1 /* 2 * (C) Copyright 2000 3 * Wolfgang Denk, DENX Software Engineering, wd@denx.de. 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <common.h> 9 #include <bootretry.h> 10 #include <cli.h> 11 #include <fdtdec.h> 12 #include <menu.h> 13 #include <post.h> 14 15 DECLARE_GLOBAL_DATA_PTR; 16 17 #define MAX_DELAY_STOP_STR 32 18 19 #ifndef DEBUG_BOOTKEYS 20 #define DEBUG_BOOTKEYS 0 21 #endif 22 #define debug_bootkeys(fmt, args...) \ 23 debug_cond(DEBUG_BOOTKEYS, fmt, ##args) 24 25 /*************************************************************************** 26 * Watch for 'delay' seconds for autoboot stop or autoboot delay string. 27 * returns: 0 - no key string, allow autoboot 1 - got key string, abort 28 */ 29 # if defined(CONFIG_AUTOBOOT_KEYED) 30 static int abortboot_keyed(int bootdelay) 31 { 32 int abort = 0; 33 uint64_t etime = endtick(bootdelay); 34 struct { 35 char *str; 36 u_int len; 37 int retry; 38 } 39 delaykey[] = { 40 { str: getenv("bootdelaykey"), retry: 1 }, 41 { str: getenv("bootdelaykey2"), retry: 1 }, 42 { str: getenv("bootstopkey"), retry: 0 }, 43 { str: getenv("bootstopkey2"), retry: 0 }, 44 }; 45 46 char presskey[MAX_DELAY_STOP_STR]; 47 u_int presskey_len = 0; 48 u_int presskey_max = 0; 49 u_int i; 50 51 #ifndef CONFIG_ZERO_BOOTDELAY_CHECK 52 if (bootdelay == 0) 53 return 0; 54 #endif 55 56 # ifdef CONFIG_AUTOBOOT_PROMPT 57 printf(CONFIG_AUTOBOOT_PROMPT); 58 # endif 59 60 # ifdef CONFIG_AUTOBOOT_DELAY_STR 61 if (delaykey[0].str == NULL) 62 delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR; 63 # endif 64 # ifdef CONFIG_AUTOBOOT_DELAY_STR2 65 if (delaykey[1].str == NULL) 66 delaykey[1].str = CONFIG_AUTOBOOT_DELAY_STR2; 67 # endif 68 # ifdef CONFIG_AUTOBOOT_STOP_STR 69 if (delaykey[2].str == NULL) 70 delaykey[2].str = CONFIG_AUTOBOOT_STOP_STR; 71 # endif 72 # ifdef CONFIG_AUTOBOOT_STOP_STR2 73 if (delaykey[3].str == NULL) 74 delaykey[3].str = CONFIG_AUTOBOOT_STOP_STR2; 75 # endif 76 77 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { 78 delaykey[i].len = delaykey[i].str == NULL ? 79 0 : strlen(delaykey[i].str); 80 delaykey[i].len = delaykey[i].len > MAX_DELAY_STOP_STR ? 81 MAX_DELAY_STOP_STR : delaykey[i].len; 82 83 presskey_max = presskey_max > delaykey[i].len ? 84 presskey_max : delaykey[i].len; 85 86 debug_bootkeys("%s key:<%s>\n", 87 delaykey[i].retry ? "delay" : "stop", 88 delaykey[i].str ? delaykey[i].str : "NULL"); 89 } 90 91 /* In order to keep up with incoming data, check timeout only 92 * when catch up. 93 */ 94 do { 95 if (tstc()) { 96 if (presskey_len < presskey_max) { 97 presskey[presskey_len++] = getc(); 98 } else { 99 for (i = 0; i < presskey_max - 1; i++) 100 presskey[i] = presskey[i + 1]; 101 102 presskey[i] = getc(); 103 } 104 } 105 106 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { 107 if (delaykey[i].len > 0 && 108 presskey_len >= delaykey[i].len && 109 memcmp(presskey + presskey_len - 110 delaykey[i].len, delaykey[i].str, 111 delaykey[i].len) == 0) { 112 debug_bootkeys("got %skey\n", 113 delaykey[i].retry ? "delay" : 114 "stop"); 115 116 # ifdef CONFIG_BOOT_RETRY_TIME 117 /* don't retry auto boot */ 118 if (!delaykey[i].retry) 119 bootretry_dont_retry(); 120 # endif 121 abort = 1; 122 } 123 } 124 } while (!abort && get_ticks() <= etime); 125 126 if (!abort) 127 debug_bootkeys("key timeout\n"); 128 129 #ifdef CONFIG_SILENT_CONSOLE 130 if (abort) 131 gd->flags &= ~GD_FLG_SILENT; 132 #endif 133 134 return abort; 135 } 136 137 # else /* !defined(CONFIG_AUTOBOOT_KEYED) */ 138 139 #ifdef CONFIG_MENUKEY 140 static int menukey; 141 #endif 142 143 static int abortboot_normal(int bootdelay) 144 { 145 int abort = 0; 146 unsigned long ts; 147 148 #ifdef CONFIG_MENUPROMPT 149 printf(CONFIG_MENUPROMPT); 150 #else 151 if (bootdelay >= 0) 152 printf("Hit any key to stop autoboot: %2d ", bootdelay); 153 #endif 154 155 #if defined CONFIG_ZERO_BOOTDELAY_CHECK 156 /* 157 * Check if key already pressed 158 * Don't check if bootdelay < 0 159 */ 160 if (bootdelay >= 0) { 161 if (tstc()) { /* we got a key press */ 162 (void) getc(); /* consume input */ 163 puts("\b\b\b 0"); 164 abort = 1; /* don't auto boot */ 165 } 166 } 167 #endif 168 169 while ((bootdelay > 0) && (!abort)) { 170 --bootdelay; 171 /* delay 1000 ms */ 172 ts = get_timer(0); 173 do { 174 if (tstc()) { /* we got a key press */ 175 abort = 1; /* don't auto boot */ 176 bootdelay = 0; /* no more delay */ 177 # ifdef CONFIG_MENUKEY 178 menukey = getc(); 179 # else 180 (void) getc(); /* consume input */ 181 # endif 182 break; 183 } 184 udelay(10000); 185 } while (!abort && get_timer(ts) < 1000); 186 187 printf("\b\b\b%2d ", bootdelay); 188 } 189 190 putc('\n'); 191 192 #ifdef CONFIG_SILENT_CONSOLE 193 if (abort) 194 gd->flags &= ~GD_FLG_SILENT; 195 #endif 196 197 return abort; 198 } 199 # endif /* CONFIG_AUTOBOOT_KEYED */ 200 201 static int abortboot(int bootdelay) 202 { 203 #ifdef CONFIG_AUTOBOOT_KEYED 204 return abortboot_keyed(bootdelay); 205 #else 206 return abortboot_normal(bootdelay); 207 #endif 208 } 209 210 /* 211 * Runs the given boot command securely. Specifically: 212 * - Doesn't run the command with the shell (run_command or parse_string_outer), 213 * since that's a lot of code surface that an attacker might exploit. 214 * Because of this, we don't do any argument parsing--the secure boot command 215 * has to be a full-fledged u-boot command. 216 * - Doesn't check for keypresses before booting, since that could be a 217 * security hole; also disables Ctrl-C. 218 * - Doesn't allow the command to return. 219 * 220 * Upon any failures, this function will drop into an infinite loop after 221 * printing the error message to console. 222 */ 223 224 #if defined(CONFIG_OF_CONTROL) 225 static void secure_boot_cmd(char *cmd) 226 { 227 cmd_tbl_t *cmdtp; 228 int rc; 229 230 if (!cmd) { 231 printf("## Error: Secure boot command not specified\n"); 232 goto err; 233 } 234 235 /* Disable Ctrl-C just in case some command is used that checks it. */ 236 disable_ctrlc(1); 237 238 /* Find the command directly. */ 239 cmdtp = find_cmd(cmd); 240 if (!cmdtp) { 241 printf("## Error: \"%s\" not defined\n", cmd); 242 goto err; 243 } 244 245 /* Run the command, forcing no flags and faking argc and argv. */ 246 rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd); 247 248 /* Shouldn't ever return from boot command. */ 249 printf("## Error: \"%s\" returned (code %d)\n", cmd, rc); 250 251 err: 252 /* 253 * Not a whole lot to do here. Rebooting won't help much, since