common: add support to fallback to plain SHA256

In case crypt-based hashing is enabled this will be the default mechanism that is used. If a user wants to have support for both, the environment variable `bootstopusesha256` can be set to `true` to allow plain SHA256 based hashing of the password. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Steffen Jaeckel <jaeckel-floss@eyet-services.de> 2021-07-08 16:57:39 +0300
committer: Tom Rini <trini@konsulko.com> 2021-07-23 20:36:20 +0300
commit: 33198740aca2d68e9760cfd6ebb5a55894431966 (patch)
tree: 51aa2df2efe3c3cd581f59bfd82ac88892c1826f /common/Kconfig.boot
parent: d199c3ab1c3afa7a17259f4045516f5fbfaaa446 (diff)
download: u-boot-33198740aca2d68e9760cfd6ebb5a55894431966.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index e0cca226da..49e28b2ef2 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -835,6 +835,14 @@ config AUTOBOOT_ENCRYPTION
 	  This provides a way to ship a secure production device which can also
 	  be accessed at the U-Boot command line.
 
+config AUTOBOOT_SHA256_FALLBACK
+	bool "Allow fallback from crypt-hashed password to sha256"
+	depends on AUTOBOOT_ENCRYPTION && CRYPT_PW
+	help
+	  This option adds support to fall back from crypt-hashed
+	  passwords to checking a SHA256 hashed password in case the
+	  'bootstopusesha256' environment variable is set to 'true'.
+
 config AUTOBOOT_DELAY_STR
 	string "Delay autobooting via specific input key / string"
 	depends on AUTOBOOT_KEYED && !AUTOBOOT_ENCRYPTION
author	Steffen Jaeckel <jaeckel-floss@eyet-services.de>	2021-07-08 16:57:39 +0300
committer	Tom Rini <trini@konsulko.com>	2021-07-23 20:36:20 +0300
commit	33198740aca2d68e9760cfd6ebb5a55894431966 (patch)
tree	51aa2df2efe3c3cd581f59bfd82ac88892c1826f /common/Kconfig.boot
parent	d199c3ab1c3afa7a17259f4045516f5fbfaaa446 (diff)
download	u-boot-33198740aca2d68e9760cfd6ebb5a55894431966.tar.xz