[PATCH v3 7/8] common: add support to fallback to plain SHA256

Sat Jun 26 20:32:05 CEST 2021

On Mon, 21 Jun 2021 at 14:24, Steffen Jaeckel
<jaeckel-floss at eyet-services.de> wrote:
>
> In case crypt-based hashing is enabled this will be the default mechanism
> that is used. If a user wants to have support for both, the environment
> variable `bootstopusesha256` can be set to `true` to allow plain SHA256
> based hashing of the password.
>
> Signed-off-by: Steffen Jaeckel <jaeckel-floss at eyet-services.de>
> ---
>
> (no changes since v1)
>
>  common/Kconfig.boot |  8 ++++++++
>  common/autoboot.c   | 22 +++++++++++++++++++++-
>  2 files changed, 29 insertions(+), 1 deletion(-)

Reviewed-by: Simon Glass <sjg at chromium.org>

nits below

>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index d19bc32836..b04a6c98e5 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -834,6 +834,14 @@ config AUTOBOOT_ENCRYPTION
>           This provides a way to ship a secure production device which can also
>           be accessed at the U-Boot command line.
>
> +config AUTOBOOT_SHA256_FALLBACK_ENABLE

Drop _ENABLE

> +       bool "Allow fallback from crypt-hashed password to sha256"
> +       depends on AUTOBOOT_ENCRYPTION && CRYPT_PW
> +       help
> +         This option adds support to fall back from crypt-hashed
> +         passwords to checking a SHA256 hashed password in case the
> +         'bootstopusesha256' environment variable is set to 'true'.
> +
>  config AUTOBOOT_DELAY_STR
>         string "Delay autobooting via specific input key / string"
>         depends on AUTOBOOT_KEYED && !AUTOBOOT_ENCRYPTION
> diff --git a/common/autoboot.c b/common/autoboot.c
> index 1eeabf0b1a..c6f550b8a7 100644
> --- a/common/autoboot.c
> +++ b/common/autoboot.c
> @@ -305,6 +305,26 @@ static void flush_stdin(void)
>                 (void)getchar();
>  }
>
> +/**
> + * fallback_to_sha256() - check whether we should fall back to sha256
> + *                        password checking
> + *
> + * This checks for the environment variable `bootstopusesha256` in case
> + * sha256-fallback has been enabled via the config setting
> + * `AUTOBOOT_SHA256_FALLBACK_ENABLE`.
> + *
> + * @return 0 if we must not fall-back, 1 if plain sha256 should be tried

false / true

> + */
> +static int fallback_to_sha256(void)

bool

> +{
> +       if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK_ENABLE))
> +               return env_get_yesno("bootstopusesha256") == 1;
> +       else if (IS_ENABLED(CONFIG_CRYPT_PW))
> +               return 0;

false

> +       else
> +               return 1;

true

> +}
> +
>  /***************************************************************************
>   * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
>   * returns: 0 -  no key string, allow autoboot 1 - got key string, abort
> @@ -325,7 +345,7 @@ static int abortboot_key_sequence(int bootdelay)
>  #  endif
>
>         if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
> -               if (IS_ENABLED(CONFIG_CRYPT_PW))
> +               if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256())
>                         abort = passwd_abort_crypt(etime);
>                 else
>                         abort = passwd_abort_sha256(etime);
> --
> 2.31.1
>

Regards,
Simon