From c8c85424b629e4790f0745d15a1d4368046dff33 Mon Sep 17 00:00:00 2001 From: mruddy Date: Fri, 17 Feb 2017 07:18:50 -0500 Subject: [PATCH 1/9] fix usage of RNG before setup (#150/#151) --- bootloader/bootloader.c | 2 +- demo/demo.c | 6 +++++- firmware/trezor.c | 3 ++- setup.c | 10 ++++++++++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/bootloader/bootloader.c b/bootloader/bootloader.c index a87135917a..c502e42b06 100644 --- a/bootloader/bootloader.c +++ b/bootloader/bootloader.c @@ -139,8 +139,8 @@ void __attribute__((noreturn)) __stack_chk_fail(void) int main(void) { - __stack_chk_guard = random32(); setup(); + __stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks memory_protect(); oledInit(); diff --git a/demo/demo.c b/demo/demo.c index f4ee18ac22..d6f75c74b0 100644 --- a/demo/demo.c +++ b/demo/demo.c @@ -248,11 +248,15 @@ void __attribute__((noreturn)) __stack_chk_fail(void) int main(void) { - __stack_chk_guard = random32(); #ifndef APPVER setup(); + __stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks oledInit(); +#else + setupApp(); + __stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks #endif + usbInit(); passlen = strlen((char *)pass); diff --git a/firmware/trezor.c b/firmware/trezor.c index 56c74d491a..87c1928527 100644 --- a/firmware/trezor.c +++ b/firmware/trezor.c @@ -89,12 +89,13 @@ void check_lock_screen(void) int main(void) { - __stack_chk_guard = random32(); #ifndef APPVER setup(); + __stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks oledInit(); #else setupApp(); + __stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks #endif timer_init(); diff --git a/setup.c b/setup.c index b91c2d6933..2537a01436 100644 --- a/setup.c +++ b/setup.c @@ -21,6 +21,7 @@ #include #include #include +#include "rng.h" void setup(void) { @@ -42,6 +43,9 @@ void setup(void) // enable RNG rcc_periph_clock_enable(RCC_RNG); RNG_CR |= RNG_CR_IE | RNG_CR_RNGEN; + // to be extra careful and heed the STM32F205xx Reference manual, Section 20.3.1 + // we don't use the first random number generated after setting the RNGEN bit in setup + random32(); // set GPIO for buttons gpio_mode_setup(GPIOC, GPIO_MODE_INPUT, GPIO_PUPD_PULLUP, GPIO2 | GPIO5); @@ -69,6 +73,12 @@ void setup(void) void setupApp(void) { + // the static variables in random32 are separate between the bootloader and firmware. + // therefore, they need to be initialized here so that we can be sure to avoid dupes. + // this is to try to comply with STM32F205xx Reference manual - Section 20.3.1: + // "Each subsequent generated random number has to be compared with the previously generated + // number. The test fails if any two compared numbers are equal (continuous random number generator test)." + random32(); // hotfix for old bootloader gpio_mode_setup(GPIOA, GPIO_MODE_INPUT, GPIO_PUPD_NONE, GPIO9); spi_init_master(SPI1, SPI_CR1_BAUDRATE_FPCLK_DIV_8, SPI_CR1_CPOL_CLK_TO_0_WHEN_IDLE, SPI_CR1_CPHA_CLK_TRANSITION_1, SPI_CR1_DFF_8BIT, SPI_CR1_MSBFIRST); From d03356fab1cb9a5c485dd118198e5a4cfc90b1f0 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Mon, 27 Feb 2017 21:01:00 +0100 Subject: [PATCH 2/9] raising the maxfee --- firmware/coins.c | 2 +- vendor/trezor-common | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/firmware/coins.c b/firmware/coins.c index e6056da420..094f2d5ed9 100644 --- a/firmware/coins.c +++ b/firmware/coins.c @@ -26,7 +26,7 @@ // filled CoinType Protobuf structure defined in https://github.com/trezor/trezor-common/blob/master/protob/types.proto#L133 // address types > 0xFF represent a two-byte prefix in big-endian order const CoinType coins[COINS_COUNT] = { - {true, "Bitcoin", true, "BTC", true, 0, true, 100000, true, 5, true, 6, true, 10, true, "\x18" "Bitcoin Signed Message:\n", }, + {true, "Bitcoin", true, "BTC", true, 0, true, 300000, true, 5, true, 6, true, 10, true, "\x18" "Bitcoin Signed Message:\n", }, {true, "Testnet", true, "TEST", true, 111, true, 10000000, true, 196, true, 3, true, 40, true, "\x18" "Bitcoin Signed Message:\n", }, {true, "Namecoin", true, "NMC", true, 52, true, 10000000, true, 5, false, 0, false, 0, true, "\x19" "Namecoin Signed Message:\n", }, {true, "Litecoin", true, "LTC", true, 48, true, 1000000, true, 5, false, 0, false, 0, true, "\x19" "Litecoin Signed Message:\n", }, diff --git a/vendor/trezor-common b/vendor/trezor-common index 9d2ab7318d..80c7b666a2 160000 --- a/vendor/trezor-common +++ b/vendor/trezor-common @@ -1 +1 @@ -Subproject commit 9d2ab7318db08a47b35588b0593fb66129214f8d +Subproject commit 80c7b666a204c74be1d1ed6b019d1fad2d2fe909 From dfe783d7299940db81893dd84c9bd5b7afb69645 Mon Sep 17 00:00:00 2001 From: Saleem Rashid Date: Sun, 5 Mar 2017 13:43:22 +0000 Subject: [PATCH 3/9] firmware_sign: Python 3 compatibility (#156) --- bootloader/firmware_sign.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootloader/firmware_sign.py b/bootloader/firmware_sign.py index 09650a6ab7..a14bfaf6dc 100755 --- a/bootloader/firmware_sign.py +++ b/bootloader/firmware_sign.py @@ -189,7 +189,7 @@ def main(args): data = sign(data, args.pem) check_signatures(data) - fp = open(args.path, 'w') + fp = open(args.path, 'wb') fp.write(data) fp.close() From d7d3d0490ef4d6562ef1dcf8dfc9cc66f1d9158b Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 28 Mar 2017 23:19:59 +0200 Subject: [PATCH 4/9] update trezor-crypto --- Makefile.include | 1 - firmware/Makefile | 3 --- vendor/trezor-crypto | 2 +- vendor/trezor-qrenc | 2 +- 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.include b/Makefile.include index 7f4d4f1ed9..7e71499fd4 100644 --- a/Makefile.include +++ b/Makefile.include @@ -49,7 +49,6 @@ CFLAGS += $(OPTFLAGS) \ -I$(TOP_DIR)gen \ -I$(TOP_DIR)vendor/trezor-crypto \ -I$(TOP_DIR)vendor/trezor-crypto/ed25519-donna \ - -I$(TOP_DIR)vendor/trezor-crypto/curve25519-donna \ -I$(TOP_DIR)vendor/trezor-qrenc ifdef APPVER diff --git a/firmware/Makefile b/firmware/Makefile index 4fe85288d1..1638b857be 100644 --- a/firmware/Makefile +++ b/firmware/Makefile @@ -28,7 +28,6 @@ OBJS += ../vendor/trezor-crypto/curves.o OBJS += ../vendor/trezor-crypto/secp256k1.o OBJS += ../vendor/trezor-crypto/nist256p1.o OBJS += ../vendor/trezor-crypto/ed25519-donna/ed25519.o -OBJS += ../vendor/trezor-crypto/curve25519-donna/curve25519.o OBJS += ../vendor/trezor-crypto/hmac.o OBJS += ../vendor/trezor-crypto/bip32.o OBJS += ../vendor/trezor-crypto/bip39.o @@ -61,6 +60,4 @@ CFLAGS += -DQR_MAX_VERSION=0 CFLAGS += -DDEBUG_LINK=0 CFLAGS += -DDEBUG_LOG=0 CFLAGS += -DSCM_REVISION='"$(shell git rev-parse HEAD | sed 's:\(..