arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-06-05 15:48:45 +00:00
Code Issues Releases Wiki Activity

boardloader, bootloader: add write-protection and downgrade-protection respectively

Browse Source
This commit is contained in:
Pavol Rusnak 2017-10-12 14:35:01 +02:00
parent 9a0c8f4687
commit 66b6406b7c
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
embed/boardloader/main.c
View File

@ -144,6 +144,10 @@ int main(void)
{ {
__stack_chk_guard = rng_get(); __stack_chk_guard = rng_get();
#if PRODUCTION
flash_set_option_bytes();
#endif
clear_otg_hs_memory(); clear_otg_hs_memory();
periph_init(); periph_init();

26
embed/bootloader/main.c
View File

@ -176,10 +176,36 @@ void mainloop(void)
} }
} }
// protection against bootloader downgrade
#define BOOTLOADER_VERSION_OTP_BLOCK 1
void check_bootloader_version(void)
{
uint8_t bits[FLASH_OTP_BLOCK_SIZE];
for (int i = 0; i < FLASH_OTP_BLOCK_SIZE * 8; i++) {
if (i < VERSION_MONOTONIC) {
bits[i / 8] &= ~(1 << (7 - (i % 8)));
} else {
bits[i / 8] |= (1 << (7 - (i % 8)));
}
}
trassert(true == flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
uint8_t bits2[FLASH_OTP_BLOCK_SIZE];
trassert(true == flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
trassert(0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE), "Bootloader downgraded");
}
int main(void) int main(void)
{ {
__stack_chk_guard = rng_get(); __stack_chk_guard = rng_get();
#if PRODUCTION
check_bootloader_version();
#endif
periph_init(); periph_init();
display_pwm_init(); display_pwm_init();

2
embed/bootloader/version.h
View File

@ -2,3 +2,5 @@
#define VERSION_MINOR 1 #define VERSION_MINOR 1
#define VERSION_PATCH 0 #define VERSION_PATCH 0
#define VERSION_BUILD 0 #define VERSION_BUILD 0
#define VERSION_MONOTONIC 1

2
embed/trezorhal/flash.c
View File

@ -56,8 +56,6 @@ bool flash_write_word(uint32_t address, uint32_t data)
} }
#define FLASH_OTP_LOCK_BASE 0x1FFF7A00U #define FLASH_OTP_LOCK_BASE 0x1FFF7A00U
#define FLASH_OTP_NUM_BLOCKS 16
#define FLASH_OTP_BLOCK_SIZE 32
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
{ {

3
embed/trezorhal/flash.h
View File

@ -24,6 +24,9 @@ bool flash_erase_sectors(int start, int end, void (*progress)(uint16_t val));
bool flash_write_byte(uint32_t address, uint8_t data); bool flash_write_byte(uint32_t address, uint8_t data);
bool flash_write_word(uint32_t address, uint32_t data); bool flash_write_word(uint32_t address, uint32_t data);
#define FLASH_OTP_NUM_BLOCKS 16
#define FLASH_OTP_BLOCK_SIZE 32
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen); bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen);
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen); bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen);
bool flash_otp_lock(uint8_t block); bool flash_otp_lock(uint8_t block);