[openfirmware] [commit] r3779 - in cpu/x86/pc/olpc: . via
repository service
svn at openfirmware.info
Wed Jul 15 04:08:40 CEST 2015
Author: quozl
Date: Wed Jul 15 04:08:40 2015
New Revision: 3779
URL: http://tracker.coreboot.org/trac/openfirmware/changeset/3779
Log:
OLPC - merge different keyjects, resolving divergent edits in r3706 r3710 and r2865, now identical.
Modified:
cpu/x86/pc/olpc/keyject.fth
cpu/x86/pc/olpc/via/keyject.fth
Modified: cpu/x86/pc/olpc/keyject.fth
==============================================================================
--- cpu/x86/pc/olpc/keyject.fth Wed Jul 15 03:48:38 2015 (r3778)
+++ cpu/x86/pc/olpc/keyject.fth Wed Jul 15 04:08:40 2015 (r3779)
@@ -97,7 +97,7 @@
2over 2over ($add-tag) ( value$ name$ )
." Added " type cr ( value$ )
then ( value$ )
- black-letters ( value$ )
+ cancel ( value$ )
free-mem ( )
else ( name$ )
." Warning: key " type ." is not in firmware image dropins" cr ( )
@@ -116,7 +116,7 @@
: keyject-error ( msg$ -- )
cr
- red-letters ." Not injecting because: " type cr black-letters
+ red-letters ." Not injecting because: " type cr cancel
cr
." Will update firmware in 20 seconds" cr
d# 21 1 do i .d (cr d# 1,000 ms loop
@@ -217,7 +217,7 @@
: ?keyject ( -- )
visible
- green-letters cr ." Security Key Injector" cr cr black-letters
+ green-letters cr ." Security Key Injector" cr cr cancel
\ Get the new firmware first, so any security checks use the old keys
get-new-firmware
do-keyject? if
Modified: cpu/x86/pc/olpc/via/keyject.fth
==============================================================================
--- cpu/x86/pc/olpc/via/keyject.fth Wed Jul 15 03:48:38 2015 (r3778)
+++ cpu/x86/pc/olpc/via/keyject.fth Wed Jul 15 04:08:40 2015 (r3779)
@@ -22,49 +22,86 @@
;
\ !!! Change the date for each different deployment
-: keyject-expired? ( -- flag ) " 20090401T000000Z" expired? ;
+: keyject-expired? ( -- flag ) " 20131108T000000Z" expired? ;
\ !!! Change the key list for each different deployment
: new-key-list$ ( -- ) " o1 s1 d1 w1 a1" ;
-\ True if the all the requested tags are already present.
+\ True if the requested tags are all present and all correct.
\ This prevents endless looping.
+0 value already-injected
+
+: key-differs ( name$ -- )
+ ." Key " type ." did differ." cr
+ false to already-injected
+;
+
+: key-missing ( name$ -- )
+ ." Key " type ." was missing." cr
+ false to already-injected
+;
+
+: key-unknown ( name$ -- )
+ ." Key " type ." is unknown, no dropin." cr
+ \ no action possible, needs keyjector to be recreated.
+;
+
+: key-ok ( name$ -- )
+ ." Key " type ." is okay." cr
+ \ no action desired.
+;
+
+: test-key ( name$ -- )
+ 2dup find-tag if ( name$ value$ )
+ 2over find-drop-in if ( name$ value$ existing$ )
+ $= 0= if ( name$ )
+ 2dup key-differs ( name$ )
+ else
+ 2dup key-ok
+ then ( name$ )
+ else ( name$ value$ )
+ 2drop 2dup key-unknown ( name$ )
+ then ( name$ )
+ 2drop ( )
+ else ( name$ )
+ key-missing ( )
+ then ( )
+;
+
: already-injected? ( -- flag )
- new-key-list$ begin dup while ( $ )
- bl left-parse-string ( $' name$ )
- find-tag if ( $ value$ )
- 2drop ( $ )
- else ( $ )
- 2drop false exit
- then ( $ )
- repeat ( $ )
- 2drop true
+ true to already-injected ( )
+ new-key-list$ begin dup while ( $ )
+ bl left-parse-string ( $' name$ )
+ test-key ( $ )
+ repeat ( $ )
+ 2drop ( )
+ already-injected ( flag )
;
-: inject-key ( keyname$ -- )
- 2dup find-drop-in if ( keyname$ value$ )
- 2over ram-find-tag if ( keyname$ value$ oldvalue$ )
- 2 pick <> if ( keyname$ value$ oldvalue$ )
- 3drop ( keyname$ )
- ." Warning: inconsistent old tag length for " type cr ( )
- exit
- then ( keyname$ value$ oldvalue-adr )
- >r 2tuck r> swap move ( valu$ keyname$ )
- green-letters
- ." Replaced " type cr ( value$ )
- cancel
- else ( keyname$ value$ )
- 2swap ( value$ keyname$ )
- 2over 2over ( value$ keyname$ value$ keyname$ )
- ($add-tag) ( value$ keyname$ )
- green-letters
- ." Added " type cr ( value$ )
- cancel
- then ( value$ )
- free-mem ( )
- else ( keyname$ )
- ." Warning: Can't find a dropin module for " type cr ( )
- then ( )
+: inject-key ( name$ -- )
+ 2dup find-drop-in if ( name$ value$ )
+ green-letters ( name$ value$ )
+ 2over ram-find-tag if ( name$ value$ oldvalue$ )
+ 2 pick <> if ( name$ value$ oldvalue-adr )
+ drop ( name$ value$ )
+ 2over ($delete-tag) ( name$ value$ )
+ 2over ." Deleted " type cr ( name$ value$ )
+ 2over 2over 2swap ($add-tag) ( name$ value$ )
+ 2swap ." Added " type cr ( value$ )
+ else ( name$ value$ oldvalue-adr )
+ >r 2tuck r> swap move ( value$ name$ )
+ ." Replaced " type cr ( value$ )
+ then ( value$ )
+ else ( name$ value$ )
+ 2swap ( value$ name$ )
+ 2over 2over ($add-tag) ( value$ name$ )
+ ." Added " type cr ( value$ )
+ then ( value$ )
+ cancel ( value$ )
+ free-mem ( )
+ else ( name$ )
+ ." Warning: key " type ." is not in firmware image dropins" cr ( )
+ then ( )
;
: inject-keys ( -- )
@@ -82,7 +119,7 @@
red-letters ." Not injecting because: " type cr cancel
cr
." Will update firmware in 20 seconds" cr
- d# 20,000 ms
+ d# 21 1 do i .d (cr d# 1,000 ms loop
;
: do-keyject? ( -- flag )
More information about the openfirmware
mailing list