\):\\x\1:g')"' -CFLAGS += -DED25519_CUSTOMRANDOM=1 -CFLAGS += -DED25519_CUSTOMHASH=1 CFLAGS += -DUSE_ETHEREUM=1 diff --git a/vendor/trezor-crypto b/vendor/trezor-crypto index b55473a01e..df2524e35b 160000 --- a/vendor/trezor-crypto +++ b/vendor/trezor-crypto @@ -1 +1 @@ -Subproject commit b55473a01ecfd095d1f4bd068c8d3385b993b986 +Subproject commit df2524e35bc7d10129b965be017277ce46d2cae0 diff --git a/vendor/trezor-qrenc b/vendor/trezor-qrenc index 566bcd028d..9344f23d86 160000 --- a/vendor/trezor-qrenc +++ b/vendor/trezor-qrenc @@ -1 +1 @@ -Subproject commit 566bcd028d51b615b6620bbb500e72041ae4c614 +Subproject commit 9344f23d869030fbe7261d3361862eaba12b9975 From 49645ba2778c4bf0070bf8232f9933692fd6474d Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Thu, 30 Mar 2017 02:24:53 +0200 Subject: [PATCH 5/9] Compute hash before checking signatures. (#158) This fixes the problem where an invalid hash is shown, if the firmware contains no signing key indices. --- bootloader/signatures.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bootloader/signatures.c b/bootloader/signatures.c index a4bca418ba..bbe96fd0ad 100644 --- a/bootloader/signatures.c +++ b/bootloader/signatures.c @@ -47,6 +47,12 @@ int signatures_ok(uint8_t *store_hash) sigindex2 = *((uint8_t *)FLASH_META_SIGINDEX2); sigindex3 = *((uint8_t *)FLASH_META_SIGINDEX3); + uint8_t hash[32]; + sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash); + if (store_hash) { + memcpy(store_hash, hash, 32); + } + if (sigindex1 < 1 || sigindex1 > PUBKEYS) return 0; // invalid index if (sigindex2 < 1 || sigindex2 > PUBKEYS) return 0; // invalid index if (sigindex3 < 1 || sigindex3 > PUBKEYS) return 0; // invalid index @@ -55,12 +61,6 @@ int signatures_ok(uint8_t *store_hash) if (sigindex1 == sigindex3) return 0; // duplicate use if (sigindex2 == sigindex3) return 0; // duplicate use - uint8_t hash[32]; - sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash); - if (store_hash) { - memcpy(store_hash, hash, 32); - } - if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure return 0; } From 81d226a29b84e475bad3ac167a9b396a035f391f Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sat, 1 Apr 2017 23:43:39 +0200 Subject: [PATCH 6/9] build: modify travis to not use sudo --- .travis.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5653ed0e19..4275c03c3a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,14 @@ +sudo: false +dist: trusty language: c -install: - - sudo add-apt-repository -y ppa:team-gcc-arm-embedded/ppa - - sudo apt-get update - - sudo apt-get install -y build-essential git gcc-arm-embedded +addons: + apt: + packages: + - build-essential + - git + - gcc-arm-none-eabi + - libnewlib-arm-none-eabi script: - make -C vendor/libopencm3 From 0200ee5763d8955009aa5691374746d2ed456c42 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sat, 15 Apr 2017 16:55:01 +0200 Subject: [PATCH 7/9] bootloader: cleanup protobuf messages --- bootloader/bootloader.c | 13 +++--- bootloader/bootloader.h | 2 +- bootloader/signatures.c | 30 ++++++------ bootloader/usb.c | 100 +++++++++++++++++++++++++++------------- 4 files changed, 88 insertions(+), 57 deletions(-) diff --git a/bootloader/bootloader.c b/bootloader/bootloader.c index c502e42b06..843a1dddf4 100644 --- a/bootloader/bootloader.c +++ b/bootloader/bootloader.c @@ -38,11 +38,10 @@ #error Bootloader cannot be used in app mode #endif -void layoutFirmwareHash(uint8_t *hash) +void layoutFirmwareHash(const uint8_t *hash) { char str[4][17]; - int i; - for (i = 0; i < 4; i++) { + for (int i = 0; i < 4; i++) { data2hex(hash + i * 8, 8, str[i]); } layoutDialog(&bmp_icon_question, "Abort", "Continue", "Compare fingerprints", str[0], str[1], str[2], str[3], NULL, NULL); @@ -54,7 +53,7 @@ void show_halt(void) system_halt(); } -void show_unofficial_warning(uint8_t *hash) +void show_unofficial_warning(const uint8_t *hash) { layoutDialog(&bmp_icon_warning, "Abort", "I'll take the risk", NULL, "WARNING!", NULL, "Unofficial firmware", "detected.", NULL, NULL); @@ -117,13 +116,13 @@ void bootloader_loop(void) int check_firmware_sanity(void) { - if (memcmp((void *)FLASH_META_MAGIC, "TRZR", 4)) { // magic does not match + if (memcmp((const void *)FLASH_META_MAGIC, "TRZR", 4)) { // magic does not match return 0; } - if (*((uint32_t *)FLASH_META_CODELEN) < 4096) { // firmware reports smaller size than 4kB + if (*((const uint32_t *)FLASH_META_CODELEN) < 4096) { // firmware reports smaller size than 4kB return 0; } - if (*((uint32_t *)FLASH_META_CODELEN) > FLASH_TOTAL_SIZE - (FLASH_APP_START - FLASH_ORIGIN)) { // firmware reports bigger size than flash size + if (*((const uint32_t *)FLASH_META_CODELEN) > FLASH_TOTAL_SIZE - (FLASH_APP_START - FLASH_ORIGIN)) { // firmware reports bigger size than flash size return 0; } return 1; diff --git a/bootloader/bootloader.h b/bootloader/bootloader.h index a1f505eb44..93215356b0 100644 --- a/bootloader/bootloader.h +++ b/bootloader/bootloader.h @@ -33,6 +33,6 @@ #include "memory.h" -void layoutFirmwareHash(uint8_t *hash); +void layoutFirmwareHash(const uint8_t *hash); #endif diff --git a/bootloader/signatures.c b/bootloader/signatures.c index bbe96fd0ad..0b6ea5b9f6 100644 --- a/bootloader/signatures.c +++ b/bootloader/signatures.c @@ -28,27 +28,25 @@ #define PUBKEYS 5 -static const uint8_t *pubkey[PUBKEYS] = { - (uint8_t *)"\x04\xd5\x71\xb7\xf1\x48\xc5\xe4\x23\x2c\x38\x14\xf7\x77\xd8\xfa\xea\xf1\xa8\x42\x16\xc7\x8d\x56\x9b\x71\x04\x1f\xfc\x76\x8a\x5b\x2d\x81\x0f\xc3\xbb\x13\x4d\xd0\x26\xb5\x7e\x65\x00\x52\x75\xae\xde\xf4\x3e\x15\x5f\x48\xfc\x11\xa3\x2e\xc7\x90\xa9\x33\x12\xbd\x58", - (uint8_t *)"\x04\x63\x27\x9c\x0c\x08\x66\xe5\x0c\x05\xc7\x99\xd3\x2b\xd6\xba\xb0\x18\x8b\x6d\xe0\x65\x36\xd1\x10\x9d\x2e\xd9\xce\x76\xcb\x33\x5c\x49\x0e\x55\xae\xe1\x0c\xc9\x01\x21\x51\x32\xe8\x53\x09\x7d\x54\x32\xed\xa0\x6b\x79\x20\x73\xbd\x77\x40\xc9\x4c\xe4\x51\x6c\xb1", - (uint8_t *)"\x04\x43\xae\xdb\xb6\xf7\xe7\x1c\x56\x3f\x8e\xd2\xef\x64\xec\x99\x81\x48\x25\x19\xe7\xef\x4f\x4a\xa9\x8b\x27\x85\x4e\x8c\x49\x12\x6d\x49\x56\xd3\x00\xab\x45\xfd\xc3\x4c\xd2\x6b\xc8\x71\x0d\xe0\xa3\x1d\xbd\xf6\xde\x74\x35\xfd\x0b\x49\x2b\xe7\x0a\xc7\x5f\xde\x58", - (uint8_t *)"\x04\x87\x7c\x39\xfd\x7c\x62\x23\x7e\x03\x82\x35\xe9\xc0\x75\xda\xb2\x61\x63\x0f\x78\xee\xb8\xed\xb9\x24\x87\x15\x9f\xff\xed\xfd\xf6\x04\x6c\x6f\x8b\x88\x1f\xa4\x07\xc4\xa4\xce\x6c\x28\xde\x0b\x19\xc1\xf4\xe2\x9f\x1f\xcb\xc5\xa5\x8f\xfd\x14\x32\xa3\xe0\x93\x8a", - (uint8_t *)"\x04\x73\x84\xc5\x1a\xe8\x1a\xdd\x0a\x52\x3a\xdb\xb1\x86\xc9\x1b\x90\x6f\xfb\x64\xc2\xc7\x65\x80\x2b\xf2\x6d\xbd\x13\xbd\xf1\x2c\x31\x9e\x80\xc2\x21\x3a\x13\x6c\x8e\xe0\x3d\x78\x74\xfd\x22\xb7\x0d\x68\xe7\xde\xe4\x69\xde\xcf\xbb\xb5\x10\xee\x9a\x46\x0c\xda\x45", +static const uint8_t * const pubkey[PUBKEYS] = { + (const uint8_t *)"\x04\xd5\x71\xb7\xf1\x48\xc5\xe4\x23\x2c\x38\x14\xf7\x77\xd8\xfa\xea\xf1\xa8\x42\x16\xc7\x8d\x56\x9b\x71\x04\x1f\xfc\x76\x8a\x5b\x2d\x81\x0f\xc3\xbb\x13\x4d\xd0\x26\xb5\x7e\x65\x00\x52\x75\xae\xde\xf4\x3e\x15\x5f\x48\xfc\x11\xa3\x2e\xc7\x90\xa9\x33\x12\xbd\x58", + (const uint8_t *)"\x04\x63\x27\x9c\x0c\x08\x66\xe5\x0c\x05\xc7\x99\xd3\x2b\xd6\xba\xb0\x18\x8b\x6d\xe0\x65\x36\xd1\x10\x9d\x2e\xd9\xce\x76\xcb\x33\x5c\x49\x0e\x55\xae\xe1\x0c\xc9\x01\x21\x51\x32\xe8\x53\x09\x7d\x54\x32\xed\xa0\x6b\x79\x20\x73\xbd\x77\x40\xc9\x4c\xe4\x51\x6c\xb1", + (const uint8_t *)"\x04\x43\xae\xdb\xb6\xf7\xe7\x1c\x56\x3f\x8e\xd2\xef\x64\xec\x99\x81\x48\x25\x19\xe7\xef\x4f\x4a\xa9\x8b\x27\x85\x4e\x8c\x49\x12\x6d\x49\x56\xd3\x00\xab\x45\xfd\xc3\x4c\xd2\x6b\xc8\x71\x0d\xe0\xa3\x1d\xbd\xf6\xde\x74\x35\xfd\x0b\x49\x2b\xe7\x0a\xc7\x5f\xde\x58", + (const uint8_t *)"\x04\x87\x7c\x39\xfd\x7c\x62\x23\x7e\x03\x82\x35\xe9\xc0\x75\xda\xb2\x61\x63\x0f\x78\xee\xb8\xed\xb9\x24\x87\x15\x9f\xff\xed\xfd\xf6\x04\x6c\x6f\x8b\x88\x1f\xa4\x07\xc4\xa4\xce\x6c\x28\xde\x0b\x19\xc1\xf4\xe2\x9f\x1f\xcb\xc5\xa5\x8f\xfd\x14\x32\xa3\xe0\x93\x8a", + (const uint8_t *)"\x04\x73\x84\xc5\x1a\xe8\x1a\xdd\x0a\x52\x3a\xdb\xb1\x86\xc9\x1b\x90\x6f\xfb\x64\xc2\xc7\x65\x80\x2b\xf2\x6d\xbd\x13\xbd\xf1\x2c\x31\x9e\x80\xc2\x21\x3a\x13\x6c\x8e\xe0\x3d\x78\x74\xfd\x22\xb7\x0d\x68\xe7\xde\xe4\x69\xde\xcf\xbb\xb5\x10\xee\x9a\x46\x0c\xda\x45", }; #define SIGNATURES 3 int signatures_ok(uint8_t *store_hash) { - uint32_t codelen = *((uint32_t *)FLASH_META_CODELEN); - uint8_t sigindex1, sigindex2, sigindex3; - - sigindex1 = *((uint8_t *)FLASH_META_SIGINDEX1); - sigindex2 = *((uint8_t *)FLASH_META_SIGINDEX2); - sigindex3 = *((uint8_t *)FLASH_META_SIGINDEX3); + const uint32_t codelen = *((const uint32_t *)FLASH_META_CODELEN); + const uint8_t sigindex1 = *((const uint8_t *)FLASH_META_SIGINDEX1); + const uint8_t sigindex2 = *((const uint8_t *)FLASH_META_SIGINDEX2); + const uint8_t sigindex3 = *((const uint8_t *)FLASH_META_SIGINDEX3); uint8_t hash[32]; - sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash); + sha256_Raw((const uint8_t *)FLASH_APP_START, codelen, hash); if (store_hash) { memcpy(store_hash, hash, 32); } @@ -61,13 +59,13 @@ int signatures_ok(uint8_t *store_hash) if (sigindex1 == sigindex3) return 0; // duplicate use if (sigindex2 == sigindex3) return 0; // duplicate use - if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure + if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (const uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure return 0; } - if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure + if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (const uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure return 0; } - if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture + if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (const uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture return 0; } diff --git a/bootloader/usb.c b/bootloader/usb.c index e4dc998e36..987ee3e128 100644 --- a/bootloader/usb.c +++ b/bootloader/usb.c @@ -183,24 +183,33 @@ static uint8_t meta_backup[FLASH_META_LEN]; static void send_msg_success(usbd_device *dev) { - // send response: Success message (id 2), payload len 0 + // response: Success message (id 2), payload len 0 while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN, - "?##" // header - "\x00\x02" // msg_id - "\x00\x00\x00\x00" // payload_len + // header + "?##" + // msg_id + "\x00\x02" + // msg_size + "\x00\x00\x00\x00" + // padding "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" , 64) != 64) {} } static void send_msg_failure(usbd_device *dev) { - // send response: Failure message (id 3), payload len 2 - // code = 99 (Failure_FirmwareError) + // response: Failure message (id 3), payload len 2 + // - code = 99 (Failure_FirmwareError) while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN, - "?##" // header - "\x00\x03" // msg_id - "\x00\x00\x00\x02" // payload_len - "\x08\x63" // data + // header + "?##" + // msg_id + "\x00\x03" + // msg_size + "\x00\x00\x00\x02" + // data + "\x08" "\x63" + // padding "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" , 64) != 64) {} } @@ -209,41 +218,66 @@ extern int firmware_present; static void send_msg_features(usbd_device *dev) { - // send response: Features message (id 17), payload len 30 - // vendor = "bitcointrezor.com" - // major_version = VERSION_MAJOR - // minor_version = VERSION_MINOR - // patch_version = VERSION_PATCH - // bootloader_mode = True - // firmware_present = True/False + // response: Features message (id 17), payload len 30 + // - vendor = "bitcointrezor.com" + // - major_version = VERSION_MAJOR + // - minor_version = VERSION_MINOR + // - patch_version = VERSION_PATCH + // - bootloader_mode = True + // - firmware_present = True/False if (firmware_present) { while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN, - "?##" // header - "\x00\x11" // msg_id - "\x00\x00\x00\x1e" // payload_len - "\x0a\x11" "bitcointrezor.com\x10" VERSION_MAJOR_CHAR "\x18" VERSION_MINOR_CHAR " " VERSION_PATCH_CHAR "(\x01" // data - "\x90\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + // header + "?##" + // msg_id + "\x00\x11" + // msg_size + "\x00\x00\x00\x1e" + // data + "\x0a" "\x11" "bitcointrezor.com" + "\x10" VERSION_MAJOR_CHAR + "\x18" VERSION_MINOR_CHAR + "\x20" VERSION_PATCH_CHAR + "\x28" "\x01" + "\x90\x01" "\x01" + // padding + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" , 64) != 64) {} } else { while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN, - "?