summaryrefslogtreecommitdiff
path: root/recipes-bsp
diff options
context:
space:
mode:
authorJohn Klug <john.klug@multitech.com>2017-04-04 11:08:46 -0500
committerJohn Klug <john.klug@multitech.com>2017-04-04 11:08:46 -0500
commit248c6dada5daa872014be30acb722ce18181c08d (patch)
tree9f9f9c632684567255284ee40ecd3d99b4561d5b /recipes-bsp
parente39fd4b38c69467e3380b32117fbb39224de5416 (diff)
downloadmeta-multitech-248c6dada5daa872014be30acb722ce18181c08d.tar.gz
meta-multitech-248c6dada5daa872014be30acb722ce18181c08d.tar.bz2
meta-multitech-248c6dada5daa872014be30acb722ce18181c08d.zip
Add password creation utility mts-ubpasswd
Diffstat (limited to 'recipes-bsp')
-rw-r--r--recipes-bsp/multitech/mts-id-eeprom.inc2
-rw-r--r--recipes-bsp/multitech/mts-id-eeprom_0.2.10.bb (renamed from recipes-bsp/multitech/mts-id-eeprom_0.2.6.bb)2
-rw-r--r--recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch312
-rw-r--r--recipes-bsp/u-boot/u-boot_2012.10.bb2
4 files changed, 316 insertions, 2 deletions
diff --git a/recipes-bsp/multitech/mts-id-eeprom.inc b/recipes-bsp/multitech/mts-id-eeprom.inc
index 61f024d..3bef9e9 100644
--- a/recipes-bsp/multitech/mts-id-eeprom.inc
+++ b/recipes-bsp/multitech/mts-id-eeprom.inc
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
INC_PR = "r0"
DEPENDS = "mts-io"
-SRCREV = "${PV}"
+SRCREV = "8801af07013ddfdf517d42bb50a21ebfad621460"
SRC_URI = "git://git.multitech.net/mts-id-eeprom.git;protocol=git"
S = "${WORKDIR}/git"
diff --git a/recipes-bsp/multitech/mts-id-eeprom_0.2.6.bb b/recipes-bsp/multitech/mts-id-eeprom_0.2.10.bb
index ccf3521..9c5bd5f 100644
--- a/recipes-bsp/multitech/mts-id-eeprom_0.2.6.bb
+++ b/recipes-bsp/multitech/mts-id-eeprom_0.2.10.bb
@@ -1,3 +1,3 @@
require mts-id-eeprom.inc
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1A"
diff --git a/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch
new file mode 100644
index 0000000..5338a6a
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch
@@ -0,0 +1,312 @@
+diff --git a/common/Makefile b/common/Makefile
+index 973f05a..12e8c00 100644
+--- a/common/Makefile
++++ b/common/Makefile
+@@ -173,7 +173,7 @@ COBJS-$(CONFIG_YAFFS2) += cmd_yaffs2.o
+ COBJS-$(CONFIG_CMD_SPL) += cmd_spl.o
+ COBJS-$(CONFIG_CMD_ZIP) += cmd_zip.o
+ COBJS-$(CONFIG_CMD_ZFS) += cmd_zfs.o
+-
++COBJS-$(CONFIG_MTS_PASSWD) += mts_passwd.o
+ # others
+ ifdef CONFIG_DDR_SPD
+ SPD := y
+diff --git a/common/main.c b/common/main.c
+index 9507cec..249bf6e 100644
+--- a/common/main.c
++++ b/common/main.c
+@@ -403,7 +403,7 @@ void main_loop (void)
+ }
+ #endif /* CONFIG_MENUKEY */
+ #endif /* CONFIG_BOOTDELAY */
+-
++ mts_run_passwd_loop();
+ /*
+ * Main Loop for Monitor Command Processing
+ */
+diff --git a/common/mts_passwd.c b/common/mts_passwd.c
+new file mode 100644
+index 0000000..947ac3a
+--- /dev/null
++++ b/common/mts_passwd.c
+@@ -0,0 +1,248 @@
++#include <common.h>
++#include <linux/ctype.h>
++#include <watchdog.h>
++#include <sha256.h>
++#include <mts_passwd.h>
++
++#define MTS_PASSWD_ATTEMPTS (3)
++#define MTS_PASSWD_MAX_LEN (30)
++#define MTS_PASSWD_HASH_VAR "mtsp"
++#define MTS_PASSWD_SALT_VAR "mtss"
++#define MTS_PASSWD_PROMPT "Enter password : "
++
++static
++void mts_do_reset(unsigned long delay)
++{
++ mdelay(delay);
++ do_reset(NULL, 0, 0, NULL);
++}
++
++/*
++ *
++ * Figure out if device is locked or not
++ *
++ */
++static
++int mts_get_protection_status(void)
++{
++ int rc = 0; /* UNLOCKED */
++ char *var = NULL;
++ int len;
++
++ var = getenv(MTS_PASSWD_HASH_VAR);
++
++ do {
++ /* Variable is not set */
++ if (!var) break;
++
++ len = strlen(var);
++
++ /* Variable is empty */
++ if (len == 0) break;
++
++ /*
++ * Length should be correct. Otherwise, do not unlock the device, just show the message and reset.
