1 /* 2 * (C) Copyright 2000 3 * Wolfgang Denk, DENX Software Engineering, wd@denx.de. 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <common.h> 9 #include <bootretry.h> 10 #include <cli.h> 11 #include <fdtdec.h> 12 #include <menu.h> 13 #include <post.h> 14 15 DECLARE_GLOBAL_DATA_PTR; 16 17 #define MAX_DELAY_STOP_STR 32 18 19 #ifndef DEBUG_BOOTKEYS 20 #define DEBUG_BOOTKEYS 0 21 #endif 22 #define debug_bootkeys(fmt, args...) \ 23 debug_cond(DEBUG_BOOTKEYS, fmt, ##args) 24 25 /*************************************************************************** 26 * Watch for 'delay' seconds for autoboot stop or autoboot delay string. 27 * returns: 0 - no key string, allow autoboot 1 - got key string, abort 28 */ 29 # if defined(CONFIG_AUTOBOOT_KEYED) 30 static int abortboot_keyed(int bootdelay) 31 { 32 int abort = 0; 33 uint64_t etime = endtick(bootdelay); 34 struct { 35 char *str; 36 u_int len; 37 int retry; 38 } 39 delaykey[] = { 40 { str: getenv("bootdelaykey"), retry: 1 }, 41 { str: getenv("bootdelaykey2"), retry: 1 }, 42 { str: getenv("bootstopkey"), retry: 0 }, 43 { str: getenv("bootstopkey2"), retry: 0 }, 44 }; 45 46 char presskey[MAX_DELAY_STOP_STR]; 47 u_int presskey_len = 0; 48 u_int presskey_max = 0; 49 u_int i; 50 51 #ifndef CONFIG_ZERO_BOOTDELAY_CHECK 52 if (bootdelay == 0) 53 return 0; 54 #endif 55 56 # ifdef CONFIG_AUTOBOOT_PROMPT 57 printf(CONFIG_AUTOBOOT_PROMPT); 58 # endif 59 60 # ifdef CONFIG_AUTOBOOT_DELAY_STR 61 if (delaykey[0].str == NULL) 62 delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR; 63 # endif 64 # ifdef CONFIG_AUTOBOOT_DELAY_STR2 65 if (delaykey[1].str == NULL) 66 delaykey[1].str = CONFIG_AUTOBOOT_DELAY_STR2; 67 # endif 68 # ifdef CONFIG_AUTOBOOT_STOP_STR 69 if (delaykey[2].str == NULL) 70 delaykey[2].str = CONFIG_AUTOBOOT_STOP_STR; 71 # endif 72 # ifdef CONFIG_AUTOBOOT_STOP_STR2 73 if (delaykey[3].str == NULL) 74 delaykey[3].str = CONFIG_AUTOBOOT_STOP_STR2; 75 # endif 76 77 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { 78 delaykey[i].len = delaykey[i].str == NULL ? 79 0 : strlen(delaykey[i].str); 80 delaykey[i].len = delaykey[i].len > MAX_DELAY_STOP_STR ? 81 MAX_DELAY_STOP_STR : delaykey[i].len; 82 83 presskey_max = presskey_max > delaykey[i].len ? 84 presskey_max : delaykey[i].len; 85 86 debug_bootkeys("%s key:<%s>\n", 87 delaykey[i].retry ? "delay" : "stop", 88 delaykey[i].str ? delaykey[i].str : "NULL"); 89 } 90 91 /* In order to keep up with incoming data, check timeout only 92 * when catch up. 93 */ 94 do { 95 if (tstc()) { 96 if (presskey_len < presskey_max) { 97 presskey[presskey_len++] = getc(); 98 } else { 99 for (i = 0; i < presskey_max - 1; i++) 100 presskey[i] = presskey[i + 1]; 101 102 presskey[i] = getc(); 103 } 104 } 105 106 for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { 107 if (delaykey[i].len > 0 && 108 presskey_len >= delaykey[i].len && 109 memcmp(presskey + presskey_len - 110 delaykey[i].len, delaykey[i].str, 111 delaykey[i].len) == 0) { 112 debug_bootkeys("got %skey\n", 113 delaykey[i].retry ? "delay" : 114 "stop"); 115 116 /* don't retry auto boot */ 117 if (!delaykey[i].retry) 118 bootretry_dont_retry(); 119 abort = 1; 120 } 121 } 122 } while (!abort && get_ticks() <= etime); 123 124 if (!abort) 125 debug_bootkeys("key timeout\n"); 126 127 #ifdef CONFIG_SILENT_CONSOLE 128 if (abort) 129 gd->flags &= ~GD_FLG_SILENT; 130 #endif 131 132 return abort; 133 } 134 135 # else /* !defined(CONFIG_AUTOBOOT_KEYED) */ 136 137 #ifdef CONFIG_MENUKEY 138 static int menukey; 139 #endif 140 141 static int abortboot_normal(int bootdelay) 142 { 143 int abort = 0; 144 unsigned long ts; 145 146 #ifdef CONFIG_MENUPROMPT 147 printf(CONFIG_MENUPROMPT); 148 #else 149 if (bootdelay >= 0) 150 printf("Hit any key to stop autoboot: %2d ", bootdelay); 151 #endif 152 153 #if defined CONFIG_ZERO_BOOTDELAY_CHECK 154 /* 155 * Check if key already pressed 156 * Don't check if bootdelay < 0 157 */ 158 if (bootdelay >= 0) { 159 if (tstc()) { /* we got a key press */ 160 (void) getc(); /* consume input */ 161 puts("\b\b\b 0"); 162 abort = 1; /* don't auto boot */ 163 } 164 } 165 #endif 166 167 while ((bootdelay > 0) && (!abort)) { 168 --bootdelay; 169 /* delay 1000 ms */ 170 ts = get_timer(0); 171 do { 172 if (tstc()) { /* we got a key press */ 173 abort = 1; /* don't auto boot */ 174 bootdelay = 0; /* no more delay */ 175 # ifdef CONFIG_MENUKEY 176 menukey = getc(); 177 # else 178 (void) getc(); /* consume input */ 179 # endif 180 break; 181 } 182 udelay(10000); 183 } while (!abort && get_timer(ts) < 1000); 184 185 printf("\b\b\b%2d ", bootdelay); 186 } 187 188 putc('\n'); 189 190 #ifdef CONFIG_SILENT_CONSOLE 191 if (abort) 192 gd->flags &= ~GD_FLG_SILENT; 193 #endif 194 195 return abort; 196 } 197 # endif /* CONFIG_AUTOBOOT_KEYED */ 198 199 static int abortboot(int bootdelay) 200 { 201 #ifdef CONFIG_AUTOBOOT_KEYED 202 return abortboot_keyed(bootdelay); 203 #else 204 return abortboot_normal(bootdelay); 205 #endif 206 } 207 208 /* 209 * Runs the given boot command securely. Specifically: 210 * - Doesn't run the command with the shell (run_command or parse_string_outer), 211 * since that's a lot of code surface that an attacker might exploit. 212 * Because of this, we don't do any argument parsing--the secure boot command 213 * has to be a full-fledged u-boot command. 214 * - Doesn't check for keypresses before booting, since that could be a 215 * security hole; also disables Ctrl-C. 216 * - Doesn't allow the command to return. 217 * 218 * Upon any failures, this function will drop into an infinite loop after 219 * printing the error message to console. 220 */ 221 222 #if defined(CONFIG_OF_CONTROL) 223 static void secure_boot_cmd(char *cmd) 224 { 225 cmd_tbl_t *cmdtp; 226 int rc; 227 228 if (!cmd) { 229 printf("## Error: Secure boot command not specified\n"); 230 goto err; 231 } 232 233 /* Disable Ctrl-C just in case some command is used that checks it. */ 234 disable_ctrlc(1); 235 236 /* Find the command directly. */ 237 cmdtp = find_cmd(cmd); 238 if (!cmdtp) { 239 printf("## Error: \"%s\" not defined\n", cmd); 240 goto err; 241 } 242 243 /* Run the command, forcing no flags and faking argc and argv. */ 244 rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd); 245 246 /* Shouldn't ever return from boot command. */ 247 printf("## Error: \"%s\" returned (code %d)\n", cmd, rc); 248 249 err: 250 /* 251 * Not a whole lot to do