1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-02 19:40:57 +00:00

feat(legacy): better debugability for various PRODUCTION bootloader/FW settings

This commit is contained in:
Ondrej Mikle 2022-07-30 00:14:37 +02:00 committed by matejcik
parent 701d75d6d8
commit 5b5e4a8b3e
4 changed files with 37 additions and 6 deletions

View File

@ -110,6 +110,9 @@ trezorctl firmware-update -f build/legacy/firmware/firmware.bin
## Combining bootloader and firmware with various `PRODUCTION` settings, signed/unsigned
This is an issue before firmware 1.11.2, historical versions need to be built according
to this table.
Not all combinations of bootloader and firmware will work. This depends on
3 variables: PRODUCTION of bootloader, PRODUCTION of firmware, whether firmware is signed
@ -118,9 +121,9 @@ This table shows the result for bootloader 1.8.0+ and 1.9.1+:
| Bootloader PRODUCTION | Firmware PRODUCTION | Is firmware officially signed? | Result |
| ------------------------- | ----------------------- | ------------------------------ | ------------------------------------------------------------------------------------------ |
| 1 | 1 | yes | works, official configuration |
| 1 | 1 | no | hardfault in header.S when setting VTOR and stack |
| 1 | 1 | no | hardfault in startup.S when setting VTOR and stack |
| 0 | 1 | no | works, but don't forget to comment out `check_and_replace_bootloader`, otherwise it'll get overwritten |
| 0 | 0 | no | hard fault because header.S doesn't set VTOR and stack right |
| 0 | 0 | no | hard fault because startup.S doesn't set VTOR and stack right |
| 1 | 0 | no | works |
The other three possibilities with signed firmware and `PRODUCTION!=0` for bootloader/firmware don't exist.

View File

@ -0,0 +1 @@
Better way to debug T1 combinations of debug/production combinations of bootloader and firmware

View File

@ -161,6 +161,12 @@ int main(void) {
if (SIG_OK != signed_firmware) {
show_unofficial_warning(fingerprint);
}
#if !PRODUCTION
// try to avoid bricking board SWD debug by accident
else {
show_halt("Official firmware", "Won't flash on debug device");
}
#endif
if (SIG_OK != check_firmware_hashes(hdr)) {
show_halt("Broken firmware", "detected.");

View File

@ -20,9 +20,30 @@ memset_reg:
.type reset_handler, STT_FUNC
reset_handler:
#if PRODUCTION
// we need to perform this in case an old bootloader (<1.8.0)
// is starting the new firmware, these will be set incorrectly
// We need to perform VTOR+stack setup case an old bootloader (<1.8.0)
// is starting the new firmware, these will be set incorrectly.
// To make development easier, set only if we are in privileged
// mode. This resolves annoying combinations of PRODUCTION
// settings for bootloader and FW.
// Normally only signed firmware will let bootloader start FW
// in privileged mode (PRODUCTION=1 variants with signed everything).
// But with devel bootloader we let FW start in privileged mode
// and let's do the check if we can set VTOR without fault
// Since this startup code is shared with bootloader and FW,
// a) in case of bootloader MCU starts in privileged mode,
// so the jump to "setup_as_unprivileged" never happens.
// VTOR and stack are set from MCU startup
// b) in case of FW it will attempt to set VTOR and stack
// which will work for both signed bootloader+FW, but
// also for other variants with debug bootloader and
// unsigned FW or official bootloader and usigned FW
mrs r3, control
and r3, r3, #1
cmp r3, #1
beq .setup_as_unprivileged
ldr r0, =0xE000ED08 // r0 = VTOR address
ldr r1, =0x08010400 // r1 = FLASH_APP_START
str r1, [r0] // assign
@ -30,8 +51,8 @@ reset_handler:
msr msp, r0 // set stack pointer
dsb
isb
#endif
.setup_as_unprivileged:
ldr r0, =_stay_in_bootloader_flag_addr // r0 - address of storage for "stay in bootloader" flag
ldr r11, [r0] // r11 - keep in register and hope it gets to main