autoboot: Improve docs for CONFIG_AUTOBOOT_ENCRYPTION
This option is not documented properly at present. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
e8c780560a
commit
88fa4beb63
2
README
2
README
@ -3421,6 +3421,8 @@ List of environment variables (most likely not complete):
|
||||
allowed for use by the bootm command. See also "bootm_low"
|
||||
environment variable.
|
||||
|
||||
bootstopkeysha256, bootdelaykey, bootstopkey - See README.autoboot
|
||||
|
||||
updatefile - Location of the software update file on a TFTP server, used
|
||||
by the automatic software update feature. Please refer to
|
||||
documentation in doc/README.update for more details.
|
||||
|
@ -101,7 +101,14 @@ config AUTOBOOT_PROMPT
|
||||
config AUTOBOOT_ENCRYPTION
|
||||
bool "Enable encryption in autoboot stopping"
|
||||
depends on AUTOBOOT_KEYED
|
||||
default n
|
||||
help
|
||||
This option allows a string to be entered into U-Boot to stop the
|
||||
autoboot. The string itself is hashed and compared against the hash
|
||||
in the environment variable 'bootstopkeysha256'. If it matches then
|
||||
boot stops and a command-line prompt is presented.
|
||||
|
||||
This provides a way to ship a secure production device which can also
|
||||
be accessed at the U-Boot command line.
|
||||
|
||||
config AUTOBOOT_DELAY_STR
|
||||
string "Delay autobooting via specific input key / string"
|
||||
|
@ -54,6 +54,14 @@ static int slow_equals(u8 *a, u8 *b, int len)
|
||||
return diff == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* passwd_abort_sha256() - check for a hashed key sequence to abort booting
|
||||
*
|
||||
* This checks for the user entering a SHA256 hash within a given time.
|
||||
*
|
||||
* @etime: Timeout value ticks (stop when get_ticks() reachs this)
|
||||
* @return 0 if autoboot should continue, 1 if it should stop
|
||||
*/
|
||||
static int passwd_abort_sha256(uint64_t etime)
|
||||
{
|
||||
const char *sha_env_str = env_get("bootstopkeysha256");
|
||||
@ -106,6 +114,14 @@ static int passwd_abort_sha256(uint64_t etime)
|
||||
return abort;
|
||||
}
|
||||
|
||||
/**
|
||||
* passwd_abort_key() - check for a key sequence to aborted booting
|
||||
*
|
||||
* This checks for the user entering a string within a given time.
|
||||
*
|
||||
* @etime: Timeout value ticks (stop when get_ticks() reachs this)
|
||||
* @return 0 if autoboot should continue, 1 if it should stop
|
||||
*/
|
||||
static int passwd_abort_key(uint64_t etime)
|
||||
{
|
||||
int abort = 0;
|
||||
|
@ -132,6 +132,21 @@ What they do
|
||||
provides an escape sequence from the limited "password"
|
||||
strings.
|
||||
|
||||
CONFIG_AUTOBOOT_ENCRYPTION
|
||||
|
||||
"bootstopkeysha256" environment variable
|
||||
|
||||
- Hash value of the input which unlocks the device and
|
||||
stops autoboot.
|
||||
|
||||
This option allows a string to be entered into U-Boot to stop the
|
||||
autoboot. The string itself is hashed and compared against the hash
|
||||
in the environment variable 'bootstopkeysha256'. If it matches then
|
||||
boot stops and a command-line prompt is presented.
|
||||
|
||||
This provides a way to ship a secure production device which can also
|
||||
be accessed at the U-Boot command line.
|
||||
|
||||
CONFIG_RESET_TO_RETRY
|
||||
|
||||
(Only effective when CONFIG_BOOT_RETRY_TIME is also set)
|
||||
|
Loading…
Reference in New Issue
Block a user