mirror of
https://github.com/torvalds/linux.git
synced 2024-12-20 18:11:47 +00:00
df6f2801f5
The code to verify the new kernels sha digest is applicable for all architectures. Move it to common code. One problem is the string.c implementation on x86. Currently sha256 includes x86/boot/string.h which defines memcpy and memset to be gcc builtins. By moving the sha256 implementation to common code and changing the include to linux/string.h both functions are no longer defined. Thus definitions have to be provided in x86/purgatory/string.c Link: http://lkml.kernel.org/r/20180321112751.22196-12-prudo@linux.vnet.ibm.com Signed-off-by: Philipp Rudo <prudo@linux.vnet.ibm.com> Acked-by: Dave Young <dyoung@redhat.com> Cc: AKASHI Takahiro <takahiro.akashi@linaro.org> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> Cc: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
73 lines
1.7 KiB
C
73 lines
1.7 KiB
C
/*
|
|
* purgatory: Runs between two kernels
|
|
*
|
|
* Copyright (C) 2014 Red Hat Inc.
|
|
*
|
|
* Author:
|
|
* Vivek Goyal <vgoyal@redhat.com>
|
|
*
|
|
* This source code is licensed under the GNU General Public License,
|
|
* Version 2. See the file COPYING for more details.
|
|
*/
|
|
|
|
#include <linux/bug.h>
|
|
#include <linux/sha256.h>
|
|
#include <asm/purgatory.h>
|
|
|
|
#include "../boot/string.h"
|
|
|
|
unsigned long purgatory_backup_dest __section(.kexec-purgatory);
|
|
unsigned long purgatory_backup_src __section(.kexec-purgatory);
|
|
unsigned long purgatory_backup_sz __section(.kexec-purgatory);
|
|
|
|
u8 purgatory_sha256_digest[SHA256_DIGEST_SIZE] __section(.kexec-purgatory);
|
|
|
|
struct kexec_sha_region purgatory_sha_regions[KEXEC_SEGMENT_MAX] __section(.kexec-purgatory);
|
|
|
|
/*
|
|
* On x86, second kernel requries first 640K of memory to boot. Copy
|
|
* first 640K to a backup region in reserved memory range so that second
|
|
* kernel can use first 640K.
|
|
*/
|
|
static int copy_backup_region(void)
|
|
{
|
|
if (purgatory_backup_dest) {
|
|
memcpy((void *)purgatory_backup_dest,
|
|
(void *)purgatory_backup_src, purgatory_backup_sz);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int verify_sha256_digest(void)
|
|
{
|
|
struct kexec_sha_region *ptr, *end;
|
|
u8 digest[SHA256_DIGEST_SIZE];
|
|
struct sha256_state sctx;
|
|
|
|
sha256_init(&sctx);
|
|
end = purgatory_sha_regions + ARRAY_SIZE(purgatory_sha_regions);
|
|
|
|
for (ptr = purgatory_sha_regions; ptr < end; ptr++)
|
|
sha256_update(&sctx, (uint8_t *)(ptr->start), ptr->len);
|
|
|
|
sha256_final(&sctx, digest);
|
|
|
|
if (memcmp(digest, purgatory_sha256_digest, sizeof(digest)))
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
void purgatory(void)
|
|
{
|
|
int ret;
|
|
|
|
ret = verify_sha256_digest();
|
|
if (ret) {
|
|
/* loop forever */
|
|
for (;;)
|
|
;
|
|
}
|
|
copy_backup_region();
|
|
}
|