mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-22 06:18:07 +00:00
feat(legacy): make sure that known_bootloader check contains the hash of our bundled bootloader
This commit is contained in:
parent
cb882df100
commit
397a2ab18e
@ -75,8 +75,8 @@ static int known_bootloader(int r, const uint8_t *hash) {
|
||||
// note to those verifying these values: bootloader versions above this
|
||||
// comment are aligned/padded to 32KiB with trailing 0xFF bytes and versions
|
||||
// below are padded with 0x00.
|
||||
// for more info, refer to "make -C
|
||||
// bootloader align" and
|
||||
//
|
||||
// for more info, refer to "make -C bootloader align" and
|
||||
// "firmware/bl_data.py".
|
||||
if (0 ==
|
||||
memcmp(hash,
|
||||
|
@ -9,11 +9,27 @@ if len(data) > 32768:
|
||||
|
||||
data += b"\x00" * (32768 - len(data))
|
||||
|
||||
h = sha256(sha256(data).digest()).digest()
|
||||
bh = sha256(sha256(data).digest()).digest()
|
||||
|
||||
bl_hash = ", ".join("0x%02x" % x for x in bytearray(h))
|
||||
bl_hash = ", ".join("0x%02x" % x for x in bytearray(bh))
|
||||
bl_data = ", ".join("0x%02x" % x for x in bytearray(data))
|
||||
|
||||
with open("bl_data.h", "wt") as f:
|
||||
f.write("static const uint8_t bl_hash[32] = {%s};\n" % bl_hash)
|
||||
f.write("static const uint8_t bl_data[32768] = {%s};\n" % bl_data)
|
||||
|
||||
# make sure the last item listed in known_bootloader function
|
||||
# is our bootloader
|
||||
with open("bl_check.c", "rt") as f:
|
||||
hashes = []
|
||||
for l in f.readlines():
|
||||
if not len(l) >= 78 or not l.startswith(' "\\x'):
|
||||
continue
|
||||
l = l[14:78]
|
||||
h = ""
|
||||
for i in range(0, len(l), 4):
|
||||
h += l[i + 2 : i + 4]
|
||||
hashes.append(h)
|
||||
check = hashes[-2] + hashes[-1]
|
||||
if check != bh.hex():
|
||||
raise Exception("bootloader hash not listed in bl_check.c")
|
||||
|
Loading…
Reference in New Issue
Block a user