From 0706118d3a41bf19600a3a576dd3efdd2f24f6c9 Mon Sep 17 00:00:00 2001 From: tychovrahe Date: Tue, 16 Apr 2024 21:32:35 +0200 Subject: [PATCH] fix(core): ensure correctly programmed oem key option bytes [no changelog] --- core/embed/trezorhal/stm32u5/lowlevel.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/core/embed/trezorhal/stm32u5/lowlevel.c b/core/embed/trezorhal/stm32u5/lowlevel.c index fd6d9ab1b..e30aa5267 100644 --- a/core/embed/trezorhal/stm32u5/lowlevel.c +++ b/core/embed/trezorhal/stm32u5/lowlevel.c @@ -211,6 +211,17 @@ uint32_t flash_set_option_bytes(void) { FLASH->WRP2AR = WRP_DEFAULT_VALUE; FLASH->WRP2BR = WRP_DEFAULT_VALUE; + // Set the OEM keys to the default value + // In case these are for any reason set, we will reset them to the default + // while locking the device, to ensure that there is no ability to reverse the + // RDP. These keys are write-only, so the only way to check that the keys are + // not set is through OEMxLOCK bits in FLASH->NSSR register. These bits are + // unset only if the keys are written to 0xFFFFFFFF. + FLASH->OEM1KEYR1 = 0xFFFFFFFF; + FLASH->OEM1KEYR2 = 0xFFFFFFFF; + FLASH->OEM2KEYR1 = 0xFFFFFFFF; + FLASH->OEM2KEYR2 = 0xFFFFFFFF; + FLASH->OPTR = FLASH_OPTR_VALUE; // WARNING: dev board safe unless you compile for // PRODUCTION or change this value!!!