diff options
| author | John Klug <john.klug@multitech.com> | 2017-04-04 11:08:46 -0500 |
|---|---|---|
| committer | John Klug <john.klug@multitech.com> | 2017-04-24 11:43:22 -0500 |
| commit | b166ae6ba45d2b1069a948e24b1148bf7db196a8 (patch) | |
| tree | 15002ccfe5ab85a99118d03520169cb5990adcb1 /recipes-bsp/u-boot | |
| parent | 00aeca342ec0361ee7f6dd1cbc2d28fa4cb93290 (diff) | |
| download | meta-multitech-atmel-b166ae6ba45d2b1069a948e24b1148bf7db196a8.tar.gz meta-multitech-atmel-b166ae6ba45d2b1069a948e24b1148bf7db196a8.tar.bz2 meta-multitech-atmel-b166ae6ba45d2b1069a948e24b1148bf7db196a8.zip | |
Add password creation utility mts-ubpasswd
Diffstat (limited to 'recipes-bsp/u-boot')
| -rw-r--r-- | recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch | 312 | ||||
| -rw-r--r-- | recipes-bsp/u-boot/u-boot_2012.10.bb | 2 |
2 files changed, 314 insertions, 0 deletions
diff --git a/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch new file mode 100644 index 0000000..5338a6a --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch @@ -0,0 +1,312 @@ +diff --git a/common/Makefile b/common/Makefile +index 973f05a..12e8c00 100644 +--- a/common/Makefile ++++ b/common/Makefile +@@ -173,7 +173,7 @@ COBJS-$(CONFIG_YAFFS2) += cmd_yaffs2.o + COBJS-$(CONFIG_CMD_SPL) += cmd_spl.o + COBJS-$(CONFIG_CMD_ZIP) += cmd_zip.o + COBJS-$(CONFIG_CMD_ZFS) += cmd_zfs.o +- ++COBJS-$(CONFIG_MTS_PASSWD) += mts_passwd.o + # others + ifdef CONFIG_DDR_SPD + SPD := y +diff --git a/common/main.c b/common/main.c +index 9507cec..249bf6e 100644 +--- a/common/main.c ++++ b/common/main.c +@@ -403,7 +403,7 @@ void main_loop (void) + } + #endif /* CONFIG_MENUKEY */ + #endif /* CONFIG_BOOTDELAY */ +- ++ mts_run_passwd_loop(); + /* + * Main Loop for Monitor Command Processing + */ +diff --git a/common/mts_passwd.c b/common/mts_passwd.c +new file mode 100644 +index 0000000..947ac3a +--- /dev/null ++++ b/common/mts_passwd.c +@@ -0,0 +1,248 @@ ++#include <common.h> ++#include <linux/ctype.h> ++#include <watchdog.h> ++#include <sha256.h> ++#include <mts_passwd.h> ++ ++#define MTS_PASSWD_ATTEMPTS (3) ++#define MTS_PASSWD_MAX_LEN (30) ++#define MTS_PASSWD_HASH_VAR "mtsp" ++#define MTS_PASSWD_SALT_VAR "mtss" ++#define MTS_PASSWD_PROMPT "Enter password : " ++ ++static ++void mts_do_reset(unsigned long delay) ++{ ++ mdelay(delay); ++ do_reset(NULL, 0, 0, NULL); ++} ++ ++/* ++ * ++ * Figure out if device is locked or not ++ * ++ */ ++static ++int mts_get_protection_status(void) ++{ ++ int rc = 0; /* UNLOCKED */ ++ char *var = NULL; ++ int len; ++ ++ var = getenv(MTS_PASSWD_HASH_VAR); ++ ++ do { ++ /* Variable is not set */ ++ if (!var) break; ++ ++ len = strlen(var); ++ ++ /* Variable is empty */ ++ if (len == 0) break; ++ ++ /* ++ * Length should be correct. Otherwise, do not unlock the device, just show the message and reset. ++ */ ++ if (len != 2*SHA256_SUM_LEN) { ++ puts("WARNING: password is corrupted\n"); ++ mts_do_reset(1000); ++ } ++ ++ /* LOCKED */ ++ rc = 1; ++ ++ } while (0); ++ ++ return rc; ++} ++ ++ ++/* ++ * ++ * Helper function for the password reading ++ * ++ */ ++static ++char *mts_password_delete_char(char *buffer, char *p, int *colp, int *np, int plen) ++{ ++ static char erase_seq[] = "\b \b"; ++ ++ if (*np == 0) { ++ return (p); ++ } ++ ++ --p; ++ puts(erase_seq); ++ (*colp)--; ++ ++ (*np)--; ++ return (p); ++} ++ ++/* ++ * ++ * Read password helper ++ * ++ */ ++static ++int mts_password_into_buffer(const char *const prompt, char *buf, size_t buflen) ++{ ++ char *p = buf; ++ char *p_buf = p; ++ int n = 0; /* buffer index */ ++ int plen = 0; /* prompt length */ ++ int col; /* output column cnt */ ++ char c; ++ ++ /* print prompt */ ++ if (prompt) { ++ plen = strlen(prompt); ++ puts (prompt); ++ } ++ ++ col = plen; ++ ++ for (;;) { ++ ++ WATCHDOG_RESET(); ++ ++ c = getc(); ++ ++ /* ++ * Special character handling ++ */ ++ switch (c) { ++ case '\r': /* Enter */ ++ case '\n': ++ *p = '\0'; ++ puts("\r\n"); ++ return (p - p_buf); ++ ++ case '\0': /* nul */ ++ case '\t': ++ continue; ++ ++ case 0x03: /* ^C - break */ ++ p_buf[0] = '\0'; /* discard input */ ++ puts("\r\n"); ++ return (-1); ++ ++ case 0x08: /* ^H - backspace */ ++ case 0x7F: /* DEL - backspace */ ++ p = mts_password_delete_char(p_buf, p, &col, &n, plen); ++ continue; ++ ++ default: ++ /* ++ * Must be a normal character then ++ */ ++ if (n < buflen - 2) { ++ ++col; /* echo input */ ++ *p++ = c; ++ ++n; ++ } ++ putc('*'); ++ } ++ } ++} ++ ++/* ++ * ++ * Read the password from input ++ * ++ */ ++static ++int read_password(char *buf, size_t buflen) ++{ ++ return mts_password_into_buffer(MTS_PASSWD_PROMPT, buf, buflen); ++} ++ ++/* ++ * ++ * Verify if the entered password is correct. ++ * ++ */ ++static ++int verify_password(char *pwd, size_t pwdlen) ++{ ++ char *hash_env = getenv(MTS_PASSWD_HASH_VAR);; ++ char *salt_env = getenv(MTS_PASSWD_SALT_VAR); ++ ++ if (pwd && pwdlen > 0 && hash_env && (strlen(hash_env) == 2*SHA256_SUM_LEN)) { ++ uint8_t hash[SHA256_SUM_LEN]; ++ uint8_t prefix[]={'0','3','e','3'}; ++ sha256_context ctx; ++ char tmp[3]; ++ int i; ++ ++ sha256_starts(&ctx); ++ sha256_update(&ctx, prefix, 4); ++ sha256_update(&ctx, (uint8_t *) pwd, pwdlen); ++ if (salt_env) { ++ size_t saltlen = strlen(salt_env); ++ sha256_update(&ctx, (uint8_t *) salt_env, saltlen); ++ } ++ sha256_finish(&ctx, hash); ++ memset(&ctx, 0, sizeof(sha256_context)); ++ ++ for (i = 0; i < SHA256_SUM_LEN; i++) { ++ snprintf(tmp, sizeof tmp, "%02x", hash[i]); ++ if (tolower(tmp[0]) != tolower(hash_env[2*i]) || ++ tolower(tmp[1]) != tolower(hash_env[2*i + 1])) { ++ break; ++ } ++ } ++ ++ if (i == SHA256_SUM_LEN) { ++ return 1; ++ } ++ } ++ ++ return 0; ++} ++ ++/* ++ * ++ * Check is the device is locked and ask the password. ++ * ++ */ ++void mts_run_passwd_loop(void) ++{ ++ char buf[MTS_PASSWD_MAX_LEN] = "\0"; ++ unsigned long delay = 1000; /* 1 second initially */ ++ int len; ++ int trynr = 0; ++ ++ /* Do not delete */ ++ printf("", "mts password protected"); ++ ++ if (mts_get_protection_status() == 0) { ++ return; ++ } ++ ++ while (1) { ++ if (trynr == MTS_PASSWD_ATTEMPTS) { ++ mts_do_reset(1000); ++ } ++ ++ len = read_password(buf, MTS_PASSWD_MAX_LEN); ++ if (len > 0) { ++ if (verify_password(buf, len)) { ++ /* zero out */ ++ memset(buf, 0, sizeof(buf)); ++ return; ++ } ++ puts("Permission denied\n"); ++ } ++ ++ trynr++; ++ ++ /* progressive delay */ ++ mdelay(delay); ++ delay *= 2; ++ if (delay > 4000) delay = 4000; ++ } ++ /* zero out */ ++ memset(buf, 0, sizeof(buf)); ++ return; ++} +diff --git a/include/common.h b/include/common.h +index a7fb05e..b334700 100644 +--- a/include/common.h ++++ b/include/common.h +@@ -41,6 +41,7 @@ typedef volatile unsigned char vu_char; + #include <linux/string.h> + #include <asm/ptrace.h> + #include <stdarg.h> ++#include <mts_passwd.h> + #if defined(CONFIG_PCI) && (defined(CONFIG_4xx) && !defined(CONFIG_AP1000)) + #include <pci.h> + #endif +diff --git a/include/mts_passwd.h b/include/mts_passwd.h +new file mode 100644 +index 0000000..1668d8f +--- /dev/null ++++ b/include/mts_passwd.h +@@ -0,0 +1,13 @@ ++#ifndef _MTS_PASSWD_H ++#define _MTS_PASSWD_H ++ ++#define CONFIG_MTS_PASSWD ++ ++#if defined(CONFIG_MTS_PASSWD) ++#define CONFIG_SHA256 ++void mts_run_passwd_loop(void); ++#else ++#define mts_run_passwd_loop() {} ++#endif ++ ++#endif +\ No newline at end of file diff --git a/recipes-bsp/u-boot/u-boot_2012.10.bb b/recipes-bsp/u-boot/u-boot_2012.10.bb index 47f6ea2..3977ca4 100644 --- a/recipes-bsp/u-boot/u-boot_2012.10.bb +++ b/recipes-bsp/u-boot/u-boot_2012.10.bb @@ -16,6 +16,8 @@ SRC_URI = "git://github.com/linux4sam/u-boot-at91.git;branch=u-boot-2012.10-at91 # add patch to speed up boot if ethernet autonegotiation fails SRC_URI += "file://u-boot-2010.06-macb-autoneg-timeout.patch" +# add password protection patch +SRC_URI += "file://u-boot-2012.10-pwd.patch" SRC_URI_append_mtcdt = " file://u-boot-2012.10-mtcdt.patch" SRC_URI_append_mtcap = " file://u-boot-2012.10-mtcdt.patch" |