Re: [PATCH v5 11/17] bootmenu: add Kconfig option not to enter U-Boot console

[Mark Kettenis <mark.kettenis@xs4all.nl>]

> From: Masahisa Kojima <masahisa.kojima@linaro.org>
> Date: Thu, 28 Apr 2022 17:09:44 +0900
> 
> This commit adds the Kconfig option to disable to enter
> the U-Boot console from bootmenu.
> 
> If CMD_BOOTMENU_ENTER_UBOOT_CONSOLE is enabled, "U-Boot console"
> entry is appeared as the last entry in the bootmenu, then user can
> enter U-Boot console.
> 
> If CMD_BOOTMENU_ENTER_UBOOT_CONSOLE is disabled, "Quit" entry
> is appeared as the last entry instead of "U-Boot console".
> When user chooses "Quit" from bootmenu, the following default
> commands are invoked.
> 
>  - "bootefi bootmgr" (if efi bootmgr is enabled)
>  - "run bootcmd"
> 
> If the both commands are executed and returns to the bootmenu,
> the bootmenu will appears again.

I think the default for this option should be "y", otherwise I fear
too many boards will ship with a "locked down" U-Boot where the user
has no way to get at the U-Boot prompt.

> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Changes in v5:
> - split into the separate patch
> - clear the console when user select "U-Boot console"
> - if the console is disabled, the last entry title is "Quit"
> 
>  cmd/Kconfig    | 10 ++++++++
>  cmd/bootmenu.c | 69 ++++++++++++++++++++++++++++++++++++++++++--------
>  2 files changed, 68 insertions(+), 11 deletions(-)
> 
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index 2b575a2b42..99a1435467 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -356,6 +356,16 @@ config CMD_BOOTMENU
>  	help
>  	  Add an ANSI terminal boot menu command.
>  
> +config CMD_BOOTMENU_ENTER_UBOOT_CONSOLE
> +	bool "Allow Bootmenu to enter the U-Boot console"
> +	depends on CMD_BOOTMENU
> +	default n
> +	help
> +	  Add an entry to enter U-Boot console in bootmenu.
> +	  If this option is disabled, user can not enter
> +	  the U-Boot console from bootmenu. It increases
> +	  the system security.
> +
>  config CMD_ADTIMG
>  	bool "adtimg"
>  	help
> diff --git a/cmd/bootmenu.c b/cmd/bootmenu.c
> index afe42b8041..bfbb1b5248 100644
> --- a/cmd/bootmenu.c
> +++ b/cmd/bootmenu.c
> @@ -29,6 +29,13 @@
>   */
>  #define MAX_ENV_SIZE	(9 + 2 + 1)
>  
> +enum bootmenu_ret {
> +	BOOTMENU_RET_SUCCESS = 0,
> +	BOOTMENU_RET_FAIL,
> +	BOOTMENU_RET_QUIT,
> +	BOOTMENU_RET_UPDATED,
> +};
> +
>  enum boot_type {
>  	BOOTMENU_TYPE_NONE = 0,
>  	BOOTMENU_TYPE_BOOTMENU,
> @@ -681,7 +688,12 @@ static struct bootmenu_data *bootmenu_create(int delay)
>  		if (!entry)
>  			goto cleanup;
>  
> -		entry->title = u16_strdup(u"U-Boot console");
> +		/* Add Quit entry if entering U-Boot console is disabled */
> +		if (IS_ENABLED(CONFIG_CMD_BOOTMENU_ENTER_UBOOT_CONSOLE))
> +			entry->title = u16_strdup(u"U-Boot console");
> +		else
> +			entry->title = u16_strdup(u"Quit");
> +
>  		if (!entry->title) {
>  			free(entry);
>  			goto cleanup;
