From 0ddf443346f022702a033ad42c0d488ab2aca5d1 Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Thu, 21 Jun 2018 14:28:39 +0200 Subject: [PATCH] Check if firmware has privileges. (#369) Only drop privileges if firmware is running with privileges. Don't change the bootloader if running without privileges. --- firmware/bl_check.c | 6 ++++++ firmware/trezor.c | 9 ++++++--- util.h | 7 +++++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/firmware/bl_check.c b/firmware/bl_check.c index 598bac276c..c93624a4a4 100644 --- a/firmware/bl_check.c +++ b/firmware/bl_check.c @@ -53,6 +53,10 @@ void check_bootloader(void) shutdown(); } + if (is_mode_unprivileged()) { + return; + } + if (r == 32 && 0 == memcmp(hash, bl_hash, 32)) { // all OK -> done return; @@ -62,6 +66,8 @@ void check_bootloader(void) // ATTEMPTING TO OVERWRITE BOOTLOADER WITH UNSIGNED FIRMWARE MAY BRICK // YOUR DEVICE. + layoutDialog(&bmp_icon_warning, NULL, NULL, NULL, "Overwriting bootloader", NULL, NULL, "DON'T UNPLUG", "YOUR TREZOR", NULL); + // unlock sectors memory_write_unlock(); diff --git a/firmware/trezor.c b/firmware/trezor.c index 9737733fed..4d256eaece 100644 --- a/firmware/trezor.c +++ b/firmware/trezor.c @@ -96,12 +96,15 @@ int main(void) __stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks #endif - timer_init(); + if (!is_mode_unprivileged()) { + + timer_init(); #ifdef APPVER - // enable MPU (Memory Protection Unit) - mpu_config(); + // enable MPU (Memory Protection Unit) + mpu_config(); #endif + } #if DEBUG_LINK oledSetDebugLink(1); diff --git a/util.h b/util.h index 4e807d1fab..c131dbead2 100644 --- a/util.h +++ b/util.h @@ -79,6 +79,13 @@ static inline void set_mode_unprivileged(void) // http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html __asm__ volatile("msr control, %0" :: "r" (0x1)); } + +static inline bool is_mode_unprivileged(void) +{ + uint32_t r0; + __asm__ volatile("mrs %0, control" : "=r" (r0)); + return r0 & 1; +} #endif #endif