summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaik Otto <m.otto@phytec.de>2020-03-06 12:13:25 (GMT)
committerNorbert Wesp <n.wesp@phytec.de>2020-03-11 14:51:40 (GMT)
commit0ad32ac43ca6d1cd4b48a9baca8b0a23c25246bc (patch)
treec84457490f72db8550c158a1a092ca5c5580454d
parentbb2e8765c28f1531d19ffffbd99dff17bd6d319e (diff)
downloadmeta-phytec-0ad32ac43ca6d1cd4b48a9baca8b0a23c25246bc.zip
meta-phytec-0ad32ac43ca6d1cd4b48a9baca8b0a23c25246bc.tar.bz2
barebox: add password depends on protectionshield
add include for barebox password depends on the protectionshield level. The different OVERRIDES protectionshield level is only set, when the Distro Feature protectionshield is active. If this conditions are true, then the password will be set and activated. Signed-off-by: Maik Otto <m.otto@phytec.de> Signed-off-by: Norbert Wesp <n.wesp@phytec.de>
-rw-r--r--recipes-bsp/barebox/barebox-protectionshield.inc42
1 files changed, 42 insertions, 0 deletions
diff --git a/recipes-bsp/barebox/barebox-protectionshield.inc b/recipes-bsp/barebox/barebox-protectionshield.inc
new file mode 100644
index 0000000..d11ef09
--- /dev/null
+++ b/recipes-bsp/barebox/barebox-protectionshield.inc
@@ -0,0 +1,42 @@
+EXTRAPATHS_prepend := "${THISDIR}/barebox:"
+
+SRC_URI_append = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'protectionshield','file://set-password.cfg', '', d)} \
+"
+
+PROTECTION_SHIELD_ROOT_PASSWORD ??= "root"
+
+def set_root_password(d, hashvalue):
+ pathS = d.getVar("S", True)
+ fn = "passwdfile"
+ pathFN = pathS + "/" + fn
+ if not os.path.exists(pathS):
+ os.makedirs(pathS)
+ try:
+ manifest = open(pathFN,'w')
+ except OSError:
+ raise bb.build.FuncFailed('Unable to open passwdfile')
+ manifest.write(hashvalue)
+ manifest.close()
+
+def set_shield_password(d):
+ import hashlib
+ passwd = d.getVar('PROTECTION_SHIELD_ROOT_PASSWORD', True) or ""
+ hashvalue = hashlib.sha512(passwd.encode()).hexdigest()
+ set_root_password(d,hashvalue)
+
+
+do_patch_append_shieldlow (){
+ set_shield_password(d)
+}
+
+do_patch_append_shieldmedium (){
+ set_shield_password(d)
+}
+
+python do_patch_append_shieldhigh () {
+ import binascii
+ #random hash
+ hashvalue = binascii.hexlify(os.urandom(64)).decode('ascii')
+ set_root_password(d,hashvalue)
+}