> @@ -777,15 +789,17 @@ static void handle_uefi_bootnext(void)
>  		run_command("bootefi bootmgr", 0);
>  }
>  
> -static void bootmenu_show(int delay)
> +static enum bootmenu_ret bootmenu_show(int delay)
>  {
> +	int cmd_ret;
>  	int init = 0;
>  	void *choice = NULL;
>  	u16 *title = NULL;
>  	char *command = NULL;
>  	struct menu *menu;
> -	struct bootmenu_data *bootmenu;
>  	struct bootmenu_entry *iter;
> +	int ret = BOOTMENU_RET_SUCCESS;
> +	struct bootmenu_data *bootmenu;
>  	efi_status_t efi_ret = EFI_SUCCESS;
>  	char *option, *sep;
>  
> @@ -797,27 +811,27 @@ static void bootmenu_show(int delay)
>  		option = bootmenu_getoption(0);
>  		if (!option) {
>  			puts("bootmenu option 0 was not found\n");
> -			return;
> +			return BOOTMENU_RET_FAIL;
>  		}
>  		sep = strchr(option, '=');
>  		if (!sep) {
>  			puts("bootmenu option 0 is invalid\n");
> -			return;
> +			return BOOTMENU_RET_FAIL;
>  		}
> -		run_command(sep+1, 0);
> -		return;
> +		cmd_ret = run_command(sep + 1, 0);
> +		return (cmd_ret == CMD_RET_SUCCESS ? BOOTMENU_RET_SUCCESS : BOOTMENU_RET_FAIL);
>  	}
>  
>  	bootmenu = bootmenu_create(delay);
>  	if (!bootmenu)
> -		return;
> +		return BOOTMENU_RET_FAIL;
>  
>  	menu = menu_create(NULL, bootmenu->delay, 1, menu_display_statusline,
>  			   bootmenu_print_entry, bootmenu_choice_entry,
>  			   bootmenu);
>  	if (!menu) {
>  		bootmenu_destroy(bootmenu);
> -		return;
> +		return BOOTMENU_RET_FAIL;
>  	}
>  
>  	for (iter = bootmenu->first; iter; iter = iter->next) {
> @@ -838,6 +852,14 @@ static void bootmenu_show(int delay)
>  		iter = choice;
>  		title = u16_strdup(iter->title);
>  		command = strdup(iter->command);
> +
> +		/* last entry is U-Boot console or Quit */
> +		if (iter->num == iter->menu->count - 1) {
> +			ret = BOOTMENU_RET_QUIT;
> +			goto cleanup;
> +		}
> +	} else {
> +		goto cleanup;
>  	}
>  
>  	/*
> @@ -875,19 +897,44 @@ cleanup:
>  		debug("Starting entry '%ls'\n", title);
>  		free(title);
>  		if (efi_ret == EFI_SUCCESS)
> -			run_command(command, 0);
> +			cmd_ret = run_command(command, 0);
>  		free(command);
>  	}
>  
>  #ifdef CONFIG_POSTBOOTMENU
>  	run_command(CONFIG_POSTBOOTMENU, 0);
>  #endif
> +
> +	if (efi_ret != EFI_SUCCESS || cmd_ret != CMD_RET_SUCCESS)
> +		ret = BOOTMENU_RET_FAIL;
> +
> +	return ret;
>  }
>  
>  #ifdef CONFIG_AUTOBOOT_MENU_SHOW
>  int menu_show(int bootdelay)
>  {
> -	bootmenu_show(bootdelay);
> +	int ret;
> +
> +	while (1) {
> +		ret = bootmenu_show(bootdelay);
> +		bootdelay = -1;
> +		if (ret == BOOTMENU_RET_UPDATED)
> +			continue;
> +
> +		if (!IS_ENABLED(CONFIG_CMD_BOOTMENU_ENTER_UBOOT_CONSOLE)) {
> +			if (ret == BOOTMENU_RET_QUIT) {
> +				/* default boot process */
> +				if (IS_ENABLED(CONFIG_CMD_BOOTEFI_BOOTMGR))
> +					run_command("bootefi bootmgr", 0);
> +
> +				run_command("run bootcmd", 0);
> +			}
> +		} else {
> +			break;
> +		}
> +	}
> +
>  	return -1; /* -1 - abort boot and run monitor code */
>  }
>  #endif
> -- 
> 2.17.1
> 
>