mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-14 03:30:02 +00:00
bootloader: implement vendor keys lock
This commit is contained in:
parent
45c290d24c
commit
2f719526e7
@ -35,7 +35,7 @@
|
||||
|----------|-------------------------|------|--------------------------------
|
||||
| block 0 | 0x1FFF7800 - 0x1FFF781F | 32 B | device manufacturing date
|
||||
| block 1 | 0x1FFF7820 - 0x1FFF783F | 32 B | bootloader downgrade protection
|
||||
| block 2 | 0x1FFF7840 - 0x1FFF785F | 32 B | unused
|
||||
| block 2 | 0x1FFF7840 - 0x1FFF785F | 32 B | vendor keys lock
|
||||
| block 3 | 0x1FFF7860 - 0x1FFF787F | 32 B | unused
|
||||
| block 4 | 0x1FFF7880 - 0x1FFF789F | 32 B | unused
|
||||
| block 5 | 0x1FFF78A0 - 0x1FFF78BF | 32 B | unused
|
||||
|
@ -259,7 +259,7 @@ secbool bootloader_loop(secbool firmware_present)
|
||||
|
||||
// protection against bootloader downgrade
|
||||
|
||||
#define BOOTLOADER_VERSION_OTP_BLOCK 1
|
||||
#define OTP_BLOCK_BOOTLOADER_VERSION 1
|
||||
|
||||
void check_bootloader_version(void)
|
||||
{
|
||||
@ -271,10 +271,10 @@ void check_bootloader_version(void)
|
||||
bits[i / 8] |= (1 << (7 - (i % 8)));
|
||||
}
|
||||
}
|
||||
ensure(flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
|
||||
ensure(flash_otp_write(OTP_BLOCK_BOOTLOADER_VERSION, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
|
||||
|
||||
uint8_t bits2[FLASH_OTP_BLOCK_SIZE];
|
||||
ensure(flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
|
||||
ensure(flash_otp_read(OTP_BLOCK_BOOTLOADER_VERSION, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
|
||||
|
||||
ensure(sectrue * (0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE)), "Bootloader downgraded");
|
||||
}
|
||||
@ -284,6 +284,19 @@ secbool load_vendor_header_keys(const uint8_t * const data, vendor_header * cons
|
||||
return load_vendor_header(data, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, vhdr);
|
||||
}
|
||||
|
||||
#define OTP_BLOCK_VENDOR_KEYS_LOCK 2
|
||||
|
||||
secbool check_vendor_keys_lock(const vendor_header * const vhdr) {
|
||||
uint8_t lock[FLASH_OTP_BLOCK_SIZE];
|
||||
ensure(flash_otp_read(OTP_BLOCK_VENDOR_KEYS_LOCK, 0, lock, FLASH_OTP_BLOCK_SIZE), NULL);
|
||||
if (0 == memcmp(lock, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", FLASH_OTP_BLOCK_SIZE)) {
|
||||
return sectrue;
|
||||
}
|
||||
uint8_t hash[32];
|
||||
vendor_keys_hash(vhdr, hash);
|
||||
return sectrue * (0 == memcmp(lock, hash, 32));
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
#if PRODUCTION
|
||||
@ -316,6 +329,10 @@ int main(void)
|
||||
load_vendor_header_keys((const uint8_t *)FIRMWARE_START, &vhdr),
|
||||
"invalid vendor header");
|
||||
|
||||
ensure(
|
||||
check_vendor_keys_lock(&vhdr),
|
||||
"unauthorized vendor keys");
|
||||
|
||||
image_header hdr;
|
||||
|
||||
ensure(
|
||||
|
Loading…
Reference in New Issue
Block a user