arno
/
trezor-firmware
mirror of https://github.com/trezor/trezor-firmware.git
1
0
Fork 0
Code Issues Releases Wiki Activity

bootloader/vendorheader: vtrust is bitmap not scalar

Browse Source
pull/25/head
Pavol Rusnak 7 years ago
parent e40c436b82
commit 3636a5f1b1
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
7 changed files with 50 additions and 21 deletions
Show Stats Download Patch File Download Diff File

4
Makefile
Unescape View File

@ -165,11 +165,11 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
## misc commands:
vendorheader: ## construct and sign the default vendor header
./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 50 DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 65534 DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 `./tools/combine_sign vendorheader embed/firmware/vendorheader.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
vendorheader_sl: ## construct SatoshiLabs vendor header
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 80 SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 65534 SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
binctl: ## print info about binary files
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin

17
docs/bootloader.md
Unescape View File

@ -112,8 +112,8 @@ of 512 bytes.
| 0x000D | 1 | vminor | version (minor) |
| 0x000E | 1 | vsig_m | number of signatures needed to run the firmware from this vendor |
| 0x000F | 1 | vsig_n | number of different pubkeys vendor provides for signing |
| 0x0010 | 1 | vtrust | level of vendor trust (0-100) |
| 0x0011 | 15 | reserved | not used yet (zeroed) |
| 0x0010 | 2 | vtrust | level of vendor trust (bitmap) |
| 0x0012 | 14 | reserved | not used yet (zeroed) |
| 0x0020 | 32 | vpub1 | vendor pubkey 1 |
| ... | ... | ... | ... |
| ? | 32 | vpubn | vendor pubkey n |
@ -125,6 +125,19 @@ of 512 bytes.
| ? | 1 | sigmask | SatoshiLabs signature indexes (bitmap) |
| ? | 64 | sig | SatoshiLabs aggregated signature of the vendor header |
#### Vendor Trust
Vendor trust is stored as bitmap where unset bit means the feature is active.
| bit | hex | meaning |
|-----|--------|-----------------------------------------|
| 0 | 0x0001 | wait 1 second |
| 1 | 0x0002 | wait 2 seconds |
| 2 | 0x0004 | wait 4 seconds |
| 3 | 0x0008 | wait 8 seconds |
| 4 | 0x0010 | use red background instead of black one |
| 5 | 0x0020 | require user click |
### Firmware Header
Total length of firmware header is always 1024 bytes.

32
embed/bootloader/main.c
Unescape View File

@ -89,9 +89,13 @@ void display_welcome(secbool firmware_present)
#define VENDOR_IMAGE_RESX 120
#define VENDOR_IMAGE_RESY 120
void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, uint32_t fw_version)
void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, uint32_t fw_version, char red_background)
{
display_clear();
if (red_background) {
display_bar(0, 0, DISPLAY_RESX, DISPLAY_RESY, COLOR_BL_RED);
} else {
display_clear();
}
if (memcmp(vimg, "TOIf", 4) != 0) {
return;
}
@ -102,7 +106,7 @@ void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, ui
}
uint32_t datalen = *(uint32_t *)(vimg + 8);
display_image((DISPLAY_RESX - w) / 2, 32, w, h, vimg + 12, datalen);
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 48, vstr, vstr_len, FONT_BOLD, COLOR_WHITE, COLOR_BLACK);
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 48, vstr, vstr_len, FONT_BOLD, COLOR_WHITE, red_background ? COLOR_BL_RED : COLOR_BLACK);
char ver_str[32];
mini_snprintf(ver_str, sizeof(ver_str), "%d.%d.%d.%d",
(int)(fw_version & 0xFF),
@ -110,7 +114,7 @@ void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, ui
(int)((fw_version >> 16) & 0xFF),
(int)((fw_version >> 24) & 0xFF)
);
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 25, ver_str, -1, FONT_BOLD, COLOR_GRAY128, COLOR_BLACK);
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 25, ver_str, -1, FONT_BOLD, COLOR_GRAY128, red_background ? COLOR_BL_RED : COLOR_BLACK);
display_refresh();
}
@ -339,14 +343,26 @@ int main(void)
check_image_contents(&hdr, IMAGE_HEADER_SIZE + vhdr.hdrlen, sectors, 13),
"invalid firmware hash");
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version, (vhdr.vtrust & 0x0010) == 0);
display_fade(0, BACKLIGHT_NORMAL, 1000);
if (vhdr.vtrust < 50) {
if ((vhdr.vtrust & 0x0001) == 0) {
hal_delay(1000);
}
if ((vhdr.vtrust & 0x0002) == 0) {
hal_delay(2000);
}
if ((vhdr.vtrust & 0x0004) == 0) {
hal_delay(4000);
}
if ((vhdr.vtrust & 0x0008) == 0) {
hal_delay(8000);
}
if ((vhdr.vtrust & 0x0020) == 0) {
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 2, "click to continue ...", -1, FONT_BOLD, COLOR_GRAY64, COLOR_BLACK);
touch_click();
} else {
hal_delay(1000);
}
display_fade(BACKLIGHT_NORMAL, 0, 500);
display_clear();

