diff --git a/core/SConscript.ble_bootloader b/core/SConscript.ble_bootloader index d2717edd3..96701aabf 100644 --- a/core/SConscript.ble_bootloader +++ b/core/SConscript.ble_bootloader @@ -93,7 +93,6 @@ CPPPATH_MOD += [ 'embed/sdk/nrf52/modules/nrfx/hal', 'embed/sdk/nrf52/components/libraries/crypto/backend/nrf_hw', 'embed/sdk/nrf52/components/libraries/log', - 'embed/sdk/nrf52/external/nrf_oberon', 'embed/sdk/nrf52/components/libraries/strerror', 'embed/sdk/nrf52/components/libraries/crypto/backend/mbedtls', 'embed/sdk/nrf52/components/libraries/crypto/backend/cc310', @@ -139,7 +138,6 @@ SOURCE_NRFHAL = [ 'embed/sdk/nrf52/components/libraries/scheduler/app_scheduler.c', 'embed/sdk/nrf52/components/libraries/util/app_util_platform.c', 'embed/sdk/nrf52/components/libraries/crc32/crc32.c', - 'embed/sdk/nrf52/components/libraries/sha256/sha256.c', 'embed/sdk/nrf52/components/libraries/mem_manager/mem_manager.c', 'embed/sdk/nrf52/components/libraries/util/nrf_assert.c', 'embed/sdk/nrf52/components/libraries/atomic/nrf_atomic.c', @@ -161,11 +159,6 @@ SOURCE_NRFHAL = [ 'embed/sdk/nrf52/modules/nrfx/drivers/src/prs/nrfx_prs.c', 'embed/sdk/nrf52/modules/nrfx/drivers/src/nrfx_uart.c', 'embed/sdk/nrf52/modules/nrfx/drivers/src/nrfx_uarte.c', - 'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_ecc.c', - 'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_ecdsa.c', - 'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_hash.c', - 'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_init.c', - 'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_shared.c', 'embed/sdk/nrf52/components/libraries/bootloader/nrf_bootloader_app_start.c', 'embed/sdk/nrf52/components/libraries/bootloader/nrf_bootloader_app_start_final.c', 'embed/sdk/nrf52/components/libraries/bootloader/nrf_bootloader_dfu_timers.c', @@ -185,10 +178,6 @@ SOURCE_NRFHAL = [ 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_utils.c', 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_ver_validation.c', 'embed/sdk/nrf52/components/libraries/bootloader/serial_dfu/nrf_dfu_serial.c', - 'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c', - 'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.c', - 'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.c', - 'embed/sdk/nrf52/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.c', ] SOURCE_BLE_BOOTLOADER = [ @@ -309,8 +298,6 @@ cmake_gen = env.Command( LIB_FILES = [ - 'embed/sdk/nrf52/external/nrf_oberon/lib/cortex-m4/hard-float/liboberon_3.0.8.a', - 'embed/sdk/nrf52/external/nrf_cc310_bl/lib/cortex-m4/hard-float/libnrf_cc310_bl_0.9.13.a', ] program_elf = env.Command( diff --git a/core/embed/ble_bootloader/nrf_bootloader.c b/core/embed/ble_bootloader/nrf_bootloader.c index 66250f1c0..f8b3684dd 100644 --- a/core/embed/ble_bootloader/nrf_bootloader.c +++ b/core/embed/ble_bootloader/nrf_bootloader.c @@ -236,10 +236,7 @@ static bool crc_on_valid_app_required(void) { } static bool boot_validate(boot_validation_t const* p_validation, - uint32_t data_addr, uint32_t data_len, bool do_crc) { - if (!do_crc && (p_validation->type == VALIDATE_CRC)) { - return true; - } + uint32_t data_addr, uint32_t data_len) { return nrf_dfu_validation_boot_validate(p_validation, data_addr, data_len); } @@ -259,22 +256,15 @@ static bool app_is_valid(bool do_crc) { if (s_dfu_settings.bank_0.bank_code != NRF_DFU_BANK_VALID_APP) { NRF_LOG_INFO("Boot validation failed. No valid app to boot."); return false; - } else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED && - (s_dfu_settings.boot_validation_app.type != - VALIDATE_ECDSA_P256_SHA256)) { - NRF_LOG_WARNING( - "Boot validation failed. The boot validation of the app must be a " - "signature check."); - return false; } else if (SD_PRESENT && !boot_validate(&s_dfu_settings.boot_validation_softdevice, - MBR_SIZE, s_dfu_settings.sd_size, do_crc)) { + MBR_SIZE, s_dfu_settings.sd_size)) { NRF_LOG_WARNING( "Boot validation failed. SoftDevice is present but invalid."); return false; } else if (!boot_validate(&s_dfu_settings.boot_validation_app, nrf_dfu_bank0_start_addr(), - s_dfu_settings.bank_0.image_size, do_crc)) { + s_dfu_settings.bank_0.image_size)) { NRF_LOG_WARNING("Boot validation failed. App is invalid."); return false; } diff --git a/core/embed/ble_bootloader/nrf_dfu_validation.c