8b53c76533
Pull crypto updates from Herbert Xu: "API: - Add the ability to abort a skcipher walk. Algorithms: - Fix XTS to actually do the stealing. - Add library helpers for AES and DES for single-block users. - Add library helpers for SHA256. - Add new DES key verification helper. - Add surrounding bits for ESSIV generator. - Add accelerations for aegis128. - Add test vectors for lzo-rle. Drivers: - Add i.MX8MQ support to caam. - Add gcm/ccm/cfb/ofb aes support in inside-secure. - Add ofb/cfb aes support in media-tek. - Add HiSilicon ZIP accelerator support. Others: - Fix potential race condition in padata. - Use unbound workqueues in padata" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (311 commits) crypto: caam - Cast to long first before pointer conversion crypto: ccree - enable CTS support in AES-XTS crypto: inside-secure - Probe transform record cache RAM sizes crypto: inside-secure - Base RD fetchcount on actual RD FIFO size crypto: inside-secure - Base CD fetchcount on actual CD FIFO size crypto: inside-secure - Enable extended algorithms on newer HW crypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL crypto: inside-secure - Add EIP97/EIP197 and endianness detection padata: remove cpu_index from the parallel_queue padata: unbind parallel jobs from specific CPUs padata: use separate workqueues for parallel and serial work padata, pcrypt: take CPU hotplug lock internally in padata_alloc_possible crypto: pcrypt - remove padata cpumask notifier padata: make padata_do_parallel find alternate callback CPU workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs workqueue: unconfine alloc/apply/free_workqueue_attrs() padata: allocate workqueue internally arm64: dts: imx8mq: Add CAAM node random: Use wait_event_freezable() in add_hwgenerator_randomness() crypto: ux500 - Fix COMPILE_TEST warnings ...
77 lines
1.7 KiB
C
77 lines
1.7 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* purgatory: Runs between two kernels
|
|
*
|
|
* Copyright (C) 2014 Red Hat Inc.
|
|
*
|
|
* Author:
|
|
* Vivek Goyal <vgoyal@redhat.com>
|
|
*/
|
|
|
|
#include <linux/bug.h>
|
|
#include <crypto/sha.h>
|
|
#include <asm/purgatory.h>
|
|
|
|
#include "../boot/string.h"
|
|
|
|
unsigned long purgatory_backup_dest __section(.kexec-purgatory);
|
|
unsigned long purgatory_backup_src __section(.kexec-purgatory);
|
|
unsigned long purgatory_backup_sz __section(.kexec-purgatory);
|
|
|
|
u8 purgatory_sha256_digest[SHA256_DIGEST_SIZE] __section(.kexec-purgatory);
|
|
|
|
struct kexec_sha_region purgatory_sha_regions[KEXEC_SEGMENT_MAX] __section(.kexec-purgatory);
|
|
|
|
/*
|
|
* On x86, second kernel requries first 640K of memory to boot. Copy
|
|
* first 640K to a backup region in reserved memory range so that second
|
|
* kernel can use first 640K.
|
|
*/
|
|
static int copy_backup_region(void)
|
|
{
|
|
if (purgatory_backup_dest) {
|
|
memcpy((void *)purgatory_backup_dest,
|
|
(void *)purgatory_backup_src, purgatory_backup_sz);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int verify_sha256_digest(void)
|
|
{
|
|
struct kexec_sha_region *ptr, *end;
|
|
u8 digest[SHA256_DIGEST_SIZE];
|
|
struct sha256_state sctx;
|
|
|
|
sha256_init(&sctx);
|
|
end = purgatory_sha_regions + ARRAY_SIZE(purgatory_sha_regions);
|
|
|
|
for (ptr = purgatory_sha_regions; ptr < end; ptr++)
|
|
sha256_update(&sctx, (uint8_t *)(ptr->start), ptr->len);
|
|
|
|
sha256_final(&sctx, digest);
|
|
|
|
if (memcmp(digest, purgatory_sha256_digest, sizeof(digest)))
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
void purgatory(void)
|
|
{
|
|
int ret;
|
|
|
|
ret = verify_sha256_digest();
|
|
if (ret) {
|
|
/* loop forever */
|
|
for (;;)
|
|
;
|
|
}
|
|
copy_backup_region();
|
|
}
|
|
|
|
/*
|
|
* Defined in order to reuse memcpy() and memset() from
|
|
* arch/x86/boot/compressed/string.c
|
|
*/
|
|
void warn(const char *msg) {}
|