_bootdelay;
d915ad27	42	static int menukey;
affb2156	43
d35e44fb TR	44	#if defined(CONFIG_AUTOBOOT_STOP_STR_CRYPT)
	45	#define AUTOBOOT_STOP_STR_CRYPT CONFIG_AUTOBOOT_STOP_STR_CRYPT
	46	#else
	47	#define AUTOBOOT_STOP_STR_CRYPT ""
1a4a7786	48	#endif
d35e44fb TR	49	#if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
	50	#define AUTOBOOT_STOP_STR_SHA256 CONFIG_AUTOBOOT_STOP_STR_SHA256
	51	#else
	52	#define AUTOBOOT_STOP_STR_SHA256 ""
0c4bd318 SG	53	#endif
0c4bd318 SG	54
5a87df83	55	#ifdef CONFIG_AUTOBOOT_USE_MENUKEY
760d2f9e	56	#define AUTOBOOT_MENUKEY CONFIG_AUTOBOOT_MENUKEY
d915ad27 SG	57	#else
	58	#define AUTOBOOT_MENUKEY 0
	59	#endif
	60
1a4a7786 SJ	61	/**
	62	* passwd_abort_crypt() - check for a crypt-style hashed key sequence to abort booting
	63	*
	64	* This checks for the user entering a password within a given time.
	65	*
	66	* The entered password is hashed via one of the crypt-style hash methods
	67	* and compared to the pre-defined value from either
	68	* the environment variable "bootstopkeycrypt"
	69	* or
	70	* the config value CONFIG_AUTOBOOT_STOP_STR_CRYPT
	71	*
6c0ce6d3 SJ	72	* In case the config value CONFIG_AUTOBOOT_NEVER_TIMEOUT has been enabled
	73	* this function never times out if the user presses the <Enter> key
	74	* before starting to enter the password.
	75	*
1a4a7786	76	* @etime: Timeout value ticks (stop when get_ticks() reachs this)
185f812c	77	* Return: 0 if autoboot should continue, 1 if it should stop
1a4a7786 SJ	78	*/
	79	static int passwd_abort_crypt(uint64_t etime)
	80	{
	81	const char *crypt_env_str = env_get("bootstopkeycrypt");
1b2d6803	82	char presskey[DELAY_STOP_STR_MAX_LENGTH];
1a4a7786 SJ	83	u_int presskey_len = 0;
1a4a7786 SJ	84	int abort = 0;
6c0ce6d3	85	int never_timeout = 0;
1a4a7786 SJ	86	int err;
	87
	88	if (IS_ENABLED(CONFIG_AUTOBOOT_STOP_STR_ENABLE) && !crypt_env_str)
d35e44fb	89	crypt_env_str = AUTOBOOT_STOP_STR_CRYPT;
1a4a7786 SJ	90
	91	if (!crypt_env_str)
	92	return 0;
	93
	94	/* We expect the stop-string to be newline-terminated */
	95	do {
	96	if (tstc()) {
	97	/* Check for input string overflow */
	98	if (presskey_len >= sizeof(presskey))
	99	return 0;
	100
	101	presskey[presskey_len] = getchar();
	102
	103	if ((presskey[presskey_len] == '\r') \|\|
	104	(presskey[presskey_len] == '\n')) {
6c0ce6d3 SJ	105	if (IS_ENABLED(CONFIG_AUTOBOOT_NEVER_TIMEOUT) &&
	106	!presskey_len) {
	107	never_timeout = 1;
	108	continue;
	109	}
1a4a7786 SJ	110	presskey[presskey_len] = '\0';
	111	err = crypt_compare(crypt_env_str, presskey,
	112	&abort);
	113	if (err)
	114	debug_bootkeys(
	115	"crypt_compare() failed with: %s\n",
	116	errno_str(err));
	117	/* you had one chance */
	118	break;
	119	} else {
	120	presskey_len++;
	121	}
	122	}
c11cedc8	123	udelay(10000);
6c0ce6d3	124	} while (never_timeout \|\| get_ticks() <= etime);
1a4a7786 SJ	125
	126	return abort;
	127	}
	128
8f0b1e24 SR	129	/*
	130	* Use a "constant-length" time compare function for this
	131	* hash compare:
	132	*
	133	* https://crackstation.net/hashing-security.htm
66ded17d	134	*/
8f0b1e24 SR	135	static int slow_equals(u8 a, u8 b, int len)
	136	{
	137	int diff = 0;
	138	int i;
	139
	140	for (i = 0; i < len; i++)
	141	diff \|= a[i] ^ b[i];
	142
	143	return diff == 0;
	144	}
	145
88fa4beb SG	146	/**
	147	* passwd_abort_sha256() - check for a hashed key sequence to abort booting
	148	*
	149	* This checks for the user entering a SHA256 hash within a given time.
