diff options
author | Simon Glass <sjg@chromium.org> | 2014-04-10 20:01:35 -0600 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2014-05-29 17:52:03 -0400 |
commit | affb215626f91e717088a27081d24c473895d47d (patch) | |
tree | 9ced673b20b48fb9a70253860e5cc6b7d9c79a29 /common/cli.c | |
parent | c1bb2cd0b6a3d1b152be3686601234b3a363772b (diff) | |
download | u-boot-imx-affb215626f91e717088a27081d24c473895d47d.zip u-boot-imx-affb215626f91e717088a27081d24c473895d47d.tar.gz u-boot-imx-affb215626f91e717088a27081d24c473895d47d.tar.bz2 |
main: Make the execution path a little clearer in main.c
bootdelay_process() never returns in some circumstances, whichs makes the
control flow confusing. Change it so that the decision about how to execute
the boot command is made in the main_loop() code, so it is easier to follow.
Move CLI stuff to cli.c.
Signed-off-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common/cli.c')
-rw-r--r-- | common/cli.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/common/cli.c b/common/cli.c index 4ac9b3f..ea6bfb3 100644 --- a/common/cli.c +++ b/common/cli.c @@ -12,8 +12,11 @@ #include <common.h> #include <cli.h> #include <cli_hush.h> +#include <fdtdec.h> #include <malloc.h> +DECLARE_GLOBAL_DATA_PTR; + /* * Run a command using the selected parser. * @@ -105,6 +108,69 @@ int do_run(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } #endif +#ifdef CONFIG_OF_CONTROL +bool cli_process_fdt(const char **cmdp) +{ + /* Allow the fdt to override the boot command */ + char *env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); + if (env) + *cmdp = env; + /* + * If the bootsecure option was chosen, use secure_boot_cmd(). + * Always use 'env' in this case, since bootsecure requres that the + * bootcmd was specified in the FDT too. + */ + return fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0) != 0; +} + +/* + * Runs the given boot command securely. Specifically: + * - Doesn't run the command with the shell (run_command or parse_string_outer), + * since that's a lot of code surface that an attacker might exploit. + * Because of this, we don't do any argument parsing--the secure boot command + * has to be a full-fledged u-boot command. + * - Doesn't check for keypresses before booting, since that could be a + * security hole; also disables Ctrl-C. + * - Doesn't allow the command to return. + * + * Upon any failures, this function will drop into an infinite loop after + * printing the error message to console. + */ +void cli_secure_boot_cmd(const char *cmd) +{ + cmd_tbl_t *cmdtp; + int rc; + + if (!cmd) { + printf("## Error: Secure boot command not specified\n"); + goto err; + } + + /* Disable Ctrl-C just in case some command is used that checks it. */ + disable_ctrlc(1); + + /* Find the command directly. */ + cmdtp = find_cmd(cmd); + if (!cmdtp) { + printf("## Error: \"%s\" not defined\n", cmd); + goto err; + } + + /* Run the command, forcing no flags and faking argc and argv. */ + rc = (cmdtp->cmd)(cmdtp, 0, 1, (char **)&cmd); + + /* Shouldn't ever return from boot command. */ + printf("## Error: \"%s\" returned (code %d)\n", cmd, rc); + +err: + /* + * Not a whole lot to do here. Rebooting won't help much, since we'll + * just end up right back here. Just loop. + */ + hang(); +} +#endif /* CONFIG_OF_CONTROL */ + void cli_loop(void) { #ifdef CONFIG_SYS_HUSH_PARSER |