Check if firmware has privileges. (#369)

Only drop privileges if firmware is running with privileges. Don't change the bootloader if running without privileges.
2025-01-03 12:00:59 +00:00 · 2018-06-21 14:28:39 +02:00 · 2018-06-21 14:28:39 +02:00 · 0ddf443346
commit 0ddf443346
parent 027e64d21a
3 changed files with 19 additions and 3 deletions
--- a/firmware/bl_check.c
+++ b/firmware/bl_check.c
@ -53,6 +53,10 @@ void check_bootloader(void)
 		shutdown();
 	}

+	if (is_mode_unprivileged()) {
+		return;
+	}
+
 	if (r == 32 && 0 == memcmp(hash, bl_hash, 32)) {
 		// all OK -> done
 		return;
@ -62,6 +66,8 @@ void check_bootloader(void)
 	// ATTEMPTING TO OVERWRITE BOOTLOADER WITH UNSIGNED FIRMWARE MAY BRICK
 	// YOUR DEVICE.

+	layoutDialog(&bmp_icon_warning, NULL, NULL, NULL, "Overwriting bootloader", NULL, NULL, "DON'T UNPLUG", "YOUR TREZOR", NULL);
+
 	// unlock sectors
 	memory_write_unlock();

--- a/firmware/trezor.c
+++ b/firmware/trezor.c
@ -96,12 +96,15 @@ int main(void)
 	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks
 #endif

+	if (!is_mode_unprivileged()) {
+
 		timer_init();

 #ifdef APPVER
 		// enable MPU (Memory Protection Unit)
 		mpu_config();
 #endif
+	}

 #if DEBUG_LINK
 	oledSetDebugLink(1);
--- a/util.h
+++ b/util.h
@ -79,6 +79,13 @@ static inline void set_mode_unprivileged(void)
 	// http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html
 	__asm__ volatile("msr control, %0" :: "r" (0x1));
 }
+
+static inline bool is_mode_unprivileged(void)
+{
+	uint32_t r0;
+	__asm__ volatile("mrs %0, control" : "=r" (r0));
+	return r0 & 1;
+}
 #endif

 #endif