we'll 254 * just end up right back here. Just loop. 255 */ 256 hang(); 257 } 258 259 static void process_fdt_options(const void *blob) 260 { 261 ulong addr; 262 263 /* Add an env variable to point to a kernel payload, if available */ 264 addr = fdtdec_get_config_int(gd->fdt_blob, "kernel-offset", 0); 265 if (addr) 266 setenv_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); 267 268 /* Add an env variable to point to a root disk, if available */ 269 addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0); 270 if (addr) 271 setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); 272 } 273 #endif /* CONFIG_OF_CONTROL */ 274 275 void bootdelay_process(void) 276 { 277 #ifdef CONFIG_OF_CONTROL 278 char *env; 279 #endif 280 char *s; 281 int bootdelay; 282 #ifdef CONFIG_BOOTCOUNT_LIMIT 283 unsigned long bootcount = 0; 284 unsigned long bootlimit = 0; 285 #endif /* CONFIG_BOOTCOUNT_LIMIT */ 286 287 #ifdef CONFIG_BOOTCOUNT_LIMIT 288 bootcount = bootcount_load(); 289 bootcount++; 290 bootcount_store(bootcount); 291 setenv_ulong("bootcount", bootcount); 292 bootlimit = getenv_ulong("bootlimit", 10, 0); 293 #endif /* CONFIG_BOOTCOUNT_LIMIT */ 294 295 s = getenv("bootdelay"); 296 bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY; 297 298 #ifdef CONFIG_OF_CONTROL 299 bootdelay = fdtdec_get_config_int(gd->fdt_blob, "bootdelay", 300 bootdelay); 301 #endif 302 303 debug("### main_loop entered: bootdelay=%d\n\n", bootdelay); 304 305 #if defined(CONFIG_MENU_SHOW) 306 bootdelay = menu_show(bootdelay); 307 #endif 308 # ifdef CONFIG_BOOT_RETRY_TIME 309 init_cmd_timeout(); 310 # endif /* CONFIG_BOOT_RETRY_TIME */ 311 312 #ifdef CONFIG_POST 313 if (gd->flags & GD_FLG_POSTFAIL) { 314 s = getenv("failbootcmd"); 315 } else 316 #endif /* CONFIG_POST */ 317 #ifdef CONFIG_BOOTCOUNT_LIMIT 318 if (bootlimit && (bootcount > bootlimit)) { 319 printf("Warning: Bootlimit (%u) exceeded. Using altbootcmd.\n", 320 (unsigned)bootlimit); 321 s = getenv("altbootcmd"); 322 } else 323 #endif /* CONFIG_BOOTCOUNT_LIMIT */ 324 s = getenv("bootcmd"); 325 #ifdef CONFIG_OF_CONTROL 326 /* Allow the fdt to override the boot command */ 327 env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); 328 if (env) 329 s = env; 330 331 process_fdt_options(gd->fdt_blob); 332 333 /* 334 * If the bootsecure option was chosen, use secure_boot_cmd(). 335 * Always use 'env' in this case, since bootsecure requres that the 336 * bootcmd was specified in the FDT too. 337 */ 338 if (fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0)) 339 secure_boot_cmd(env); 340 341 #endif /* CONFIG_OF_CONTROL */ 342 343 debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>"); 344 345 if (bootdelay != -1 && s && !abortboot(bootdelay)) { 346 #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) 347 int prev = disable_ctrlc(1); /* disable Control C checking */ 348 #endif 349 350 run_command_list(s, -1, 0); 351 352 #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) 353 disable_ctrlc(prev); /* restore Control C checking */ 354 #endif 355 } 356 357 #ifdef CONFIG_MENUKEY 358 if (menukey == CONFIG_MENUKEY) { 359 s = getenv("menucmd"); 360 if (s) 361 run_command_list(s, -1, 0); 362 } 363 #endif /* CONFIG_MENUKEY */ 364 } 365