++ */
++ if (len != 2*SHA256_SUM_LEN) {
++ puts("WARNING: password is corrupted\n");
++ mts_do_reset(1000);
++ }
++
++ /* LOCKED */
++ rc = 1;
++
++ } while (0);
++
++ return rc;
++}
++
++
++/*
++ *
++ * Helper function for the password reading
++ *
++ */
++static
++char *mts_password_delete_char(char *buffer, char *p, int *colp, int *np, int plen)
++{
++ static char erase_seq[] = "\b \b";
++
++ if (*np == 0) {
++ return (p);
++ }
++
++ --p;
++ puts(erase_seq);
++ (*colp)--;
++
++ (*np)--;
++ return (p);
++}
++
++/*
++ *
++ * Read password helper
++ *
++ */
++static
++int mts_password_into_buffer(const char *const prompt, char *buf, size_t buflen)
++{
++ char *p = buf;
++ char *p_buf = p;
++ int n = 0; /* buffer index */
++ int plen = 0; /* prompt length */
++ int col; /* output column cnt */
++ char c;
++
++ /* print prompt */
++ if (prompt) {
++ plen = strlen(prompt);
++ puts (prompt);
++ }
++
++ col = plen;
++
++ for (;;) {
++
++ WATCHDOG_RESET();
++
++ c = getc();
++
++ /*
++ * Special character handling
++ */
++ switch (c) {
++ case '\r': /* Enter */
++ case '\n':
++ *p = '\0';
++ puts("\r\n");
++ return (p - p_buf);
++
++ case '\0': /* nul */
++ case '\t':
++ continue;
++
++ case 0x03: /* ^C - break */
++ p_buf[0] = '\0'; /* discard input */
++ puts("\r\n");
++ return (-1);
++
++ case 0x08: /* ^H - backspace */
++ case 0x7F: /* DEL - backspace */
++ p = mts_password_delete_char(p_buf, p, &col, &n, plen);
++ continue;
++
++ default:
++ /*
++ * Must be a normal character then
++ */
++ if (n < buflen - 2) {
++ ++col; /* echo input */
++ *p++ = c;
++ ++n;
++ }
++ putc('*');
++ }
++ }
++}
++
++/*
++ *
++ * Read the password from input
++ *
++ */
++static
++int read_password(char *buf, size_t buflen)
++{
++ return mts_password_into_buffer(MTS_PASSWD_PROMPT, buf, buflen);
++}
++
++/*
++ *
++ * Verify if the entered password is correct.
