1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-14 03:30:02 +00:00

bootloader: implement vendor keys lock

This commit is contained in:
Pavol Rusnak 2017-12-13 23:08:15 +01:00
parent 45c290d24c
commit 2f719526e7
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
2 changed files with 21 additions and 4 deletions

View File

@ -35,7 +35,7 @@
|----------|-------------------------|------|--------------------------------
| block 0 | 0x1FFF7800 - 0x1FFF781F | 32 B | device manufacturing date
| block 1 | 0x1FFF7820 - 0x1FFF783F | 32 B | bootloader downgrade protection
| block 2 | 0x1FFF7840 - 0x1FFF785F | 32 B | unused
| block 2 | 0x1FFF7840 - 0x1FFF785F | 32 B | vendor keys lock
| block 3 | 0x1FFF7860 - 0x1FFF787F | 32 B | unused
| block 4 | 0x1FFF7880 - 0x1FFF789F | 32 B | unused
| block 5 | 0x1FFF78A0 - 0x1FFF78BF | 32 B | unused

View File

@ -259,7 +259,7 @@ secbool bootloader_loop(secbool firmware_present)
// protection against bootloader downgrade
#define BOOTLOADER_VERSION_OTP_BLOCK 1
#define OTP_BLOCK_BOOTLOADER_VERSION 1
void check_bootloader_version(void)
{
@ -271,10 +271,10 @@ void check_bootloader_version(void)
bits[i / 8] |= (1 << (7 - (i % 8)));
}
}
ensure(flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(flash_otp_write(OTP_BLOCK_BOOTLOADER_VERSION, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
uint8_t bits2[FLASH_OTP_BLOCK_SIZE];
ensure(flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(flash_otp_read(OTP_BLOCK_BOOTLOADER_VERSION, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(sectrue * (0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE)), "Bootloader downgraded");
}
@ -284,6 +284,19 @@ secbool load_vendor_header_keys(const uint8_t * const data, vendor_header * cons
return load_vendor_header(data, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, vhdr);
}
#define OTP_BLOCK_VENDOR_KEYS_LOCK 2
secbool check_vendor_keys_lock(const vendor_header * const vhdr) {
uint8_t lock[FLASH_OTP_BLOCK_SIZE];
ensure(flash_otp_read(OTP_BLOCK_VENDOR_KEYS_LOCK, 0, lock, FLASH_OTP_BLOCK_SIZE), NULL);
if (0 == memcmp(lock, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", FLASH_OTP_BLOCK_SIZE)) {
return sectrue;
}
uint8_t hash[32];
vendor_keys_hash(vhdr, hash);
return sectrue * (0 == memcmp(lock, hash, 32));
}
int main(void)
{
#if PRODUCTION
@ -316,6 +329,10 @@ int main(void)
load_vendor_header_keys((const uint8_t *)FIRMWARE_START, &vhdr),
"invalid vendor header");
ensure(
check_vendor_keys_lock(&vhdr),
"unauthorized vendor keys");
image_header hdr;
ensure(