[openfirmware] [commit] r2529 - cpu/x86/pc/olpc
repository service
svn at openfirmware.info
Fri Sep 23 07:01:38 CEST 2011
Author: wmb
Date: Fri Sep 23 07:01:37 2011
New Revision: 2529
URL: http://tracker.coreboot.org/trac/openfirmware/changeset/2529
Log:
OLPC security - added require-signatures? value for unsigned booting.
Modified:
cpu/x86/pc/olpc/security.fth
Modified: cpu/x86/pc/olpc/security.fth
==============================================================================
--- cpu/x86/pc/olpc/security.fth Fri Sep 23 07:00:36 2011 (r2528)
+++ cpu/x86/pc/olpc/security.fth Fri Sep 23 07:01:37 2011 (r2529)
@@ -603,8 +603,11 @@
2drop false ( good? )
;
+true value require-signatures?
+
\ Find a sig0N: line and check its sha256/rsa signature
: sha-valid? ( data$ sig$ -- okay? )
+ require-signatures? 0= if 4drop true exit then ( data$ sig$ )
next-sig-in-list$ if 2drop false exit then ( data$ rem$ sig$ )
2nip " sha256" signature-good?
;
@@ -612,6 +615,7 @@
\ Find two sig0N: lines, the first with sha256 and the second with rmd160,
\ and check their signatures
: fw-valid? ( data$ sig$ -- okay? )
+ require-signatures? 0= if 4drop true exit then ( data$ sig$ )
2swap 2>r ( sig$ r: data$ )
next-sig-in-list$ if 2r> 2drop false exit then ( rem$ sig$ )
2r@ 2swap sha-valid? 0= if ( rem$ r: data$ )
@@ -737,17 +741,22 @@
\ like "runos.zip" (the normal OS, used when an valid lease is
\ present) or "actos.zip" (the activation version of the OS).
+: use-run ( -- ) " run" cn-buf place ;
+: use-act ( -- ) " act" cn-buf place ;
: ?leased ( -- )
- " ak" find-tag if
- 2drop " run"
- else
- rtc-rollback? if
- " act"
+ require-signatures? if
+ " ak" find-tag if
+ 2drop use-run
else
- lease-valid? if " run" else " act" then
+ rtc-rollback? if
+ use-act
+ else
+ lease-valid? if use-run else use-act then
+ then
then
+ else
+ use-run
then
- cn-buf place
;
: set-alternate ( -- )
@@ -1208,11 +1217,13 @@
filesystem-present? if ( list$ )
show-dot ( list$ )
- has-developer-key? if ( list$ )
- 2drop ( )
- true to security-off?
- show-unlock
- true exit
+ require-signatures? if ( list$ )
+ has-developer-key? if ( list$ )
+ 2drop ( )
+ true to security-off?
+ show-unlock
+ true exit
+ then ( list$ )
then ( list$ )
load-from-device if ( list$ )
More information about the openfirmware
mailing list