++ *
++ */
++static
++int verify_password(char *pwd, size_t pwdlen)
++{
++ char *hash_env = getenv(MTS_PASSWD_HASH_VAR);;
++ char *salt_env = getenv(MTS_PASSWD_SALT_VAR);
++
++ if (pwd && pwdlen > 0 && hash_env && (strlen(hash_env) == 2*SHA256_SUM_LEN)) {
++ uint8_t hash[SHA256_SUM_LEN];
++ uint8_t prefix[]={'0','3','e','3'};
++ sha256_context ctx;
++ char tmp[3];
++ int i;
++
++ sha256_starts(&ctx);
++ sha256_update(&ctx, prefix, 4);
++ sha256_update(&ctx, (uint8_t *) pwd, pwdlen);
++ if (salt_env) {
++ size_t saltlen = strlen(salt_env);
++ sha256_update(&ctx, (uint8_t *) salt_env, saltlen);
++ }
++ sha256_finish(&ctx, hash);
++ memset(&ctx, 0, sizeof(sha256_context));
++
++ for (i = 0; i < SHA256_SUM_LEN; i++) {
++ snprintf(tmp, sizeof tmp, "%02x", hash[i]);
++ if (tolower(tmp[0]) != tolower(hash_env[2*i]) ||
++ tolower(tmp[1]) != tolower(hash_env[2*i + 1])) {
++ break;
++ }
++ }
++
++ if (i == SHA256_SUM_LEN) {
++ return 1;
++ }
++ }
++
++ return 0;
++}
++
++/*
++ *
++ * Check is the device is locked and ask the password.
++ *
++ */
++void mts_run_passwd_loop(void)
++{
++ char buf[MTS_PASSWD_MAX_LEN] = "\0";
++ unsigned long delay = 1000; /* 1 second initially */
++ int len;
++ int trynr = 0;
++
++ /* Do not delete */
++ printf("", "mts password protected");
++
++ if (mts_get_protection_status() == 0) {
++ return;
++ }
++
++ while (1) {
++ if (trynr == MTS_PASSWD_ATTEMPTS) {
++ mts_do_reset(1000);
++ }
++
++ len = read_password(buf, MTS_PASSWD_MAX_LEN);
++ if (len > 0) {
++ if (verify_password(buf, len)) {
++ /* zero out */
++ memset(buf, 0, sizeof(buf));
++ return;
++ }
++ puts("Permission denied\n");
++ }
++
++ trynr++;
++
++ /* progressive delay */
++ mdelay(delay);
++ delay *= 2;
++ if (delay > 4000) delay = 4000;
++ }
++ /* zero out */
++ memset(buf, 0, sizeof(buf));
++ return;
++}
+diff --git a/include/common.h b/include/common.h
+index a7fb05e..b334700 100644
+--- a/include/common.h
++++ b/include/common.h
+@@ -41,6 +41,7 @@ typedef volatile unsigned char vu_char;
+ #include <linux/string.h>
+ #include <asm/ptrace.h>
+ #include <stdarg.h>
++#include <mts_passwd.h>
+ #if defined(CONFIG_PCI) && (defined(CONFIG_4xx) && !defined(CONFIG_AP1000))
+ #include <pci.h>
+ #endif
+diff --git a/include/mts_passwd.h b/include/mts_passwd.h
+new file mode 100644
+index 0000000..1668d8f
+--- /dev/null
++++ b/include/mts_passwd.h
+@@ -0,0 +1,13 @@
++#ifndef _MTS_PASSWD_H
++#define _MTS_PASSWD_H
++
++#define CONFIG_MTS_PASSWD
++
++#if defined(CONFIG_MTS_PASSWD)
++#define CONFIG_SHA256
++void mts_run_passwd_loop(void);
++#else
++#define mts_run_passwd_loop() {}
++#endif
++
++#endif
+\ No newline at end of file
diff --git a/recipes-bsp/u-boot/u-boot_2012.10.bb b/recipes-bsp/u-boot/u-boot_2012.10.bb
index 654564f..ab52e31 100644
--- a/recipes-bsp/u-boot/u-boot_2012.10.bb
+++ b/recipes-bsp/u-boot/u-boot_2012.10.bb
@@ -16,6 +16,8 @@ SRC_URI = "git://github.com/linux4sam/u-boot-at91.git;branch=u-boot-2012.10-at91
# add patch to speed up boot if ethernet autonegotiation fails
SRC_URI += "file://u-boot-2010.06-macb-autoneg-timeout.patch"
+# add password protection patch
+SRC_URI += "file://u-boot-2012.10-pwd.patch"
SRC_URI_append_mtcdt = " file://u-boot-2012.10-mtcdt.patch"