mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-22 22:38:08 +00:00
fix(core): reboot immediately in boardloader if BHK is locked
[no changelog]
This commit is contained in:
parent
454b8140ec
commit
2530312091
@ -34,6 +34,7 @@
|
||||
#include "mpu.h"
|
||||
#include "rng.h"
|
||||
#include "rsod.h"
|
||||
#include "secret.h"
|
||||
#include "system.h"
|
||||
#include "terminal.h"
|
||||
|
||||
@ -63,7 +64,6 @@
|
||||
#include "memzero.h"
|
||||
|
||||
#ifdef STM32U5
|
||||
#include "secret.h"
|
||||
#include "tamper.h"
|
||||
#include "trustzone.h"
|
||||
#endif
|
||||
@ -253,10 +253,10 @@ int main(void) {
|
||||
tamper_init();
|
||||
|
||||
trustzone_init_boardloader();
|
||||
|
||||
secret_ensure_initialized();
|
||||
#endif
|
||||
|
||||
secret_init();
|
||||
|
||||
#ifdef STM32F4
|
||||
clear_otg_hs_memory();
|
||||
#endif
|
||||
|
@ -30,9 +30,6 @@ secbool secret_wiped(void);
|
||||
// Verifies that the secret storage has correct header
|
||||
secbool secret_verify_header(void);
|
||||
|
||||
// Checks that the secret storage is initialized and initializes it if not
|
||||
secbool secret_ensure_initialized(void);
|
||||
|
||||
// Erases the entire secret storage
|
||||
void secret_erase(void);
|
||||
|
||||
@ -70,6 +67,11 @@ void secret_bhk_regenerate(void);
|
||||
// This function is called by the bootloader before starting the firmware
|
||||
void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all);
|
||||
|
||||
// Prepares the secret storage for running the boardloader and next stages
|
||||
// Ensures that secret storage access is enabled
|
||||
// This function is called by the boardloader
|
||||
void secret_init(void);
|
||||
|
||||
#endif // KERNEL_MODE
|
||||
|
||||
// Checks if bootloader is locked, that is the secret storage contains optiga
|
||||
|
@ -133,4 +133,6 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
|
||||
#endif
|
||||
}
|
||||
|
||||
void secret_init(void) {}
|
||||
|
||||
#endif // KERNEL_MODE
|
||||
|
@ -35,7 +35,7 @@ secbool secret_verify_header(void) {
|
||||
return bootloader_locked;
|
||||
}
|
||||
|
||||
secbool secret_ensure_initialized(void) {
|
||||
static secbool secret_ensure_initialized(void) {
|
||||
if (sectrue != secret_verify_header()) {
|
||||
ensure(erase_storage(NULL), "erase storage failed");
|
||||
secret_erase();
|
||||
@ -353,4 +353,12 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) {
|
||||
}
|
||||
}
|
||||
|
||||
void secret_init(void) {
|
||||
if (secret_bhk_locked() == sectrue) {
|
||||
reboot();
|
||||
}
|
||||
|
||||
secret_ensure_initialized();
|
||||
}
|
||||
|
||||
#endif // KERNEL_MODE
|
||||
|
Loading…
Reference in New Issue
Block a user