arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-05-27 11:18:51 +00:00
Code Issues Releases Wiki Activity

bootloader: erase storage on vendor change

Browse Source
This commit is contained in:
Pavol Rusnak 2017-10-27 18:45:09 +02:00
parent 836508657d
commit 5d6d342813
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
embed/bootloader/messages.c
View File

@ -125,8 +125,7 @@ static secbool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fi
#define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default #define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default
#define MSG_SEND_ASSIGN_VALUE(FIELD, VALUE) { msg_send.has_##FIELD = true; msg_send.FIELD = VALUE; } #define MSG_SEND_ASSIGN_VALUE(FIELD, VALUE) { msg_send.has_##FIELD = true; msg_send.FIELD = VALUE; }
// FIXME: strcpy -> strncpy #define MSG_SEND_ASSIGN_STRING(FIELD, VALUE) { msg_send.has_##FIELD = true; memset(msg_send.FIELD, 0, sizeof(msg_send.FIELD)); strncpy(msg_send.FIELD, VALUE, sizeof(msg_send.FIELD) - 1); }
#define MSG_SEND_ASSIGN_STRING(FIELD, VALUE) { msg_send.has_##FIELD = true; strcpy(msg_send.FIELD, VALUE); }
#define MSG_SEND(TYPE) _send_msg(iface_num, MessageType_MessageType_##TYPE, TYPE##_fields, &msg_send) #define MSG_SEND(TYPE) _send_msg(iface_num, MessageType_MessageType_##TYPE, TYPE##_fields, &msg_send)
typedef struct { typedef struct {
@ -320,6 +319,16 @@ static image_header hdr;
extern secbool load_vendor_header_keys(const uint8_t * const data, vendor_header * const vhdr); extern secbool load_vendor_header_keys(const uint8_t * const data, vendor_header * const vhdr);
secbool compare_to_current_vendor_header(const vendor_header * const new_vhdr)
{
vendor_header current_vhdr;
if (sectrue != load_vendor_header_keys((const uint8_t *)FIRMWARE_START, &current_vhdr)) {
return secfalse;
}
// TODO: less strict rules
return sectrue * (0 == memcmp(new_vhdr, &current_vhdr, sizeof(vendor_header)));
}
int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf) int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf)
{ {
MSG_RECV_INIT(FirmwareUpload); MSG_RECV_INIT(FirmwareUpload);
@ -352,7 +361,17 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *bu
return -3; return -3;
} }
// TODO: erase storage if vendor is being changed if (sectrue != compare_to_current_vendor_header(&vhdr)) {
uint8_t sectors_storage[] = {
FLASH_SECTOR_STORAGE_1,
FLASH_SECTOR_STORAGE_2,
};
ensure(flash_erase_sectors(sectors_storage, 2, NULL), NULL);
uint8_t sectors_pin[] = {
FLASH_SECTOR_PIN_AREA,
};
ensure(flash_erase_sectors(sectors_pin, 2, NULL), NULL);
}
firstskip = IMAGE_HEADER_SIZE + vhdr.hdrlen; firstskip = IMAGE_HEADER_SIZE + vhdr.hdrlen;
} }

3
embed/trezorhal/flash.c
View File

@ -55,12 +55,12 @@ secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(in
EraseInitStruct.TypeErase = FLASH_TYPEERASE_SECTORS; EraseInitStruct.TypeErase = FLASH_TYPEERASE_SECTORS;
EraseInitStruct.VoltageRange = FLASH_VOLTAGE_RANGE_3; EraseInitStruct.VoltageRange = FLASH_VOLTAGE_RANGE_3;
EraseInitStruct.NbSectors = 1; EraseInitStruct.NbSectors = 1;
uint32_t SectorError = 0;
if (progress) { if (progress) {
progress(0, len); progress(0, len);
} }
for (int i = 0; i < len; i++) { for (int i = 0; i < len; i++) {
EraseInitStruct.Sector = sectors[i]; EraseInitStruct.Sector = sectors[i];
uint32_t SectorError;
if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) { if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) {
flash_lock(); flash_lock();
return secfalse; return secfalse;
@ -69,6 +69,7 @@ secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(in
uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1]; uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1];
for (uint32_t addr = addr_start; addr < addr_end; addr += 4) { for (uint32_t addr = addr_start; addr < addr_end; addr += 4) {
if (*((const uint32_t *)addr) != 0xFFFFFFFF) { if (*((const uint32_t *)addr) != 0xFFFFFFFF) {
flash_lock();
return secfalse; return secfalse;
} }
} }