Author: quozl Date: Wed Jul 15 04:08:40 2015 New Revision: 3779 URL: http://tracker.coreboot.org/trac/openfirmware/changeset/3779
Log: OLPC - merge different keyjects, resolving divergent edits in r3706 r3710 and r2865, now identical.
Modified: cpu/x86/pc/olpc/keyject.fth cpu/x86/pc/olpc/via/keyject.fth
Modified: cpu/x86/pc/olpc/keyject.fth ============================================================================== --- cpu/x86/pc/olpc/keyject.fth Wed Jul 15 03:48:38 2015 (r3778) +++ cpu/x86/pc/olpc/keyject.fth Wed Jul 15 04:08:40 2015 (r3779) @@ -97,7 +97,7 @@ 2over 2over ($add-tag) ( value$ name$ ) ." Added " type cr ( value$ ) then ( value$ ) - black-letters ( value$ ) + cancel ( value$ ) free-mem ( ) else ( name$ ) ." Warning: key " type ." is not in firmware image dropins" cr ( ) @@ -116,7 +116,7 @@
: keyject-error ( msg$ -- ) cr - red-letters ." Not injecting because: " type cr black-letters + red-letters ." Not injecting because: " type cr cancel cr ." Will update firmware in 20 seconds" cr d# 21 1 do i .d (cr d# 1,000 ms loop @@ -217,7 +217,7 @@
: ?keyject ( -- ) visible - green-letters cr ." Security Key Injector" cr cr black-letters + green-letters cr ." Security Key Injector" cr cr cancel \ Get the new firmware first, so any security checks use the old keys get-new-firmware do-keyject? if
Modified: cpu/x86/pc/olpc/via/keyject.fth ============================================================================== --- cpu/x86/pc/olpc/via/keyject.fth Wed Jul 15 03:48:38 2015 (r3778) +++ cpu/x86/pc/olpc/via/keyject.fth Wed Jul 15 04:08:40 2015 (r3779) @@ -22,49 +22,86 @@ ;
\ !!! Change the date for each different deployment -: keyject-expired? ( -- flag ) " 20090401T000000Z" expired? ; +: keyject-expired? ( -- flag ) " 20131108T000000Z" expired? ;
\ !!! Change the key list for each different deployment : new-key-list$ ( -- ) " o1 s1 d1 w1 a1" ;
-\ True if the all the requested tags are already present. +\ True if the requested tags are all present and all correct. \ This prevents endless looping. +0 value already-injected + +: key-differs ( name$ -- ) + ." Key " type ." did differ." cr + false to already-injected +; + +: key-missing ( name$ -- ) + ." Key " type ." was missing." cr + false to already-injected +; + +: key-unknown ( name$ -- ) + ." Key " type ." is unknown, no dropin." cr + \ no action possible, needs keyjector to be recreated. +; + +: key-ok ( name$ -- ) + ." Key " type ." is okay." cr + \ no action desired. +; + +: test-key ( name$ -- ) + 2dup find-tag if ( name$ value$ ) + 2over find-drop-in if ( name$ value$ existing$ ) + $= 0= if ( name$ ) + 2dup key-differs ( name$ ) + else + 2dup key-ok + then ( name$ ) + else ( name$ value$ ) + 2drop 2dup key-unknown ( name$ ) + then ( name$ ) + 2drop ( ) + else ( name$ ) + key-missing ( ) + then ( ) +; + : already-injected? ( -- flag ) - new-key-list$ begin dup while ( $ ) - bl left-parse-string ( $' name$ ) - find-tag if ( $ value$ ) - 2drop ( $ ) - else ( $ ) - 2drop false exit - then ( $ ) - repeat ( $ ) - 2drop true + true to already-injected ( ) + new-key-list$ begin dup while ( $ ) + bl left-parse-string ( $' name$ ) + test-key ( $ ) + repeat ( $ ) + 2drop ( ) + already-injected ( flag ) ;
-: inject-key ( keyname$ -- ) - 2dup find-drop-in if ( keyname$ value$ ) - 2over ram-find-tag if ( keyname$ value$ oldvalue$ ) - 2 pick <> if ( keyname$ value$ oldvalue$ ) - 3drop ( keyname$ ) - ." Warning: inconsistent old tag length for " type cr ( ) - exit - then ( keyname$ value$ oldvalue-adr ) - >r 2tuck r> swap move ( valu$ keyname$ ) - green-letters - ." Replaced " type cr ( value$ ) - cancel - else ( keyname$ value$ ) - 2swap ( value$ keyname$ ) - 2over 2over ( value$ keyname$ value$ keyname$ ) - ($add-tag) ( value$ keyname$ ) - green-letters - ." Added " type cr ( value$ ) - cancel - then ( value$ ) - free-mem ( ) - else ( keyname$ ) - ." Warning: Can't find a dropin module for " type cr ( ) - then ( ) +: inject-key ( name$ -- ) + 2dup find-drop-in if ( name$ value$ ) + green-letters ( name$ value$ ) + 2over ram-find-tag if ( name$ value$ oldvalue$ ) + 2 pick <> if ( name$ value$ oldvalue-adr ) + drop ( name$ value$ ) + 2over ($delete-tag) ( name$ value$ ) + 2over ." Deleted " type cr ( name$ value$ ) + 2over 2over 2swap ($add-tag) ( name$ value$ ) + 2swap ." Added " type cr ( value$ ) + else ( name$ value$ oldvalue-adr ) + >r 2tuck r> swap move ( value$ name$ ) + ." Replaced " type cr ( value$ ) + then ( value$ ) + else ( name$ value$ ) + 2swap ( value$ name$ ) + 2over 2over ($add-tag) ( value$ name$ ) + ." Added " type cr ( value$ ) + then ( value$ ) + cancel ( value$ ) + free-mem ( ) + else ( name$ ) + ." Warning: key " type ." is not in firmware image dropins" cr ( ) + then ( ) ;
: inject-keys ( -- ) @@ -82,7 +119,7 @@ red-letters ." Not injecting because: " type cr cancel cr ." Will update firmware in 20 seconds" cr - d# 20,000 ms + d# 21 1 do i .d (cr d# 1,000 ms loop ;
: do-keyject? ( -- flag )
openfirmware@openfirmware.info