2
embed/trezorhal/image.c
Unescape View File

@ -88,7 +88,7 @@ secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t ke
memcpy(&vhdr->vsig_m, data + 14, 1);
memcpy(&vhdr->vsig_n, data + 15, 1);
memcpy(&vhdr->vtrust, data + 16, 1);
memcpy(&vhdr->vtrust, data + 16, 2);
if (vhdr->vsig_n > MAX_VENDOR_PUBLIC_KEYS) {
return secfalse;

4
embed/trezorhal/image.h
Unescape View File

@ -41,8 +41,8 @@ typedef struct {
uint16_t version;
uint8_t vsig_m;
uint8_t vsig_n;
uint8_t vtrust;
// uint8_t reserved[15];
uint16_t vtrust;
// uint8_t reserved[14];
const uint8_t *vpub[MAX_VENDOR_PUBLIC_KEYS];
uint8_t vstr_len;
const uint8_t *vstr;

8
tools/binctl
Unescape View File

@ -146,7 +146,7 @@ class BootloaderImage(BinImage):
class VendorHeader(object):
def __init__(self, data):
header = struct.unpack('<4sIIBBBBB', data[:17])
header = struct.unpack('<4sIIBBBBH', data[:18])
self.magic, \
self.hdrlen, \
self.expiry, \
@ -189,7 +189,7 @@ class VendorHeader(object):
print(' * expiry :', self.expiry)
print(' * version : %d.%d' % (self.vmajor, self.vminor))
print(' * scheme : %d out of %d' % (self.vsig_m, self.vsig_n))
print(' * trust :', self.vtrust)
print(' * trust :', self.vtrust, '=', bin(self.vtrust))
for i in range(self.vsig_n):
print(' * vpub #%d :' % (i + 1), binascii.hexlify(self.vpub[i]).decode())
print(' * vstr :', self.vstr.decode())
@ -199,11 +199,11 @@ class VendorHeader(object):
print()
def serialize_header(self, sig=True):
header = struct.pack('<4sIIBBBBB',
header = struct.pack('<4sIIBBBBH',
self.magic, self.hdrlen, self.expiry,
self.vmajor, self.vminor,
self.vsig_m, self.vsig_n, self.vtrust)
header += 15 * b'\x00'
header += 14 * b'\x00'
for i in range(self.vsig_n):
header += self.vpub[i]
header += struct.pack('<B', self.vstr_len) + self.vstr

4
tools/build_vendorheader
Unescape View File

@ -37,8 +37,8 @@ def main():
expiry = 0
vheader = b'TRZV' + \
struct.pack('<IIBBBBB', 0, expiry, vmajor, vminor, m, len(keys), vtrust)
vheader += 15 * b'\0'
struct.pack('<IIBBBBH', 0, expiry, vmajor, vminor, m, len(keys), vtrust)
vheader += 14 * b'\0'
for k in keys:
vheader += k
vheader += encode_vendor(vname) + open(ifn, 'rb').read()

Write Preview
Loading…
Cancel
Save