1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-24 14:20:57 +00:00

bootloader: fix flashing of non-continous firmware areas

This commit is contained in:
Pavol Rusnak 2018-01-23 12:50:25 +01:00
parent f32e8c50d9
commit 1e7920435c
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
3 changed files with 32 additions and 35 deletions

View File

@ -362,23 +362,8 @@ int main(void)
load_image_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub, &hdr), load_image_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub, &hdr),
"invalid firmware header"); "invalid firmware header");
const uint8_t sectors[] = {
FLASH_SECTOR_FIRMWARE_START,
7,
8,
9,
10,
FLASH_SECTOR_FIRMWARE_END,
FLASH_SECTOR_FIRMWARE_EXTRA_START,
18,
19,
20,
21,
22,
FLASH_SECTOR_FIRMWARE_EXTRA_END,
};
ensure( ensure(
check_image_contents(&hdr, IMAGE_HEADER_SIZE + vhdr.hdrlen, sectors, 13), check_image_contents(&hdr, IMAGE_HEADER_SIZE + vhdr.hdrlen, firmware_sectors, FIRMWARE_SECTORS_COUNT),
"invalid firmware hash"); "invalid firmware hash");
// if all VTRUST flags are unset = ultimate trust => skip the procedure // if all VTRUST flags are unset = ultimate trust => skip the procedure

View File

@ -19,6 +19,22 @@
#define MSG_HEADER1_LEN 9 #define MSG_HEADER1_LEN 9
#define MSG_HEADER2_LEN 1 #define MSG_HEADER2_LEN 1
const uint8_t firmware_sectors[FIRMWARE_SECTORS_COUNT] = {
FLASH_SECTOR_FIRMWARE_START,
7,
8,
9,
10,
FLASH_SECTOR_FIRMWARE_END,
FLASH_SECTOR_FIRMWARE_EXTRA_START,
18,
19,
20,
21,
22,
FLASH_SECTOR_FIRMWARE_EXTRA_END,
};
secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size) secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size)
{ {
if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') { if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') {
@ -260,24 +276,9 @@ void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *bu
MSG_RECV(FirmwareErase); MSG_RECV(FirmwareErase);
firmware_remaining = msg_recv.has_length ? msg_recv.length : 0; firmware_remaining = msg_recv.has_length ? msg_recv.length : 0;
if (firmware_remaining > 0 && firmware_remaining % 4 == 0) { if ((firmware_remaining > 0) && ((firmware_remaining % 4) == 0) && (firmware_remaining <= (FIRMWARE_SECTORS_COUNT * IMAGE_CHUNK_SIZE))) {
// erase flash // erase flash
const uint8_t sectors[] = { if (sectrue != flash_erase_sectors(firmware_sectors, FIRMWARE_SECTORS_COUNT, progress_erase)) {
FLASH_SECTOR_FIRMWARE_START,
7,
8,
9,
10,
FLASH_SECTOR_FIRMWARE_END,
FLASH_SECTOR_FIRMWARE_EXTRA_START,
18,
19,
20,
21,
22,
FLASH_SECTOR_FIRMWARE_EXTRA_END,
};
if (sectrue != flash_erase_sectors(sectors, sizeof(sectors), progress_erase)) {
MSG_SEND_INIT(Failure); MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError); MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
MSG_SEND_ASSIGN_STRING(message, "Could not erase flash"); MSG_SEND_ASSIGN_STRING(message, "Could not erase flash");
@ -418,6 +419,15 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *bu
firstskip = IMAGE_HEADER_SIZE + vhdr.hdrlen; firstskip = IMAGE_HEADER_SIZE + vhdr.hdrlen;
} }
// should not happen, but double-check
if (firmware_block >= FIRMWARE_SECTORS_COUNT) {
MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
MSG_SEND_ASSIGN_STRING(message, "Firmware too big");
MSG_SEND(Failure);
return -3;
}
if (sectrue != check_single_hash(hdr.hashes + firmware_block * 32, chunk_buffer + firstskip, chunk_size - firstskip)) { if (sectrue != check_single_hash(hdr.hashes + firmware_block * 32, chunk_buffer + firstskip, chunk_size - firstskip)) {
MSG_SEND_INIT(Failure); MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError); MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
@ -428,10 +438,9 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *bu
ensure(flash_unlock(), NULL); ensure(flash_unlock(), NULL);
// TODO: fix writing to non-continous area
const uint32_t * const src = (const uint32_t * const)chunk_buffer; const uint32_t * const src = (const uint32_t * const)chunk_buffer;
for (int i = 0; i < chunk_size / sizeof(uint32_t); i++) { for (int i = 0; i < chunk_size / sizeof(uint32_t); i++) {
ensure(flash_write_word(FIRMWARE_START + firmware_block * IMAGE_CHUNK_SIZE + i * sizeof(uint32_t), src[i]), NULL); ensure(flash_write_word_rel(firmware_sectors[firmware_block], i * sizeof(uint32_t), src[i]), NULL);
} }
ensure(flash_lock(), NULL); ensure(flash_lock(), NULL);

View File

@ -10,6 +10,9 @@
#define USB_PACKET_SIZE 64 #define USB_PACKET_SIZE 64
#define USB_IFACE_NUM 0 #define USB_IFACE_NUM 0
#define FIRMWARE_SECTORS_COUNT 13
extern const uint8_t firmware_sectors[FIRMWARE_SECTORS_COUNT];
secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size); secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size);
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present); void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present);