	150	*
	151	* @etime: Timeout value ticks (stop when get_ticks() reachs this)
185f812c	152	* Return: 0 if autoboot should continue, 1 if it should stop
88fa4beb	153	*/
e8c78056	154	static int passwd_abort_sha256(uint64_t etime)
8f0b1e24	155	{
00caae6d	156	const char *sha_env_str = env_get("bootstopkeysha256");
8f0b1e24	157	u8 sha_env[SHA256_SUM_LEN];
ecaae801 HS	158	u8 *sha;
ecaae801 HS	159	char *presskey;
652b504f	160	char *c;
8f0b1e24 SR	161	const char *algo_name = "sha256";
	162	u_int presskey_len = 0;
	163	int abort = 0;
2d06fd83	164	int size = sizeof(sha);
8f0b1e24 SR	165	int ret;
	166
	167	if (sha_env_str == NULL)
d35e44fb	168	sha_env_str = AUTOBOOT_STOP_STR_SHA256;
8f0b1e24	169
1b2d6803	170	presskey = malloc_cache_aligned(DELAY_STOP_STR_MAX_LENGTH);
606867c8 MM	171	if (!presskey)
	172	return -ENOMEM;
	173
652b504f	174	c = strstr(sha_env_str, ":");
1b2d6803	175	if (c && (c - sha_env_str < DELAY_STOP_STR_MAX_LENGTH)) {
652b504f JP	176	/* preload presskey with salt */
	177	memcpy(presskey, sha_env_str, c - sha_env_str);
	178	presskey_len = c - sha_env_str;
	179	sha_env_str = c + 1;
	180	}
8f0b1e24 SR	181	/*
	182	* Generate the binary value from the environment hash value
	183	* so that we can compare this value with the computed hash
	184	* from the user input
	185	*/
	186	ret = hash_parse_string(algo_name, sha_env_str, sha_env);
	187	if (ret) {
	188	printf("Hash %s not supported!\n", algo_name);
	189	return 0;
	190	}
	191
ecaae801 HS	192	sha = malloc_cache_aligned(SHA256_SUM_LEN);
ecaae801 HS	193	size = SHA256_SUM_LEN;
8f0b1e24 SR	194	/*
	195	* We don't know how long the stop-string is, so we need to
	196	* generate the sha256 hash upon each input character and
	197	* compare the value with the one saved in the environment
	198	*/
	199	do {
	200	if (tstc()) {
	201	/* Check for input string overflow */
1b2d6803	202	if (presskey_len >= DELAY_STOP_STR_MAX_LENGTH) {
ecaae801 HS	203	free(presskey);
ecaae801 HS	204	free(sha);
8f0b1e24	205	return 0;
ecaae801	206	}
8f0b1e24	207
c670aeee	208	presskey[presskey_len++] = getchar();
8f0b1e24 SR	209
	210	/* Calculate sha256 upon each new char */
	211	hash_block(algo_name, (const void *)presskey,
	212	presskey_len, sha, &size);
	213
	214	/* And check if sha matches saved value in env */
	215	if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
	216	abort = 1;
	217	}
c11cedc8	218	udelay(10000);
8f0b1e24 SR	219	} while (!abort && get_ticks() <= etime);
8f0b1e24 SR	220
ecaae801 HS	221	free(presskey);
ecaae801 HS	222	free(sha);
8f0b1e24 SR	223	return abort;
8f0b1e24 SR	224	}
e8c78056	225
88fa4beb SG	226	/**
	227	* passwd_abort_key() - check for a key sequence to aborted booting
	228	*
	229	* This checks for the user entering a string within a given time.
