diff options
Diffstat (limited to 'recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch')
-rw-r--r-- | recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch | 312 |
1 files changed, 0 insertions, 312 deletions
diff --git a/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch deleted file mode 100644 index 5338a6a..0000000 --- a/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch +++ /dev/null @@ -1,312 +0,0 @@ -diff --git a/common/Makefile b/common/Makefile -index 973f05a..12e8c00 100644 ---- a/common/Makefile -+++ b/common/Makefile -@@ -173,7 +173,7 @@ COBJS-$(CONFIG_YAFFS2) += cmd_yaffs2.o - COBJS-$(CONFIG_CMD_SPL) += cmd_spl.o - COBJS-$(CONFIG_CMD_ZIP) += cmd_zip.o - COBJS-$(CONFIG_CMD_ZFS) += cmd_zfs.o -- -+COBJS-$(CONFIG_MTS_PASSWD) += mts_passwd.o - # others - ifdef CONFIG_DDR_SPD - SPD := y -diff --git a/common/main.c b/common/main.c -index 9507cec..249bf6e 100644 ---- a/common/main.c -+++ b/common/main.c -@@ -403,7 +403,7 @@ void main_loop (void) - } - #endif /* CONFIG_MENUKEY */ - #endif /* CONFIG_BOOTDELAY */ -- -+ mts_run_passwd_loop(); - /* - * Main Loop for Monitor Command Processing - */ -diff --git a/common/mts_passwd.c b/common/mts_passwd.c -new file mode 100644 -index 0000000..947ac3a ---- /dev/null -+++ b/common/mts_passwd.c -@@ -0,0 +1,248 @@ -+#include <common.h> -+#include <linux/ctype.h> -+#include <watchdog.h> -+#include <sha256.h> -+#include <mts_passwd.h> -+ -+#define MTS_PASSWD_ATTEMPTS (3) -+#define MTS_PASSWD_MAX_LEN (30) -+#define MTS_PASSWD_HASH_VAR "mtsp" -+#define MTS_PASSWD_SALT_VAR "mtss" -+#define MTS_PASSWD_PROMPT "Enter password : " -+ -+static -+void mts_do_reset(unsigned long delay) -+{ -+ mdelay(delay); -+ do_reset(NULL, 0, 0, NULL); -+} -+ -+/* -+ * -+ * Figure out if device is locked or not -+ * -+ */ -+static -+int mts_get_protection_status(void) -+{ -+ int rc = 0; /* UNLOCKED */ -+ char *var = NULL; -+ int len; -+ -+ var = getenv(MTS_PASSWD_HASH_VAR); -+ -+ do { -+ /* Variable is not set */ -+ if (!var) break; -+ -+ len = strlen(var); -+ -+ /* Variable is empty */ -+ if (len == 0) break; -+ -+ /* -+ * Length should be correct. Otherwise, do not unlock the device, just show the message and reset. -+ */ -+ if (len != 2*SHA256_SUM_LEN) { -+ puts("WARNING: password is corrupted\n"); -+ mts_do_reset(1000); -+ } -+ -+ /* LOCKED */ -+ rc = 1; -+ -+ } while (0); -+ -+ return rc; -+} -+ -+ -+/* -+ * -+ * Helper function for the password reading -+ * -+ */ -+static -+char *mts_password_delete_char(char *buffer, char *p, int *colp, int *np, int plen) -+{ -+ static char erase_seq[] = "\b \b"; -+ -+ if (*np == 0) { -+ return (p); -+ } -+ -+ --p; -+ puts(erase_seq); -+ (*colp)--; -+ -+ (*np)--; -+ return (p); -+} -+ -+/* -+ * -+ * Read password helper -+ * -+ */ -+static -+int mts_password_into_buffer(const char *const prompt, char *buf, size_t buflen) -+{ -+ char *p = buf; -+ char *p_buf = p; -+ int n = 0; /* buffer index */ -+ int plen = 0; /* prompt length */ -+ int col; /* output column cnt */ -+ char c; -+ -+ /* print prompt */ -+ if (prompt) { -+ plen = strlen(prompt); -+ puts (prompt); -+ } -+ -+ col = plen; -+ -+ for (;;) { -+ -+ WATCHDOG_RESET(); -+ -+ c = getc(); -+ -+ /* -+ * Special character handling -+ */ -+ switch (c) { -+ case '\r': /* Enter */ -+ case '\n': -+ *p = '\0'; -+ puts("\r\n"); -+ return (p - p_buf); -+ -+ case '\0': /* nul */ -+ case '\t': -+ continue; -+ -+ case 0x03: /* ^C - break */ -+ p_buf[0] = '\0'; /* discard input */ -+ puts("\r\n"); -+ return (-1); -+ -+ case 0x08: /* ^H - backspace */ -+ case 0x7F: /* DEL - backspace */ -+ p = mts_password_delete_char(p_buf, p, &col, &n, plen); -+ continue; -+ -+ default: -+ /* -+ * Must be a normal character then -+ */ -+ if (n < buflen - 2) { -+ ++col; /* echo input */ -+ *p++ = c; -+ ++n; -+ } -+ putc('*'); -+ } -+ } -+} -+ -+/* -+ * -+ * Read the password from input -+ * -+ */ -+static -+int read_password(char *buf, size_t buflen) -+{ -+ return mts_password_into_buffer(MTS_PASSWD_PROMPT, buf, buflen); -+} -+ -+/* -+ * -+ * Verify if the entered password is correct. -+ * -+ */ -+static -+int verify_password(char *pwd, size_t pwdlen) -+{ -+ char *hash_env = getenv(MTS_PASSWD_HASH_VAR);; -+ char *salt_env = getenv(MTS_PASSWD_SALT_VAR); -+ -+ if (pwd && pwdlen > 0 && hash_env && (strlen(hash_env) == 2*SHA256_SUM_LEN)) { -+ uint8_t hash[SHA256_SUM_LEN]; -+ uint8_t prefix[]={'0','3','e','3'}; -+ sha256_context ctx; -+ char tmp[3]; -+ int i; -+ -+ sha256_starts(&ctx); -+ sha256_update(&ctx, prefix, 4); -+ sha256_update(&ctx, (uint8_t *) pwd, pwdlen); -+ if (salt_env) { -+ size_t saltlen = strlen(salt_env); -+ sha256_update(&ctx, (uint8_t *) salt_env, saltlen); -+ } -+ sha256_finish(&ctx, hash); -+ memset(&ctx, 0, sizeof(sha256_context)); -+ -+ for (i = 0; i < SHA256_SUM_LEN; i++) { -+ snprintf(tmp, sizeof tmp, "%02x", hash[i]); -+ if (tolower(tmp[0]) != tolower(hash_env[2*i]) || -+ tolower(tmp[1]) != tolower(hash_env[2*i + 1])) { -+ break; -+ } -+ } -+ -+ if (i == SHA256_SUM_LEN) { -+ return 1; -+ } -+ } -+ -+ return 0; -+} -+ -+/* -+ * -+ * Check is the device is locked and ask the password. -+ * -+ */ -+void mts_run_passwd_loop(void) -+{ -+ char buf[MTS_PASSWD_MAX_LEN] = "\0"; -+ unsigned long delay = 1000; /* 1 second initially */ -+ int len; -+ int trynr = 0; -+ -+ /* Do not delete */ -+ printf("", "mts password protected"); -+ -+ if (mts_get_protection_status() == 0) { -+ return; -+ } -+ -+ while (1) { -+ if (trynr == MTS_PASSWD_ATTEMPTS) { -+ mts_do_reset(1000); -+ } -+ -+ len = read_password(buf, MTS_PASSWD_MAX_LEN); -+ if (len > 0) { -+ if (verify_password(buf, len)) { -+ /* zero out */ -+ memset(buf, 0, sizeof(buf)); -+ return; -+ } -+ puts("Permission denied\n"); -+ } -+ -+ trynr++; -+ -+ /* progressive delay */ -+ mdelay(delay); -+ delay *= 2; -+ if (delay > 4000) delay = 4000; -+ } -+ /* zero out */ -+ memset(buf, 0, sizeof(buf)); -+ return; -+} -diff --git a/include/common.h b/include/common.h -index a7fb05e..b334700 100644 ---- a/include/common.h -+++ b/include/common.h -@@ -41,6 +41,7 @@ typedef volatile unsigned char vu_char; - #include <linux/string.h> - #include <asm/ptrace.h> - #include <stdarg.h> -+#include <mts_passwd.h> - #if defined(CONFIG_PCI) && (defined(CONFIG_4xx) && !defined(CONFIG_AP1000)) - #include <pci.h> - #endif -diff --git a/include/mts_passwd.h b/include/mts_passwd.h -new file mode 100644 -index 0000000..1668d8f ---- /dev/null -+++ b/include/mts_passwd.h -@@ -0,0 +1,13 @@ -+#ifndef _MTS_PASSWD_H -+#define _MTS_PASSWD_H -+ -+#define CONFIG_MTS_PASSWD -+ -+#if defined(CONFIG_MTS_PASSWD) -+#define CONFIG_SHA256 -+void mts_run_passwd_loop(void); -+#else -+#define mts_run_passwd_loop() {} -+#endif -+ -+#endif -\ No newline at end of file |