##" // header - "\x00\x11" // msg_id - "\x00\x00\x00\x1e" // payload_len - "\x0a\x11" "bitcointrezor.com\x10" VERSION_MAJOR_CHAR "\x18" VERSION_MINOR_CHAR " " VERSION_PATCH_CHAR "(\x01" // data - "\x90\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + // header + "?##" + // msg_id + "\x00\x11" + // msg_size + "\x00\x00\x00\x1e" + // data + "\x0a\x11" "bitcointrezor.com" + "\x10" VERSION_MAJOR_CHAR + "\x18" VERSION_MINOR_CHAR + "\x20" VERSION_PATCH_CHAR + "\x28" "\x01" + "\x90\x01" "\x00" + // padding + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" , 64) != 64) {} } } static void send_msg_buttonrequest_firmwarecheck(usbd_device *dev) { - // send response: ButtonRequest message (id 26), payload len 2 - // code = ButtonRequest_FirmwareCheck (9) + // response: ButtonRequest message (id 26), payload len 2 + // - code = ButtonRequest_FirmwareCheck (9) while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN, - "?##" // header - "\x00\x1a" // msg_id - "\x00\x00\x00\x02" // payload_len - "\x08\x09" // data + // header + "?##" + // msg_id + "\x00\x1a" + // msg_size + "\x00\x00\x00\x02" + // data + "\x08" "\x09" + // padding "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" , 64) != 64) {} } From 09eaaa09ee705a48f02e8f800062132274d923cd Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sun, 16 Apr 2017 19:28:25 +0200 Subject: [PATCH 8/9] bootloader: don't show recovery seed warning if no firmware is present --- bootloader/usb.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/bootloader/usb.c b/bootloader/usb.c index 987ee3e128..9d5675b14c 100644 --- a/bootloader/usb.c +++ b/bootloader/usb.c @@ -322,12 +322,14 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep) if (flash_state == STATE_OPEN) { if (msg_id == 0x0006) { // FirmwareErase message (id 6) - layoutDialog(&bmp_icon_question, "Abort", "Continue", NULL, "Install new", "firmware?", NULL, "Never do this without", "your recovery card!", NULL); - do { - delay(100000); - buttonUpdate(); - } while (!button.YesUp && !button.NoUp); - if (button.YesUp) { + if (firmware_present) { + layoutDialog(&bmp_icon_question, "Abort", "Continue", NULL, "Install new", "firmware?", NULL, "Never do this without", "your recovery card!", NULL); + do { + delay(100000); + buttonUpdate(); + } while (!button.YesUp && !button.NoUp); + } + if (!firmware_present || button.YesUp) { // backup metadata memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_LEN); flash_unlock(); From 6eb74410a52352fd621962c2540ca0f4aef28837 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sun, 16 Apr 2017 19:28:51 +0200 Subject: [PATCH 9/9] update libopencm3 --- .travis.yml | 2 +- vendor/libopencm3 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4275c03c3a..2a7d42fcd2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ addons: - libnewlib-arm-none-eabi script: - - make -C vendor/libopencm3 + - CFLAGS="-std=c99" make -C vendor/libopencm3 - make - make -C firmware - make -C bootloader diff --git a/vendor/libopencm3 b/vendor/libopencm3 index d3fff11c1f..383fafc862 160000 --- a/vendor/libopencm3 +++ b/vendor/libopencm3 @@ -1 +1 @@ -Subproject commit d3fff11c1f68b706591c0d51c82d18a0bc88dc17 +Subproject commit 383fafc862c0d47f30965f00409d03a328049278