	230	*
	231	* @etime: Timeout value ticks (stop when get_ticks() reachs this)
185f812c	232	* Return: 0 if autoboot should continue, 1 if it should stop
88fa4beb	233	*/
e8c78056	234	static int passwd_abort_key(uint64_t etime)
66ded17d SG	235	{
66ded17d SG	236	int abort = 0;
66ded17d SG	237	struct {
	238	char *str;
	239	u_int len;
	240	int retry;
	241	}
	242	delaykey[] = {
00caae6d SG	243	{ .str = env_get("bootdelaykey"), .retry = 1 },
00caae6d SG	244	{ .str = env_get("bootstopkey"), .retry = 0 },
66ded17d SG	245	};
66ded17d SG	246
1b2d6803	247	char presskey[DELAY_STOP_STR_MAX_LENGTH];
e088f0c3 YM	248	int presskey_len = 0;
	249	int presskey_max = 0;
	250	int i;
66ded17d	251
66ded17d SG	252	# ifdef CONFIG_AUTOBOOT_DELAY_STR
	253	if (delaykey[0].str == NULL)
	254	delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
	255	# endif
66ded17d	256	# ifdef CONFIG_AUTOBOOT_STOP_STR
2d908fa0 SR	257	if (delaykey[1].str == NULL)
2d908fa0 SR	258	delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
66ded17d SG	259	# endif
	260
	261	for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
	262	delaykey[i].len = delaykey[i].str == NULL ?
	263	0 : strlen(delaykey[i].str);
1b2d6803 SJ	264	delaykey[i].len = delaykey[i].len > DELAY_STOP_STR_MAX_LENGTH ?
1b2d6803 SJ	265	DELAY_STOP_STR_MAX_LENGTH : delaykey[i].len;
66ded17d SG	266
	267	presskey_max = presskey_max > delaykey[i].len ?
	268	presskey_max : delaykey[i].len;
	269
	270	debug_bootkeys("%s key:<%s>\n",
	271	delaykey[i].retry ? "delay" : "stop",
	272	delaykey[i].str ? delaykey[i].str : "NULL");
	273	}
	274
	275	/* In order to keep up with incoming data, check timeout only
	276	* when catch up.
	277	*/
	278	do {
	279	if (tstc()) {
	280	if (presskey_len < presskey_max) {
c670aeee	281	presskey[presskey_len++] = getchar();
66ded17d SG	282	} else {
	283	for (i = 0; i < presskey_max - 1; i++)
	284	presskey[i] = presskey[i + 1];
	285
c670aeee	286	presskey[i] = getchar();
66ded17d SG	287	}
	288	}
	289
	290	for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
	291	if (delaykey[i].len > 0 &&
	292	presskey_len >= delaykey[i].len &&
	293	memcmp(presskey + presskey_len -
	294	delaykey[i].len, delaykey[i].str,
	295	delaykey[i].len) == 0) {
	296	debug_bootkeys("got %skey\n",
	297	delaykey[i].retry ? "delay" :
	298	"stop");
	299
66ded17d SG	300	/* don't retry auto boot */
	301	if (!delaykey[i].retry)
	302	bootretry_dont_retry();
66ded17d SG	303	abort = 1;
	304	}
	305	}
c11cedc8	306	udelay(10000);
66ded17d SG	307	} while (!abort && get_ticks() <= etime);
66ded17d SG	308
8f0b1e24 SR	309	return abort;
8f0b1e24 SR	310	}
8f0b1e24	311
d199c3ab SJ	312	/**
	313	* flush_stdin() - drops all pending characters from stdin
	314	*/
	315	static void flush_stdin(void)
	316	{
	317	while (tstc())
	318	(void)getchar();
	319	}
	320
33198740 SJ	321	/**
	322	* fallback_to_sha256() - check whether we should fall back to sha256
	323	* password checking
	324	*
	325	* This checks for the environment variable `bootstopusesha256` in case
	326	* sha256-fallback has been enabled via the config setting
	327	* `AUTOBOOT_SHA256_FALLBACK`.
