arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-26 08:08:51 +00:00
Code Issues Releases Wiki Activity

bootloader: don't restore storage from unofficial firmware

Browse Source
This commit is contained in:
Pavol Rusnak 2017-12-15 15:49:02 +01:00
parent 77ff5a1c55
commit eb0574bda7
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bootloader/usb.c
View File

@ -42,6 +42,7 @@
#define ENDPOINT_ADDRESS_OUT (0x01)
static bool brand_new_firmware;
static bool old_was_unsigned;
static const struct usb_device_descriptor dev_descr = {
.bLength = USB_DT_DEVICE_SIZE,
@ -437,8 +438,14 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
} while (!button.YesUp && !button.NoUp);
}
if (brand_new_firmware || button.YesUp) {
// backup metadata
backup_metadata(meta_backup);
// check whether current firmware is signed
if (signatures_ok(NULL)) {
old_was_unsigned = false;
// backup metadata
backup_metadata(meta_backup);
} else {
old_was_unsigned = true;
}
flash_wait_for_last_operation();
flash_clear_status_flags();
flash_unlock();
@ -587,8 +594,11 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
layoutProgress("INSTALLING ... Please wait", 1000);
uint8_t flags = *((uint8_t *)FLASH_META_FLAGS);
// wipe storage if signatures are not ok or the firmware flag isn't set.
if ((flags & 0x01) == 0 || !signatures_ok(NULL)) {
// wipe storage if:
// 1) old firmware was unsigned
// 2) firmware restore flag isn't set
// 3) signatures are not ok
if (old_was_unsigned || (flags & 0x01) == 0 || !signatures_ok(NULL)) {
memset(meta_backup, 0, sizeof(meta_backup));
}
// copy new firmware header