mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-05 04:50:57 +00:00
feat(legacy): better debugability for various PRODUCTION bootloader/FW settings
This commit is contained in:
parent
701d75d6d8
commit
5b5e4a8b3e
@ -110,6 +110,9 @@ trezorctl firmware-update -f build/legacy/firmware/firmware.bin
|
|||||||
|
|
||||||
## Combining bootloader and firmware with various `PRODUCTION` settings, signed/unsigned
|
## Combining bootloader and firmware with various `PRODUCTION` settings, signed/unsigned
|
||||||
|
|
||||||
|
This is an issue before firmware 1.11.2, historical versions need to be built according
|
||||||
|
to this table.
|
||||||
|
|
||||||
Not all combinations of bootloader and firmware will work. This depends on
|
Not all combinations of bootloader and firmware will work. This depends on
|
||||||
3 variables: PRODUCTION of bootloader, PRODUCTION of firmware, whether firmware is signed
|
3 variables: PRODUCTION of bootloader, PRODUCTION of firmware, whether firmware is signed
|
||||||
|
|
||||||
@ -118,9 +121,9 @@ This table shows the result for bootloader 1.8.0+ and 1.9.1+:
|
|||||||
| Bootloader PRODUCTION | Firmware PRODUCTION | Is firmware officially signed? | Result |
|
| Bootloader PRODUCTION | Firmware PRODUCTION | Is firmware officially signed? | Result |
|
||||||
| ------------------------- | ----------------------- | ------------------------------ | ------------------------------------------------------------------------------------------ |
|
| ------------------------- | ----------------------- | ------------------------------ | ------------------------------------------------------------------------------------------ |
|
||||||
| 1 | 1 | yes | works, official configuration |
|
| 1 | 1 | yes | works, official configuration |
|
||||||
| 1 | 1 | no | hardfault in header.S when setting VTOR and stack |
|
| 1 | 1 | no | hardfault in startup.S when setting VTOR and stack |
|
||||||
| 0 | 1 | no | works, but don't forget to comment out `check_and_replace_bootloader`, otherwise it'll get overwritten |
|
| 0 | 1 | no | works, but don't forget to comment out `check_and_replace_bootloader`, otherwise it'll get overwritten |
|
||||||
| 0 | 0 | no | hard fault because header.S doesn't set VTOR and stack right |
|
| 0 | 0 | no | hard fault because startup.S doesn't set VTOR and stack right |
|
||||||
| 1 | 0 | no | works |
|
| 1 | 0 | no | works |
|
||||||
|
|
||||||
The other three possibilities with signed firmware and `PRODUCTION!=0` for bootloader/firmware don't exist.
|
The other three possibilities with signed firmware and `PRODUCTION!=0` for bootloader/firmware don't exist.
|
||||||
|
1
legacy/bootloader/.changelog.d/2423.fixed
Normal file
1
legacy/bootloader/.changelog.d/2423.fixed
Normal file
@ -0,0 +1 @@
|
|||||||
|
Better way to debug T1 combinations of debug/production combinations of bootloader and firmware
|
@ -161,6 +161,12 @@ int main(void) {
|
|||||||
if (SIG_OK != signed_firmware) {
|
if (SIG_OK != signed_firmware) {
|
||||||
show_unofficial_warning(fingerprint);
|
show_unofficial_warning(fingerprint);
|
||||||
}
|
}
|
||||||
|
#if !PRODUCTION
|
||||||
|
// try to avoid bricking board SWD debug by accident
|
||||||
|
else {
|
||||||
|
show_halt("Official firmware", "Won't flash on debug device");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (SIG_OK != check_firmware_hashes(hdr)) {
|
if (SIG_OK != check_firmware_hashes(hdr)) {
|
||||||
show_halt("Broken firmware", "detected.");
|
show_halt("Broken firmware", "detected.");
|
||||||
|
@ -20,9 +20,30 @@ memset_reg:
|
|||||||
.type reset_handler, STT_FUNC
|
.type reset_handler, STT_FUNC
|
||||||
reset_handler:
|
reset_handler:
|
||||||
|
|
||||||
#if PRODUCTION
|
// We need to perform VTOR+stack setup case an old bootloader (<1.8.0)
|
||||||
// we need to perform this in case an old bootloader (<1.8.0)
|
// is starting the new firmware, these will be set incorrectly.
|
||||||
// is starting the new firmware, these will be set incorrectly
|
|
||||||
|
// To make development easier, set only if we are in privileged
|
||||||
|
// mode. This resolves annoying combinations of PRODUCTION
|
||||||
|
// settings for bootloader and FW.
|
||||||
|
// Normally only signed firmware will let bootloader start FW
|
||||||
|
// in privileged mode (PRODUCTION=1 variants with signed everything).
|
||||||
|
// But with devel bootloader we let FW start in privileged mode
|
||||||
|
// and let's do the check if we can set VTOR without fault
|
||||||
|
|
||||||
|
// Since this startup code is shared with bootloader and FW,
|
||||||
|
// a) in case of bootloader MCU starts in privileged mode,
|
||||||
|
// so the jump to "setup_as_unprivileged" never happens.
|
||||||
|
// VTOR and stack are set from MCU startup
|
||||||
|
// b) in case of FW it will attempt to set VTOR and stack
|
||||||
|
// which will work for both signed bootloader+FW, but
|
||||||
|
// also for other variants with debug bootloader and
|
||||||
|
// unsigned FW or official bootloader and usigned FW
|
||||||
|
mrs r3, control
|
||||||
|
and r3, r3, #1
|
||||||
|
cmp r3, #1
|
||||||
|
beq .setup_as_unprivileged
|
||||||
|
|
||||||
ldr r0, =0xE000ED08 // r0 = VTOR address
|
ldr r0, =0xE000ED08 // r0 = VTOR address
|
||||||
ldr r1, =0x08010400 // r1 = FLASH_APP_START
|
ldr r1, =0x08010400 // r1 = FLASH_APP_START
|
||||||
str r1, [r0] // assign
|
str r1, [r0] // assign
|
||||||
@ -30,8 +51,8 @@ reset_handler:
|
|||||||
msr msp, r0 // set stack pointer
|
msr msp, r0 // set stack pointer
|
||||||
dsb
|
dsb
|
||||||
isb
|
isb
|
||||||
#endif
|
|
||||||
|
|
||||||
|
.setup_as_unprivileged:
|
||||||
ldr r0, =_stay_in_bootloader_flag_addr // r0 - address of storage for "stay in bootloader" flag
|
ldr r0, =_stay_in_bootloader_flag_addr // r0 - address of storage for "stay in bootloader" flag
|
||||||
ldr r11, [r0] // r11 - keep in register and hope it gets to main
|
ldr r11, [r0] // r11 - keep in register and hope it gets to main
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user