	328	*
185f812c	329	* Return: `false` if we must not fall-back, `true` if plain sha256 should be tried
33198740 SJ	330	*/
	331	static bool fallback_to_sha256(void)
	332	{
	333	if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK))
	334	return env_get_yesno("bootstopusesha256") == 1;
	335	else if (IS_ENABLED(CONFIG_CRYPT_PW))
	336	return false;
	337	else
	338	return true;
	339	}
	340
8f0b1e24 SR	341	/***************************************************************************
	342	* Watch for 'delay' seconds for autoboot stop or autoboot delay string.
	343	* returns: 0 - no key string, allow autoboot 1 - got key string, abort
	344	*/
e79e4b25	345	static int abortboot_key_sequence(int bootdelay)
8f0b1e24 SR	346	{
	347	int abort;
	348	uint64_t etime = endtick(bootdelay);
	349
d199c3ab SJ	350	if (IS_ENABLED(CONFIG_AUTOBOOT_FLUSH_STDIN))
d199c3ab SJ	351	flush_stdin();
8f0b1e24 SR	352	# ifdef CONFIG_AUTOBOOT_PROMPT
	353	/*
	354	* CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
	355	* To print the bootdelay value upon bootup.
	356	*/
	357	printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
	358	# endif
	359
1a4a7786	360	if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
33198740	361	if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
1a4a7786 SJ	362	abort = passwd_abort_crypt(etime);
	363	else
	364	abort = passwd_abort_sha256(etime);
	365	} else {
e8c78056	366	abort = passwd_abort_key(etime);
1a4a7786	367	}
66ded17d SG	368	if (!abort)
	369	debug_bootkeys("key timeout\n");
	370
66ded17d SG	371	return abort;
	372	}
	373
e79e4b25	374	static int abortboot_single_key(int bootdelay)
66ded17d SG	375	{
	376	int abort = 0;
	377	unsigned long ts;
	378
46327392	379	printf("Hit any key to stop autoboot: %2d ", bootdelay);
66ded17d	380
66ded17d SG	381	/*
66ded17d SG	382	* Check if key already pressed
66ded17d	383	*/
46327392	384	if (tstc()) { /* we got a key press */
c670aeee	385	getchar(); /* consume input */
46327392 MY	386	puts("\b\b\b 0");
46327392 MY	387	abort = 1; /* don't auto boot */
66ded17d	388	}
66ded17d SG	389
	390	while ((bootdelay > 0) && (!abort)) {
	391	--bootdelay;
	392	/* delay 1000 ms */
	393	ts = get_timer(0);
	394	do {
	395	if (tstc()) { /* we got a key press */
d915ad27 SG	396	int key;
d915ad27 SG	397
66ded17d SG	398	abort = 1; /* don't auto boot */
66ded17d SG	399	bootdelay = 0; /* no more delay */
c670aeee	400	key = getchar();/* consume input */
5a87df83	401	if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY))
d915ad27	402	menukey = key;
66ded17d SG	403	break;
	404	}
	405	udelay(10000);
	406	} while (!abort && get_timer(ts) < 1000);
	407
	408	printf("\b\b\b%2d ", bootdelay);
	409	}
	410
	411	putc('\n');
	412
66ded17d SG	413	return abort;
66ded17d SG	414	}
66ded17d SG	415
	416	static int abortboot(int bootdelay)
	417	{
46327392	418	int abort = 0;
09b9d9e5	419
e79e4b25	420	if (bootdelay >= 0) {
cb897009	421	if (autoboot_keyed())
e79e4b25 SG	422	abort = abortboot_key_sequence(bootdelay);
	423	else
	424	abort = abortboot_single_key(bootdelay);
	425	}
09b9d9e5	426
42b4d14e	427	if (IS_ENABLED(CONFIG_SILENT_CONSOLE) && abort)
09b9d9e5	428	gd->flags &= ~GD_FLG_SILENT;
