-/*
- * Runs the given boot command securely. Specifically:
- * - Doesn't run the command with the shell (run_command or parse_string_outer),
- * since that's a lot of code surface that an attacker might exploit.
- * Because of this, we don't do any argument parsing--the secure boot command
- * has to be a full-fledged u-boot command.
- * - Doesn't check for keypresses before booting, since that could be a
- * security hole; also disables Ctrl-C.
- * - Doesn't allow the command to return.
- *
- * Upon any failures, this function will drop into an infinite loop after
- * printing the error message to console.
- */
-
-#if defined(CONFIG_OF_CONTROL)
-static void secure_boot_cmd(char *cmd)
-{
- cmd_tbl_t *cmdtp;
- int rc;
-
- if (!cmd) {
- printf("## Error: Secure boot command not specified\n");
- goto err;
- }
-
- /* Disable Ctrl-C just in case some command is used that checks it. */
- disable_ctrlc(1);
-
- /* Find the command directly. */
- cmdtp = find_cmd(cmd);
- if (!cmdtp) {
- printf("## Error: \"%s\" not defined\n", cmd);
- goto err;
- }
-
- /* Run the command, forcing no flags and faking argc and argv. */
- rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd);
-
- /* Shouldn't ever return from boot command. */
- printf("## Error: \"%s\" returned (code %d)\n", cmd, rc);
-
-err:
- /*
- * Not a whole lot to do here. Rebooting won't help much, since we'll
- * just end up right back here. Just loop.
- */
- hang();
-}
-