arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-19 12:58:13 +00:00
Code Issues Releases Wiki Activity

fix(core): ensure correctly programmed oem key option bytes

Browse Source 
[no changelog]
This commit is contained in:
tychovrahe 2024-04-16 21:32:35 +02:00 committed by TychoVrahe
parent db3b7563b2
commit e5e40cf4a8
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/embed/trezorhal/stm32u5/lowlevel.c
View File

@ -211,6 +211,17 @@ uint32_t flash_set_option_bytes(void) {
FLASH->WRP2AR = WRP_DEFAULT_VALUE; FLASH->WRP2AR = WRP_DEFAULT_VALUE;
FLASH->WRP2BR = WRP_DEFAULT_VALUE; FLASH->WRP2BR = WRP_DEFAULT_VALUE;
// Set the OEM keys to the default value
// In case these are for any reason set, we will reset them to the default
// while locking the device, to ensure that there is no ability to reverse the
// RDP. These keys are write-only, so the only way to check that the keys are
// not set is through OEMxLOCK bits in FLASH->NSSR register. These bits are
// unset only if the keys are written to 0xFFFFFFFF.
FLASH->OEM1KEYR1 = 0xFFFFFFFF;
FLASH->OEM1KEYR2 = 0xFFFFFFFF;
FLASH->OEM2KEYR1 = 0xFFFFFFFF;
FLASH->OEM2KEYR2 = 0xFFFFFFFF;
FLASH->OPTR = FLASH->OPTR =
FLASH_OPTR_VALUE; // WARNING: dev board safe unless you compile for FLASH_OPTR_VALUE; // WARNING: dev board safe unless you compile for
// PRODUCTION or change this value!!! // PRODUCTION or change this value!!!