[openfirmware] r853 - cpu/x86/pc/olpc

Sun Jul 20 02:33:56 CEST 2008

Author: wmb
Date: 2008-07-20 02:33:56 +0200 (Sun, 20 Jul 2008)
New Revision: 853

Modified:
   cpu/x86/pc/olpc/security.fth
Log:
OLPC trac 7572 - allow security-related files to be in a separate "security" partition.


Modified: cpu/x86/pc/olpc/security.fth
===================================================================

--- cpu/x86/pc/olpc/security.fth	2008-07-20 00:14:35 UTC (rev 852)
+++ cpu/x86/pc/olpc/security.fth	2008-07-20 00:33:56 UTC (rev 853)
@@ -196,10 +196,12 @@
 \ bundle whose name is constructed from the current settings of the
 \ device (DN), path (PN), filename head (CN), and filename body (FN).
 
+: .trying  ( name$ -- name$ )
+   " Trying " ?lease-debug  2dup ?lease-debug-cr
+;
 : bundle-present?  ( fn$ -- flag )
    fn-buf place
-   bundle-name$
-   " Trying " ?lease-debug  2dup ?lease-debug-cr
+   bundle-name$  .trying
    ['] (boot-read) catch  if  2drop false exit  then
    true
 ;
@@ -457,15 +459,32 @@
    check-timed-signature                   ( -1|0|1 )
 ;
 
+: open-failed?  ( $ -- ih error? )
+   expand$  .trying  r/o open-file
+;
+
+\ open-security looks for a file in the security directory.
+\ On the NAND device, it first looks in a special security partition.
+
+: open-security?  ( name$ -- ih error? )
+   fn-buf place                                 ( )
+   " ${DN}" expand$  " nand:" $=  if            ( )
+      " ${DN}security,\${FN}" open-failed?  if  ( ih )
+         drop                                   ( )
+      else                                      ( ih )
+         true exit
+      then                                      ( )
+   then
+   " ${DN}\security\${FN}" open-failed?         ( ih error? )
+;
+
 \ lease-valid? tries to read a lease file from the currently-selected
 \ device, searches it for a lease record corresponding to this machine,
 \ and checks that record for validity.  The return value is true if
 \ a valid lease was found.
 
 : lease-valid?  ( -- valid? )
-   " ${DN}\security\lease.sig" expand$             ( name$ )
-   " Trying " ?lease-debug  2dup ?lease-debug-cr
-   r/o open-file  if  drop false exit  then   >r   ( r: ih )
+   " lease.sig"  open-security?  if  drop false exit  then   >r   ( r: ih )
    "   Lease " ?lease-debug
    load-started
    leasekey$ to pubkey$
@@ -601,9 +620,7 @@
 
 : has-developer-key?  ( -- flag )
    button-x game-key?  if  false exit  then
-   " ${DN}\security\develop.sig" expand$    ( name$ )
-   " Trying " ?lease-debug  2dup ?lease-debug-cr
-   r/o open-file  if  drop false exit  then   >r   ( r: ih )
+   " develop.sig" open-security?  if  drop false exit  then   >r   ( r: ih )
    "   Devel key " ?lease-debug
    load-started
    develkey$ to pubkey$


