1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 23:08:14 +00:00

fix(core/bootloader): fix firmware update on stm32u5a

[no changelog]
This commit is contained in:
tychovrahe 2024-08-06 13:15:24 +02:00 committed by TychoVrahe
parent a265b0f176
commit dc276d1520
5 changed files with 30 additions and 6 deletions

View File

@ -175,8 +175,18 @@ static uint32_t check_sdcard(void) {
_Static_assert(IMAGE_CHUNK_SIZE >= BOOTLOADER_IMAGE_MAXSIZE,
"BOOTLOADER IMAGE MAXSIZE too large for IMAGE_CHUNK_SIZE");
if (sectrue != (check_single_hash(
hdr->hashes, ((const uint8_t *)sdcard_buf) + hdr->hdrlen,
const uint32_t headers_end_offset = hdr->hdrlen;
const uint32_t code_start_offset = IMAGE_CODE_ALIGN(headers_end_offset);
for (uint32_t i = headers_end_offset; i < code_start_offset; i++) {
if (((uint8_t *)sdcard_buf)[i] != 0) {
return 0;
}
}
if (sectrue !=
(check_single_hash(hdr->hashes,
(const uint8_t *)sdcard_buf + code_start_offset,
hdr->codelen))) {
return 0;
}

View File

@ -576,6 +576,20 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
memcpy(&hdr, received_hdr, sizeof(hdr));
size_t headers_end = IMAGE_HEADER_SIZE + vhdr.hdrlen;
headers_offset = IMAGE_CODE_ALIGN(IMAGE_HEADER_SIZE + vhdr.hdrlen);
// check padding between headers and the code
for (size_t i = headers_end; i < headers_offset; i++) {
if (CHUNK_BUFFER_PTR[i] != 0) {
MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
MSG_SEND_ASSIGN_STRING(message, "Invalid chunk padding");
MSG_SEND(Failure);
return UPLOAD_ERR_INVALID_CHUNK_PADDING;
}
}
vendor_header current_vhdr;
secbool is_new = secfalse;
@ -684,7 +698,6 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
NULL);
}
headers_offset = IMAGE_HEADER_SIZE + vhdr.hdrlen;
read_offset = IMAGE_INIT_CHUNK_SIZE;
// request the rest of the first chunk

View File

@ -46,6 +46,7 @@ enum {
UPLOAD_ERR_FIRMWARE_MISMATCH = -11,
UPLOAD_ERR_NOT_FIRMWARE_UPGRADE = -12,
UPLOAD_ERR_NOT_FULLTRUST_IMAGE = -13,
UPLOAD_ERR_INVALID_CHUNK_PADDING = -14,
};
enum {

View File

@ -558,7 +558,7 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
// no user confirmations, go directly to upload
headers_offset = IMAGE_HEADER_SIZE + vhdr.hdrlen;
headers_offset = IMAGE_CODE_ALIGN(IMAGE_HEADER_SIZE + vhdr.hdrlen);
read_offset = IMAGE_INIT_CHUNK_SIZE;
// request the rest of the first chunk

View File

@ -270,7 +270,7 @@ secbool check_image_contents(const image_header *const hdr, uint32_t firstskip,
const uint8_t *addr =
(uint8_t *)flash_area_get_address(area, firstskip, padding_size);
for (size_t i = 0; i < padding_size; i++) {
if (*addr != 0) {
if (*addr++ != 0) {
return secfalse;
}
}