here. Rebooting won't help much, since we'll 252 * just end up right back here. Just loop. 253 */ 254 hang(); 255 } 256 257 static void process_fdt_options(const void *blob) 258 { 259 ulong addr; 260 261 /* Add an env variable to point to a kernel payload, if available */ 262 addr = fdtdec_get_config_int(gd->fdt_blob, "kernel-offset", 0); 263 if (addr) 264 setenv_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); 265 266 /* Add an env variable to point to a root disk, if available */ 267 addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0); 268 if (addr) 269 setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); 270 } 271 #endif /* CONFIG_OF_CONTROL */ 272 273 void bootdelay_process(void) 274 { 275 #ifdef CONFIG_OF_CONTROL 276 char *env; 277 #endif 278 char *s; 279 int bootdelay; 280 #ifdef CONFIG_BOOTCOUNT_LIMIT 281 unsigned long bootcount = 0; 282 unsigned long bootlimit = 0; 283 #endif /* CONFIG_BOOTCOUNT_LIMIT */ 284 285 #ifdef CONFIG_BOOTCOUNT_LIMIT 286 bootcount = bootcount_load(); 287 bootcount++; 288 bootcount_store(bootcount); 289 setenv_ulong("bootcount", bootcount); 290 bootlimit = getenv_ulong("bootlimit", 10, 0); 291 #endif /* CONFIG_BOOTCOUNT_LIMIT */ 292 293 s = getenv("bootdelay"); 294 bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY; 295 296 #ifdef CONFIG_OF_CONTROL 297 bootdelay = fdtdec_get_config_int(gd->fdt_blob, "bootdelay", 298 bootdelay); 299 #endif 300 301 debug("### main_loop entered: bootdelay=%d\n\n", bootdelay); 302 303 #if defined(CONFIG_MENU_SHOW) 304 bootdelay = menu_show(bootdelay); 305 #endif 306 bootretry_init_cmd_timeout(); 307 308 #ifdef CONFIG_POST 309 if (gd->flags & GD_FLG_POSTFAIL) { 310 s = getenv("failbootcmd"); 311 } else 312 #endif /* CONFIG_POST */ 313 #ifdef CONFIG_BOOTCOUNT_LIMIT 314 if (bootlimit && (bootcount > bootlimit)) { 315 printf("Warning: Bootlimit (%u) exceeded. Using altbootcmd.\n", 316 (unsigned)bootlimit); 317 s = getenv("altbootcmd"); 318 } else 319 #endif /* CONFIG_BOOTCOUNT_LIMIT */ 320 s = getenv("bootcmd"); 321 #ifdef CONFIG_OF_CONTROL 322 /* Allow the fdt to override the boot command */ 323 env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); 324 if (env) 325 s = env; 326 327 process_fdt_options(gd->fdt_blob); 328 329 /* 330 * If the bootsecure option was chosen, use secure_boot_cmd(). 331 * Always use 'env' in this case, since bootsecure requres that the 332 * bootcmd was specified in the FDT too. 333 */ 334 if (fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0)) 335 secure_boot_cmd(env); 336 337 #endif /* CONFIG_OF_CONTROL */ 338 339 debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>"); 340 341 if (bootdelay != -1 && s && !abortboot(bootdelay)) { 342 #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) 343 int prev = disable_ctrlc(1); /* disable Control C checking */ 344 #endif 345 346 run_command_list(s, -1, 0); 347 348 #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) 349 disable_ctrlc(prev); /* restore Control C checking */ 350 #endif 351 } 352 353 #ifdef CONFIG_MENUKEY 354 if (menukey == CONFIG_MENUKEY) { 355 s = getenv("menucmd"); 356 if (s) 357 run_command_list(s, -1, 0); 358 } 359 #endif /* CONFIG_MENUKEY */ 360 } 361