09b9d9e5 MY	429
09b9d9e5 MY	430	return abort;
66ded17d SG	431	}
66ded17d SG	432
c9c42ad2	433	static void process_fdt_options(void)
66ded17d	434	{
98463903	435	#ifdef CONFIG_TEXT_BASE
66ded17d SG	436	ulong addr;
	437
	438	/* Add an env variable to point to a kernel payload, if available */
7de8bd03	439	addr = ofnode_conf_read_int("kernel-offset", 0);
66ded17d	440	if (addr)
98463903	441	env_set_addr("kernaddr", (void *)(CONFIG_TEXT_BASE + addr));
66ded17d SG	442
66ded17d SG	443	/* Add an env variable to point to a root disk, if available */
7de8bd03	444	addr = ofnode_conf_read_int("rootdisk-offset", 0);
66ded17d	445	if (addr)
98463903 SG	446	env_set_addr("rootaddr", (void *)(CONFIG_TEXT_BASE + addr));
98463903 SG	447	#endif /* CONFIG_TEXT_BASE */
affb2156	448	}
66ded17d	449
affb2156	450	const char *bootdelay_process(void)
66ded17d	451	{
66ded17d SG	452	char *s;
66ded17d SG	453	int bootdelay;
bc8c440f LM	454
bc8c440f LM	455	bootcount_inc();
66ded17d	456
00caae6d	457	s = env_get("bootdelay");
66ded17d SG	458	bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY;
66ded17d SG	459
9d4e88c0 SG	460	/*
	461	* Does it really make sense that the devicetree overrides the user
	462	* setting? It is possibly helpful for security since the device tree
	463	* may be signed whereas the environment is often loaded from storage.
	464	*/
5fa3fd25	465	if (IS_ENABLED(CONFIG_OF_CONTROL))
7de8bd03	466	bootdelay = ofnode_conf_read_int("bootdelay", bootdelay);
66ded17d SG	467
	468	debug("### main_loop entered: bootdelay=%d\n\n", bootdelay);
	469
5fa3fd25 SG	470	if (IS_ENABLED(CONFIG_AUTOBOOT_MENU_SHOW))
5fa3fd25 SG	471	bootdelay = menu_show(bootdelay);
b26440f1	472	bootretry_init_cmd_timeout();
66ded17d SG	473
	474	#ifdef CONFIG_POST
	475	if (gd->flags & GD_FLG_POSTFAIL) {
00caae6d	476	s = env_get("failbootcmd");
66ded17d SG	477	} else
66ded17d SG	478	#endif /* CONFIG_POST */
bc8c440f	479	if (bootcount_error())
00caae6d	480	s = env_get("altbootcmd");
bc8c440f	481	else
00caae6d	482	s = env_get("bootcmd");
66ded17d	483
5fa3fd25	484	if (IS_ENABLED(CONFIG_OF_CONTROL))
c9c42ad2	485	process_fdt_options();
affb2156	486	stored_bootdelay = bootdelay;
66ded17d	487
affb2156 SG	488	return s;
affb2156 SG	489	}
66ded17d	490
affb2156 SG	491	void autoboot_command(const char *s)
affb2156 SG	492	{
66ded17d SG	493	debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>");
66ded17d SG	494
6ebe6b38 HS	495	if (s && (stored_bootdelay == -2 \|\|
6ebe6b38 HS	496	(stored_bootdelay != -1 && !abortboot(stored_bootdelay)))) {
5ec35ff3 SG	497	bool lock;
	498	int prev;
	499
cb897009	500	lock = autoboot_keyed() &&
5ec35ff3 SG	501	!IS_ENABLED(CONFIG_AUTOBOOT_KEYED_CTRLC);
	502	if (lock)
	503	prev = disable_ctrlc(1); /* disable Ctrl-C checking */
66ded17d SG	504
	505	run_command_list(s, -1, 0);
	506
5ec35ff3 SG	507	if (lock)
5ec35ff3 SG	508	disable_ctrlc(prev); /* restore Ctrl-C checking */
66ded17d SG	509	}
66ded17d SG	510
5a87df83	511	if (IS_ENABLED(CONFIG_AUTOBOOT_USE_MENUKEY) &&
d915ad27	512	menukey == AUTOBOOT_MENUKEY) {
00caae6d	513	s = env_get("menucmd");
66ded17d SG	514	if (s)
	515	run_command_list(s, -1, 0);
	516	}
cb897009	517	}