diff --git a/README b/README index b08ad8904d..b493ffeb2d 100644 --- a/README +++ b/README @@ -3421,6 +3421,8 @@ List of environment variables (most likely not complete): allowed for use by the bootm command. See also "bootm_low" environment variable. + bootstopkeysha256, bootdelaykey, bootstopkey - See README.autoboot + updatefile - Location of the software update file on a TFTP server, used by the automatic software update feature. Please refer to documentation in doc/README.update for more details. diff --git a/cmd/Kconfig b/cmd/Kconfig index 16cb5c2956..2cbfc0f87e 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -101,7 +101,14 @@ config AUTOBOOT_PROMPT config AUTOBOOT_ENCRYPTION bool "Enable encryption in autoboot stopping" depends on AUTOBOOT_KEYED - default n + help + This option allows a string to be entered into U-Boot to stop the + autoboot. The string itself is hashed and compared against the hash + in the environment variable 'bootstopkeysha256'. If it matches then + boot stops and a command-line prompt is presented. + + This provides a way to ship a secure production device which can also + be accessed at the U-Boot command line. config AUTOBOOT_DELAY_STR string "Delay autobooting via specific input key / string" diff --git a/common/autoboot.c b/common/autoboot.c index 5a0dac8d79..f832808b71 100644 --- a/common/autoboot.c +++ b/common/autoboot.c @@ -54,6 +54,14 @@ static int slow_equals(u8 *a, u8 *b, int len) return diff == 0; } +/** + * passwd_abort_sha256() - check for a hashed key sequence to abort booting + * + * This checks for the user entering a SHA256 hash within a given time. + * + * @etime: Timeout value ticks (stop when get_ticks() reachs this) + * @return 0 if autoboot should continue, 1 if it should stop + */ static int passwd_abort_sha256(uint64_t etime) { const char *sha_env_str = env_get("bootstopkeysha256"); @@ -106,6 +114,14 @@ static int passwd_abort_sha256(uint64_t etime) return abort; } +/** + * passwd_abort_key() - check for a key sequence to aborted booting + * + * This checks for the user entering a string within a given time. + * + * @etime: Timeout value ticks (stop when get_ticks() reachs this) + * @return 0 if autoboot should continue, 1 if it should stop + */ static int passwd_abort_key(uint64_t etime) { int abort = 0; diff --git a/doc/README.autoboot b/doc/README.autoboot index eeb7e4c662..de35f3093d 100644 --- a/doc/README.autoboot +++ b/doc/README.autoboot @@ -132,6 +132,21 @@ What they do provides an escape sequence from the limited "password" strings. + CONFIG_AUTOBOOT_ENCRYPTION + + "bootstopkeysha256" environment variable + + - Hash value of the input which unlocks the device and + stops autoboot. + + This option allows a string to be entered into U-Boot to stop the + autoboot. The string itself is hashed and compared against the hash + in the environment variable 'bootstopkeysha256'. If it matches then + boot stops and a command-line prompt is presented. + + This provides a way to ship a secure production device which can also + be accessed at the U-Boot command line. + CONFIG_RESET_TO_RETRY (Only effective when CONFIG_BOOT_RETRY_TIME is also set)