[PATCH 06/13] boot_verify: make it modifiable at start time

[Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>]

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/bootm.c      |  2 +-
 common/boot_verify.c  | 39 +++++++++++++++++++++++++++++++++------
 common/bootm.c        |  2 +-
 include/boot_verify.h | 15 ++++++++++++---
 4 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/commands/bootm.c b/commands/bootm.c
index b35aaa914..cb520a1ba 100644
--- a/commands/bootm.c
+++ b/commands/bootm.c
@@ -64,7 +64,7 @@ static int do_bootm(int argc, char *argv[])
 	while ((opt = getopt(argc, argv, BOOTM_OPTS)) > 0) {
 		switch(opt) {
 		case 'c':
-			if (data.verify < BOOT_VERIFY_HASH)
+			if (data.verify > BOOT_VERIFY_HASH)
 				data.verify = BOOT_VERIFY_HASH;
 			break;
 		case 's':
diff --git a/common/boot_verify.c b/common/boot_verify.c
index afe929e68..9cbeb7a65 100644
--- a/common/boot_verify.c
+++ b/common/boot_verify.c
@@ -11,22 +11,49 @@ enum boot_verify boot_get_verify_mode(void)
 	return boot_verify_mode;
 }
 
+/* keep it for the most secure to the less */
 static const char * const boot_verify_names[] = {
-#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES
-	[BOOT_VERIFY_NONE] = "none",
-	[BOOT_VERIFY_HASH] = "hash",
-	[BOOT_VERIFY_AVAILABLE] = "available",
-#endif
 	[BOOT_VERIFY_SIGNATURE] = "signature",
+	[BOOT_VERIFY_AVAILABLE] = "available",
+	[BOOT_VERIFY_HASH] = "hash",
+	[BOOT_VERIFY_NONE] = "none",
 };
 
+/* allow architecture to overwrite it such as EFI */
+static int default_is_secure_mode(void)
+{
+	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
+		return 1;
+
+	return 0;
+}
+
+static int (*__is_secure_mode)(void) = default_is_secure_mode;
+
+int is_secure_mode(void)
+{
+	return __is_secure_mode();
+}
+
+void boot_set_is_secure_mode(int (*fn)(void))
+{
+	__is_secure_mode = fn;
+}
+
 static int init_boot_verify(void)
 {
+	int size;
+
 	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
 		boot_verify_mode = BOOT_VERIFY_SIGNATURE;
 
+	if (is_secure_mode())
+		size = 1;
+	else
+		size = ARRAY_SIZE(boot_verify_names);
+
 	globalvar_add_simple_enum("boot.verify", (unsigned int *)&boot_verify_mode,
-				  boot_verify_names, ARRAY_SIZE(boot_verify_names));
+				  boot_verify_names, size);
 
 	return 0;
 }
diff --git a/common/bootm.c b/common/bootm.c
index 74202a829..1558f3c5d 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -159,7 +159,7 @@ static int bootm_open_initrd_uimage(struct image_data *data)
 		if (!data->initrd)
 			return -EINVAL;
 
-		if (boot_get_verify_mode() > BOOT_VERIFY_NONE) {
+		if (boot_get_verify_mode() != BOOT_VERIFY_NONE) {
 			ret = uimage_verify(data->initrd);
 			if (ret) {
 				printf("Checking data crc failed with %s\n",
diff --git a/include/boot_verify.h b/include/boot_verify.h
index 3a4436584..ee830bf5c 100644
--- a/include/boot_verify.h
+++ b/include/boot_verify.h
@@ -2,10 +2,10 @@
 #define __BOOT_VERIFY_H__
 
 enum boot_verify {
-	BOOT_VERIFY_NONE,
-	BOOT_VERIFY_HASH,
-	BOOT_VERIFY_AVAILABLE,
 	BOOT_VERIFY_SIGNATURE,
+	BOOT_VERIFY_AVAILABLE,
+	BOOT_VERIFY_HASH,
+	BOOT_VERIFY_NONE,
 };
 
 #ifndef CONFIG_BOOT_VERIFY
@@ -13,8 +13,17 @@ static inline enum boot_verify boot_get_verify_mode(void)
 {
 	return BOOT_VERIFY_NONE;
 }
+
+static int inline is_secure_mode(void)
+{
+	return 0;
+}
+
+static void inline boot_set_is_secure_mode(int (*fn)(void)) {}
 #else
 enum boot_verify boot_get_verify_mode(void);
+int is_secure_mode(void);
+void boot_set_is_secure_mode(int (*fn)(void));
 #endif
 
 #endif /* __BOOT_VERIFY_H__ */
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox