| /* |
| * (C) Copyright 2000 |
| * Wolfgang Denk, DENX Software Engineering, wd@denx.de. |
| * |
| * SPDX-License-Identifier: GPL-2.0+ |
| */ |
| |
| #include <common.h> |
| #include <bootretry.h> |
| #include <cli.h> |
| #include <fdtdec.h> |
| #include <menu.h> |
| #include <post.h> |
| |
| DECLARE_GLOBAL_DATA_PTR; |
| |
| #define MAX_DELAY_STOP_STR 32 |
| |
| #ifndef DEBUG_BOOTKEYS |
| #define DEBUG_BOOTKEYS 0 |
| #endif |
| #define debug_bootkeys(fmt, args...) \ |
| debug_cond(DEBUG_BOOTKEYS, fmt, ##args) |
| |
| /*************************************************************************** |
| * Watch for 'delay' seconds for autoboot stop or autoboot delay string. |
| * returns: 0 - no key string, allow autoboot 1 - got key string, abort |
| */ |
| # if defined(CONFIG_AUTOBOOT_KEYED) |
| static int abortboot_keyed(int bootdelay) |
| { |
| int abort = 0; |
| uint64_t etime = endtick(bootdelay); |
| struct { |
| char *str; |
| u_int len; |
| int retry; |
| } |
| delaykey[] = { |
| { str: getenv("bootdelaykey"), retry: 1 }, |
| { str: getenv("bootdelaykey2"), retry: 1 }, |
| { str: getenv("bootstopkey"), retry: 0 }, |
| { str: getenv("bootstopkey2"), retry: 0 }, |
| }; |
| |
| char presskey[MAX_DELAY_STOP_STR]; |
| u_int presskey_len = 0; |
| u_int presskey_max = 0; |
| u_int i; |
| |
| #ifndef CONFIG_ZERO_BOOTDELAY_CHECK |
| if (bootdelay == 0) |
| return 0; |
| #endif |
| |
| # ifdef CONFIG_AUTOBOOT_PROMPT |
| printf(CONFIG_AUTOBOOT_PROMPT); |
| # endif |
| |
| # ifdef CONFIG_AUTOBOOT_DELAY_STR |
| if (delaykey[0].str == NULL) |
| delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR; |
| # endif |
| # ifdef CONFIG_AUTOBOOT_DELAY_STR2 |
| if (delaykey[1].str == NULL) |
| delaykey[1].str = CONFIG_AUTOBOOT_DELAY_STR2; |
| # endif |
| # ifdef CONFIG_AUTOBOOT_STOP_STR |
| if (delaykey[2].str == NULL) |
| delaykey[2].str = CONFIG_AUTOBOOT_STOP_STR; |
| # endif |
| # ifdef CONFIG_AUTOBOOT_STOP_STR2 |
| if (delaykey[3].str == NULL) |
| delaykey[3].str = CONFIG_AUTOBOOT_STOP_STR2; |
| # endif |
| |
| for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { |
| delaykey[i].len = delaykey[i].str == NULL ? |
| 0 : strlen(delaykey[i].str); |
| delaykey[i].len = delaykey[i].len > MAX_DELAY_STOP_STR ? |
| MAX_DELAY_STOP_STR : delaykey[i].len; |
| |
| presskey_max = presskey_max > delaykey[i].len ? |
| presskey_max : delaykey[i].len; |
| |
| debug_bootkeys("%s key:<%s>\n", |
| delaykey[i].retry ? "delay" : "stop", |
| delaykey[i].str ? delaykey[i].str : "NULL"); |
| } |
| |
| /* In order to keep up with incoming data, check timeout only |
| * when catch up. |
| */ |
| do { |
| if (tstc()) { |
| if (presskey_len < presskey_max) { |
| presskey[presskey_len++] = getc(); |
| } else { |
| for (i = 0; i < presskey_max - 1; i++) |
| presskey[i] = presskey[i + 1]; |
| |
| presskey[i] = getc(); |
| } |
| } |
| |
| for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) { |
| if (delaykey[i].len > 0 && |
| presskey_len >= delaykey[i].len && |
| memcmp(presskey + presskey_len - |
| delaykey[i].len, delaykey[i].str, |
| delaykey[i].len) == 0) { |
| debug_bootkeys("got %skey\n", |
| delaykey[i].retry ? "delay" : |
| "stop"); |
| |
| # ifdef CONFIG_BOOT_RETRY_TIME |
| /* don't retry auto boot */ |
| if (!delaykey[i].retry) |
| bootretry_dont_retry(); |
| # endif |
| abort = 1; |
| } |
| } |
| } while (!abort && get_ticks() <= etime); |
| |
| if (!abort) |
| debug_bootkeys("key timeout\n"); |
| |
| #ifdef CONFIG_SILENT_CONSOLE |
| if (abort) |
| gd->flags &= ~GD_FLG_SILENT; |
| #endif |
| |
| return abort; |
| } |
| |
| # else /* !defined(CONFIG_AUTOBOOT_KEYED) */ |
| |
| #ifdef CONFIG_MENUKEY |
| static int menukey; |
| #endif |
| |
| static int abortboot_normal(int bootdelay) |
| { |
| int abort = 0; |
| unsigned long ts; |
| |
| #ifdef CONFIG_MENUPROMPT |
| printf(CONFIG_MENUPROMPT); |
| #else |
| if (bootdelay >= 0) |
| printf("Hit any key to stop autoboot: %2d ", bootdelay); |
| #endif |
| |
| #if defined CONFIG_ZERO_BOOTDELAY_CHECK |
| /* |
| * Check if key already pressed |
| * Don't check if bootdelay < 0 |
| */ |
| if (bootdelay >= 0) { |
| if (tstc()) { /* we got a key press */ |
| (void) getc(); /* consume input */ |
| puts("\b\b\b 0"); |
| abort = 1; /* don't auto boot */ |
| } |
| } |
| #endif |
| |
| while ((bootdelay > 0) && (!abort)) { |
| --bootdelay; |
| /* delay 1000 ms */ |
| ts = get_timer(0); |
| do { |
| if (tstc()) { /* we got a key press */ |
| abort = 1; /* don't auto boot */ |
| bootdelay = 0; /* no more delay */ |
| # ifdef CONFIG_MENUKEY |
| menukey = getc(); |
| # else |
| (void) getc(); /* consume input */ |
| # endif |
| break; |
| } |
| udelay(10000); |
| } while (!abort && get_timer(ts) < 1000); |
| |
| printf("\b\b\b%2d ", bootdelay); |
| } |
| |
| putc('\n'); |
| |
| #ifdef CONFIG_SILENT_CONSOLE |
| if (abort) |
| gd->flags &= ~GD_FLG_SILENT; |
| #endif |
| |
| return abort; |
| } |
| # endif /* CONFIG_AUTOBOOT_KEYED */ |
| |
| static int abortboot(int bootdelay) |
| { |
| #ifdef CONFIG_AUTOBOOT_KEYED |
| return abortboot_keyed(bootdelay); |
| #else |
| return abortboot_normal(bootdelay); |
| #endif |
| } |
| |
| /* |
| * Runs the given boot command securely. Specifically: |
| * - Doesn't run the command with the shell (run_command or parse_string_outer), |
| * since that's a lot of code surface that an attacker might exploit. |
| * Because of this, we don't do any argument parsing--the secure boot command |
| * has to be a full-fledged u-boot command. |
| * - Doesn't check for keypresses before booting, since that could be a |
| * security hole; also disables Ctrl-C. |
| * - Doesn't allow the command to return. |
| * |
| * Upon any failures, this function will drop into an infinite loop after |
| * printing the error message to console. |
| */ |
| |
| #if defined(CONFIG_OF_CONTROL) |
| static void secure_boot_cmd(char *cmd) |
| { |
| cmd_tbl_t *cmdtp; |
| int rc; |
| |
| if (!cmd) { |
| printf("## Error: Secure boot command not specified\n"); |
| goto err; |
| } |
| |
| /* Disable Ctrl-C just in case some command is used that checks it. */ |
| disable_ctrlc(1); |
| |
| /* Find the command directly. */ |
| cmdtp = find_cmd(cmd); |
| if (!cmdtp) { |
| printf("## Error: \"%s\" not defined\n", cmd); |
| goto err; |
| } |
| |
| /* Run the command, forcing no flags and faking argc and argv. */ |
| rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd); |
| |
| /* Shouldn't ever return from boot command. */ |
| printf("## Error: \"%s\" returned (code %d)\n", cmd, rc); |
| |
| err: |
| /* |
| * Not a whole lot to do here. Rebooting won't help much, since we'll |
| * just end up right back here. Just loop. |
| */ |
| hang(); |
| } |
| |
| static void process_fdt_options(const void *blob) |
| { |
| ulong addr; |
| |
| /* Add an env variable to point to a kernel payload, if available */ |
| addr = fdtdec_get_config_int(gd->fdt_blob, "kernel-offset", 0); |
| if (addr) |
| setenv_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); |
| |
| /* Add an env variable to point to a root disk, if available */ |
| addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0); |
| if (addr) |
| setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); |
| } |
| #endif /* CONFIG_OF_CONTROL */ |
| |
| void bootdelay_process(void) |
| { |
| #ifdef CONFIG_OF_CONTROL |
| char *env; |
| #endif |
| char *s; |
| int bootdelay; |
| #ifdef CONFIG_BOOTCOUNT_LIMIT |
| unsigned long bootcount = 0; |
| unsigned long bootlimit = 0; |
| #endif /* CONFIG_BOOTCOUNT_LIMIT */ |
| |
| #ifdef CONFIG_BOOTCOUNT_LIMIT |
| bootcount = bootcount_load(); |
| bootcount++; |
| bootcount_store(bootcount); |
| setenv_ulong("bootcount", bootcount); |
| bootlimit = getenv_ulong("bootlimit", 10, 0); |
| #endif /* CONFIG_BOOTCOUNT_LIMIT */ |
| |
| s = getenv("bootdelay"); |
| bootdelay = s ? (int)simple_strtol(s, NULL, 10) : CONFIG_BOOTDELAY; |
| |
| #ifdef CONFIG_OF_CONTROL |
| bootdelay = fdtdec_get_config_int(gd->fdt_blob, "bootdelay", |
| bootdelay); |
| #endif |
| |
| debug("### main_loop entered: bootdelay=%d\n\n", bootdelay); |
| |
| #if defined(CONFIG_MENU_SHOW) |
| bootdelay = menu_show(bootdelay); |
| #endif |
| # ifdef CONFIG_BOOT_RETRY_TIME |
| init_cmd_timeout(); |
| # endif /* CONFIG_BOOT_RETRY_TIME */ |
| |
| #ifdef CONFIG_POST |
| if (gd->flags & GD_FLG_POSTFAIL) { |
| s = getenv("failbootcmd"); |
| } else |
| #endif /* CONFIG_POST */ |
| #ifdef CONFIG_BOOTCOUNT_LIMIT |
| if (bootlimit && (bootcount > bootlimit)) { |
| printf("Warning: Bootlimit (%u) exceeded. Using altbootcmd.\n", |
| (unsigned)bootlimit); |
| s = getenv("altbootcmd"); |
| } else |
| #endif /* CONFIG_BOOTCOUNT_LIMIT */ |
| s = getenv("bootcmd"); |
| #ifdef CONFIG_OF_CONTROL |
| /* Allow the fdt to override the boot command */ |
| env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); |
| if (env) |
| s = env; |
| |
| process_fdt_options(gd->fdt_blob); |
| |
| /* |
| * If the bootsecure option was chosen, use secure_boot_cmd(). |
| * Always use 'env' in this case, since bootsecure requres that the |
| * bootcmd was specified in the FDT too. |
| */ |
| if (fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0)) |
| secure_boot_cmd(env); |
| |
| #endif /* CONFIG_OF_CONTROL */ |
| |
| debug("### main_loop: bootcmd=\"%s\"\n", s ? s : "<UNDEFINED>"); |
| |
| if (bootdelay != -1 && s && !abortboot(bootdelay)) { |
| #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) |
| int prev = disable_ctrlc(1); /* disable Control C checking */ |
| #endif |
| |
| run_command_list(s, -1, 0); |
| |
| #if defined(CONFIG_AUTOBOOT_KEYED) && !defined(CONFIG_AUTOBOOT_KEYED_CTRLC) |
| disable_ctrlc(prev); /* restore Control C checking */ |
| #endif |
| } |
| |
| #ifdef CONFIG_MENUKEY |
| if (menukey == CONFIG_MENUKEY) { |
| s = getenv("menucmd"); |
| if (s) |
| run_command_list(s, -1, 0); |
| } |
| #endif /* CONFIG_MENUKEY */ |
| } |