From dbe444029a1dad58652f91e2c81d8cbe4318993c Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Thu, 15 Mar 2018 04:15:41 +0100 Subject: [PATCH] bootloader: guard signatures_ok calls with firmware_present (or !brand_new_firmware) --- bootloader/signatures.c | 2 ++ bootloader/usb.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/bootloader/signatures.c b/bootloader/signatures.c index e178ecec7a..9f9e540f6a 100644 --- a/bootloader/signatures.c +++ b/bootloader/signatures.c @@ -40,6 +40,8 @@ static const uint8_t * const pubkey[PUBKEYS] = { int signatures_ok(uint8_t *store_hash) { + if (!firmware_present()) return SIG_FAIL; // no firmware present + const uint32_t codelen = *((const uint32_t *)FLASH_META_CODELEN); const uint8_t sigindex1 = *((const uint8_t *)FLASH_META_SIGINDEX1); const uint8_t sigindex2 = *((const uint8_t *)FLASH_META_SIGINDEX2); diff --git a/bootloader/usb.c b/bootloader/usb.c index 4dea3c15a5..4fbf088126 100644 --- a/bootloader/usb.c +++ b/bootloader/usb.c @@ -476,7 +476,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep) } if (brand_new_firmware || button.YesUp) { // check whether current firmware is signed - if (SIG_OK == signatures_ok(NULL)) { + if (!brand_new_firmware && SIG_OK == signatures_ok(NULL)) { old_was_unsigned = false; // backup metadata backup_metadata(meta_backup); @@ -632,10 +632,11 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep) layoutProgress("INSTALLING ... Please wait", 1000); uint8_t flags = *((uint8_t *)FLASH_META_FLAGS); // wipe storage if: + // 0) there was no firmware // 1) old firmware was unsigned // 2) firmware restore flag isn't set // 3) signatures are not ok - if (old_was_unsigned || (flags & 0x01) == 0 || SIG_OK != signatures_ok(NULL)) { + if (brand_new_firmware || old_was_unsigned || (flags & 0x01) == 0 || SIG_OK != signatures_ok(NULL)) { memzero(meta_backup, sizeof(meta_backup)); } // copy new firmware header