diff --git a/core/SConscript.bootloader_ci b/core/SConscript.bootloader_ci index a1befca67..93f9277bd 100644 --- a/core/SConscript.bootloader_ci +++ b/core/SConscript.bootloader_ci @@ -160,6 +160,7 @@ SOURCE_BOOTLOADER = [ 'embed/bootloader_ci/main.c', 'embed/bootloader_ci/messages.c', 'embed/bootloader_ci/protob/messages.pb.c', + 'embed/bootloader_ci/version_check.c', ] env.Replace( diff --git a/core/embed/bootloader_ci/main.c b/core/embed/bootloader_ci/main.c index e58a1a95b..6d7565dcc 100644 --- a/core/embed/bootloader_ci/main.c +++ b/core/embed/bootloader_ci/main.c @@ -40,6 +40,7 @@ #include "bootui.h" #include "messages.h" #include "model.h" +#include "version_check.h" #ifdef USE_HASH_PROCESSOR #include "hash_processor.h" @@ -174,34 +175,6 @@ static secbool check_vendor_header_lock(const vendor_header *const vhdr) { return sectrue * (0 == memcmp(lock, hash, 32)); } -// protection against bootloader downgrade - -#if PRODUCTION - -static void check_bootloader_version(void) { - uint8_t bits[FLASH_OTP_BLOCK_SIZE]; - for (int i = 0; i < FLASH_OTP_BLOCK_SIZE * 8; i++) { - if (i < VERSION_MONOTONIC) { - bits[i / 8] &= ~(1 << (7 - (i % 8))); - } else { - bits[i / 8] |= (1 << (7 - (i % 8))); - } - } - ensure(flash_otp_write(FLASH_OTP_BLOCK_BOOTLOADER_VERSION, 0, bits, - FLASH_OTP_BLOCK_SIZE), - NULL); - - uint8_t bits2[FLASH_OTP_BLOCK_SIZE]; - ensure(flash_otp_read(FLASH_OTP_BLOCK_BOOTLOADER_VERSION, 0, bits2, - FLASH_OTP_BLOCK_SIZE), - NULL); - - ensure(sectrue * (0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE)), - "Bootloader downgraded"); -} - -#endif - int main(void) { random_delays_init(); #ifdef USE_TOUCH @@ -214,8 +187,9 @@ int main(void) { mpu_config_bootloader(); -#if PRODUCTION - check_bootloader_version(); +#if PRODUCTION && !defined STM32U5 + // for STM32U5, this check is moved to boardloader + ensure_bootloader_min_version(); #endif display_clear(); diff --git a/core/embed/bootloader_ci/version_check.c b/core/embed/bootloader_ci/version_check.c new file mode 120000 index 000000000..29cbd039b --- /dev/null +++ b/core/embed/bootloader_ci/version_check.c @@ -0,0 +1 @@ +../bootloader/version_check.c \ No newline at end of file diff --git a/core/embed/bootloader_ci/version_check.h b/core/embed/bootloader_ci/version_check.h new file mode 120000 index 000000000..c493d5fbd --- /dev/null +++ b/core/embed/bootloader_ci/version_check.h @@ -0,0 +1 @@ +../bootloader/version_check.h \ No newline at end of file