mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-27 08:38:07 +00:00
trezorhal: support for non-continous areas in check_image_contents
This commit is contained in:
parent
89cc35b195
commit
7ddfdf69d6
@ -182,8 +182,11 @@ int main(void)
|
||||
load_image_header((const uint8_t *)BOOTLOADER_START, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr),
|
||||
"invalid bootloader header");
|
||||
|
||||
uint8_t sectors[] = {
|
||||
FLASH_SECTOR_BOOTLOADER,
|
||||
};
|
||||
ensure(
|
||||
check_image_contents(&hdr, (const uint8_t *)BOOTLOADER_START, IMAGE_HEADER_SIZE, 1),
|
||||
check_image_contents(&hdr, IMAGE_HEADER_SIZE, sectors, 1),
|
||||
"invalid bootloader hash");
|
||||
|
||||
jump_to(BOOTLOADER_START + IMAGE_HEADER_SIZE);
|
||||
|
@ -327,8 +327,23 @@ int main(void)
|
||||
load_image_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub, &hdr),
|
||||
"invalid firmware header");
|
||||
|
||||
uint8_t sectors[] = {
|
||||
FLASH_SECTOR_FIRMWARE_START,
|
||||
7,
|
||||
8,
|
||||
9,
|
||||
10,
|
||||
FLASH_SECTOR_FIRMWARE_END,
|
||||
FLASH_SECTOR_FIRMWARE_EXTRA_START,
|
||||
18,
|
||||
19,
|
||||
20,
|
||||
21,
|
||||
22,
|
||||
FLASH_SECTOR_FIRMWARE_EXTRA_END,
|
||||
};
|
||||
ensure(
|
||||
check_image_contents(&hdr, (const uint8_t *)FIRMWARE_START, IMAGE_HEADER_SIZE + vhdr.hdrlen, 6),
|
||||
check_image_contents(&hdr, IMAGE_HEADER_SIZE + vhdr.hdrlen, sectors, 13),
|
||||
"invalid firmware hash");
|
||||
|
||||
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
|
||||
|
@ -5,9 +5,7 @@
|
||||
|
||||
// see docs/memory.md for more information
|
||||
|
||||
#define SECTOR_COUNT 24
|
||||
|
||||
static const uint32_t SECTOR_TABLE[SECTOR_COUNT + 1] = {
|
||||
const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = {
|
||||
[ 0] = 0x08000000, // - 0x08003FFF | 16 KiB
|
||||
[ 1] = 0x08004000, // - 0x08007FFF | 16 KiB
|
||||
[ 2] = 0x08008000, // - 0x0800BFFF | 16 KiB
|
||||
@ -68,7 +66,7 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p
|
||||
return false;
|
||||
}
|
||||
// check whether the sector was really deleted (contains only 0xFF)
|
||||
uint32_t addr_start = SECTOR_TABLE[sectors[i]], addr_end = SECTOR_TABLE[sectors[i] + 1];
|
||||
uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1];
|
||||
for (uint32_t addr = addr_start; addr < addr_end; addr += 4) {
|
||||
if (*((const uint32_t *)addr) != 0xFFFFFFFF) {
|
||||
return false;
|
||||
|
@ -38,6 +38,10 @@
|
||||
// 22
|
||||
#define FLASH_SECTOR_FIRMWARE_EXTRA_END 23
|
||||
|
||||
#define FLASH_SECTOR_COUNT 24
|
||||
|
||||
extern const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1];
|
||||
|
||||
void flash_set_option_bytes(void);
|
||||
|
||||
bool flash_unlock(void);
|
||||
|
@ -4,6 +4,7 @@
|
||||
#include "ed25519-donna/ed25519.h"
|
||||
|
||||
#include "common.h"
|
||||
#include "flash.h"
|
||||
#include "image.h"
|
||||
|
||||
static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res)
|
||||
@ -138,19 +139,24 @@ static bool check_hash(const uint8_t * const hash, const uint8_t * const data, i
|
||||
|
||||
#define MIN(a,b) ((a) < (b) ? (a) : (b))
|
||||
|
||||
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, uint32_t firstskip, int maxblocks)
|
||||
bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks)
|
||||
{
|
||||
if (!sectors || blocks < 1) {
|
||||
return false;
|
||||
}
|
||||
const void *data = (const void *)(FLASH_SECTOR_TABLE[sectors[0]] + firstskip);
|
||||
int remaining = hdr->codelen;
|
||||
if (!check_hash(hdr->hashes, data + firstskip, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) {
|
||||
if (!check_hash(hdr->hashes, data, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) {
|
||||
return false;
|
||||
}
|
||||
int block = 1;
|
||||
remaining -= IMAGE_CHUNK_SIZE - firstskip;
|
||||
while (remaining > 0) {
|
||||
if (block >= maxblocks) {
|
||||
if (block >= blocks) {
|
||||
return false;
|
||||
}
|
||||
if (!check_hash(hdr->hashes + block * 32, data + block * IMAGE_CHUNK_SIZE, MIN(remaining, IMAGE_CHUNK_SIZE))) {
|
||||
data = (const void *)FLASH_SECTOR_TABLE[sectors[block]];
|
||||
if (!check_hash(hdr->hashes + block * 32, data, MIN(remaining, IMAGE_CHUNK_SIZE))) {
|
||||
return false;
|
||||
}
|
||||
block++;
|
||||
|
@ -48,6 +48,6 @@ bool load_image_header(const uint8_t * const data, const uint32_t magic, const u
|
||||
|
||||
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
|
||||
|
||||
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, uint32_t firstskip, int maxblocks);
|
||||
bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks);
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user