736e30af58
This patch adds purgatory, the name and concept have been taken from kexec-tools. Purgatory runs between two kernels, and do verify sha256 hash to ensure the kernel to jump to is fine and has not been corrupted after loading. Makefile is modified based on x86 platform. Signed-off-by: Li Zhengyu <lizhengyu3@huawei.com> Link: https://lore.kernel.org/r/20220408100914.150110-6-lizhengyu3@huawei.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
46 lines
1.1 KiB
C
46 lines
1.1 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* purgatory: Runs between two kernels
|
|
*
|
|
* Copyright (C) 2022 Huawei Technologies Co, Ltd.
|
|
*
|
|
* Author: Li Zhengyu (lizhengyu3@huawei.com)
|
|
*
|
|
*/
|
|
|
|
#include <linux/purgatory.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/string.h>
|
|
#include <asm/string.h>
|
|
|
|
u8 purgatory_sha256_digest[SHA256_DIGEST_SIZE] __section(".kexec-purgatory");
|
|
|
|
struct kexec_sha_region purgatory_sha_regions[KEXEC_SEGMENT_MAX] __section(".kexec-purgatory");
|
|
|
|
static int verify_sha256_digest(void)
|
|
{
|
|
struct kexec_sha_region *ptr, *end;
|
|
struct sha256_state ss;
|
|
u8 digest[SHA256_DIGEST_SIZE];
|
|
|
|
sha256_init(&ss);
|
|
end = purgatory_sha_regions + ARRAY_SIZE(purgatory_sha_regions);
|
|
for (ptr = purgatory_sha_regions; ptr < end; ptr++)
|
|
sha256_update(&ss, (uint8_t *)(ptr->start), ptr->len);
|
|
sha256_final(&ss, digest);
|
|
if (memcmp(digest, purgatory_sha256_digest, sizeof(digest)) != 0)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
/* workaround for a warning with -Wmissing-prototypes */
|
|
void purgatory(void);
|
|
|
|
void purgatory(void)
|
|
{
|
|
if (verify_sha256_digest())
|
|
for (;;)
|
|
/* loop forever */
|
|
;
|
|
}
|