mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-29 19:08:12 +00:00
bootloader: Delay flashing firmware magic.
Only flash firmware magic at the end. Also simplified the code a bit.
This commit is contained in:
parent
6deb9fde32
commit
b4a61d60c3
@ -36,6 +36,8 @@
|
|||||||
#include "ecdsa.h"
|
#include "ecdsa.h"
|
||||||
#include "secp256k1.h"
|
#include "secp256k1.h"
|
||||||
|
|
||||||
|
#define FIRMWARE_MAGIC "TRZR"
|
||||||
|
|
||||||
#define ENDPOINT_ADDRESS_IN (0x81)
|
#define ENDPOINT_ADDRESS_IN (0x81)
|
||||||
#define ENDPOINT_ADDRESS_OUT (0x01)
|
#define ENDPOINT_ADDRESS_OUT (0x01)
|
||||||
|
|
||||||
@ -479,8 +481,16 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
|
|||||||
layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Firmware is too big.", NULL, "Get official firmware", "from trezor.io/start", NULL, NULL);
|
layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Firmware is too big.", NULL, "Get official firmware", "from trezor.io/start", NULL, NULL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
// check firmware magic
|
||||||
|
if (memcmp(p, FIRMWARE_MAGIC, 4) != 0) {
|
||||||
|
send_msg_failure(dev);
|
||||||
|
flash_state = STATE_END;
|
||||||
|
layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Wrong firmware header.", NULL, "Get official firmware", "from trezor.io/start", NULL, NULL);
|
||||||
|
return;
|
||||||
|
}
|
||||||
flash_state = STATE_FLASHING;
|
flash_state = STATE_FLASHING;
|
||||||
flash_pos = 0;
|
p += 4; // Don't flash firmware header yet.
|
||||||
|
flash_pos = 4;
|
||||||
wi = 0;
|
wi = 0;
|
||||||
flash_unlock();
|
flash_unlock();
|
||||||
while (p < buf + 64) {
|
while (p < buf + 64) {
|
||||||
@ -560,31 +570,23 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
|
|||||||
|
|
||||||
layoutProgress("INSTALLING ... Please wait", 1000);
|
layoutProgress("INSTALLING ... Please wait", 1000);
|
||||||
uint8_t flags = *((uint8_t *)FLASH_META_FLAGS);
|
uint8_t flags = *((uint8_t *)FLASH_META_FLAGS);
|
||||||
// check if to restore old storage area but only if signatures are ok
|
// wipe storage if signatures are not ok or the firmware flag isn't set.
|
||||||
if ((flags & 0x01) && signatures_ok(NULL)) {
|
if ((flags & 0x01) == 0 || !signatures_ok(NULL)) {
|
||||||
// copy new stuff
|
memset(meta_backup, 0, sizeof(meta_backup));
|
||||||
memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
|
|
||||||
// replace "TRZR" in header with 0000 when hash not confirmed
|
|
||||||
if (!hash_check_ok) {
|
|
||||||
meta_backup[0] = 0;
|
|
||||||
meta_backup[1] = 0;
|
|
||||||
meta_backup[2] = 0;
|
|
||||||
meta_backup[3] = 0;
|
|
||||||
}
|
}
|
||||||
// erase storage
|
// copy new firmware header
|
||||||
erase_metadata_sectors();
|
memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
|
||||||
// restore metadata from backup
|
// write "TRZR" in header only when hash was confirmed
|
||||||
|
if (hash_check_ok) {
|
||||||
|
memcpy(meta_backup, FIRMWARE_MAGIC, 4);
|
||||||
|
} else {
|
||||||
|
memset(meta_backup, 0, 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
// no need to erase, because we are not changing any already flashed byte.
|
||||||
restore_metadata(meta_backup);
|
restore_metadata(meta_backup);
|
||||||
memset(meta_backup, 0, sizeof(meta_backup));
|
memset(meta_backup, 0, sizeof(meta_backup));
|
||||||
} else {
|
|
||||||
// replace "TRZR" in header with 0000 when hash not confirmed
|
|
||||||
if (!hash_check_ok) {
|
|
||||||
// no need to erase, because we are just erasing bits
|
|
||||||
flash_unlock();
|
|
||||||
flash_program_word(FLASH_META_START, 0x00000000);
|
|
||||||
flash_lock();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
flash_state = STATE_END;
|
flash_state = STATE_END;
|
||||||
if (hash_check_ok) {
|
if (hash_check_ok) {
|
||||||
layoutDialog(&bmp_icon_ok, NULL, NULL, NULL, "New firmware", "successfully installed.", NULL, "You may now", "unplug your TREZOR.", NULL);
|
layoutDialog(&bmp_icon_ok, NULL, NULL, NULL, "New firmware", "successfully installed.", NULL, "You may now", "unplug your TREZOR.", NULL);
|
||||||
|
Loading…
Reference in New Issue
Block a user