b/core/embed/ble_bootloader/nrf_dfu_validation.c index c71ebdc8d..df970b00a 100644 --- a/core/embed/ble_bootloader/nrf_dfu_validation.c +++ b/core/embed/ble_bootloader/nrf_dfu_validation.c @@ -331,7 +331,7 @@ secbool check_trezor_sig(const uint8_t * digest, // Function to perform signature check if required. -static nrf_dfu_result_t nrf_dfu_validation_signature_check(dfu_signature_type_t signature_type, +static nrf_dfu_result_t nrf_dfu_validation_signature_check(uint32_t sigmask, uint8_t const * p_signature, uint32_t signature_len, uint8_t const * p_data, @@ -366,7 +366,7 @@ static nrf_dfu_result_t nrf_dfu_validation_signature_check(dfu_signature_type_t // Calculate the signature. NRF_LOG_INFO("Verify signature"); - if (sectrue != check_trezor_sig(hash_digest, BLAKE2S_DIGEST_LENGTH, NRF_BOOTLOADER_KEY_M, NRF_BOOTLOADER_KEY_N, 3, NRF_BOOTLOADER_KEYS, signature)){ + if (sectrue != check_trezor_sig(hash_digest, BLAKE2S_DIGEST_LENGTH, NRF_BOOTLOADER_KEY_M, NRF_BOOTLOADER_KEY_N, sigmask, NRF_BOOTLOADER_KEYS, signature)){ NRF_LOG_ERROR("Signature failed"); err_code = NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; } @@ -511,14 +511,14 @@ nrf_dfu_result_t nrf_dfu_validation_prevalidate(void) { nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; dfu_command_t const * p_command = &m_packet.command; - dfu_signature_type_t signature_type = DFU_SIGNATURE_TYPE_MIN; + uint32_t sigmask = 0; uint8_t const * p_signature = NULL; uint32_t signature_len = 0; if (m_packet.has_signed_command) { p_command = &m_packet.signed_command.command; - signature_type = m_packet.signed_command.signature_type; + sigmask = m_packet.signed_command.sigmask; p_signature = m_packet.signed_command.signature.bytes; signature_len = m_packet.signed_command.signature.size; } @@ -526,7 +526,7 @@ nrf_dfu_result_t nrf_dfu_validation_prevalidate(void) // Validate signature. if (signature_required(p_command->init.type)) { - ret_val = nrf_dfu_validation_signature_check(signature_type, + ret_val = nrf_dfu_validation_signature_check(sigmask, p_signature, signature_len, m_init_packet_data_ptr, @@ -709,19 +709,12 @@ static bool boot_validation_extract(boot_validation_t * p_boot_validation, boot_validation_type_t default_type) { memset(p_boot_validation, 0, sizeof(boot_validation_t)); - p_boot_validation->type = (p_init->boot_validation_count > index) - ? (boot_validation_type_t)p_init->boot_validation[index].type - : default_type; // default + p_boot_validation->sigmask = (boot_validation_type_t)p_init->boot_validation[index].sigmask; - switch(p_boot_validation->type) - { - case VALIDATE_ECDSA_P256_SHA256: - memcpy(p_boot_validation->bytes, p_init->boot_validation[index].bytes.bytes, p_init->boot_validation[index].bytes.size); - break; + memcpy(p_boot_validation->bytes, p_init->boot_validation[index].bytes.bytes, p_init->boot_validation[index].bytes.size); - default: - NRF_LOG_ERROR("Invalid boot validation type: %d", p_boot_validation->type); - return false; + if (default_type == NO_VALIDATION) { + return true; } return nrf_dfu_validation_boot_validate(p_boot_validation, start_addr, data_len); @@ -735,18 +728,18 @@ static bool postvalidate_app(dfu_init_command_t const * p_init, uint32_t src_add ASSERT(p_init->type == DFU_FW_TYPE_APPLICATION); - if (!boot_validation_extract(&boot_validation, p_init, 0, src_addr, data_len, VALIDATE_CRC)) - { - return false; - } -#if !NRF_DFU_IN_APP - else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED && - (boot_validation.type != VALIDATE_ECDSA_P256_SHA256)) + if (!boot_validation_extract(&boot_validation, p_init, 0, src_addr, data_len, VALIDATE_ECDSA_P256_SHA256)) { - NRF_LOG_WARNING("The boot validation of the app must be a signature check."); return false; } -#endif +//#if !NRF_DFU_IN_APP +// else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED && +// (boot_validation.type != VALIDATE_ECDSA_P256_SHA256)) +// { +// NRF_LOG_WARNING("The boot validation of the app must be a signature check."); +// return false; +// } +//#endif if (!is_trusted) { @@ -810,7 +803,7 @@ static bool postvalidate_sd_bl(dfu_init_command_t const * p_init, } } - if (!boot_validation_extract(&boot_validation_sd, p_init, 0, start_addr, p_init->sd_size, VALIDATE_CRC)) + if (!boot_validation_extract(&boot_validation_sd, p_init, 0, start_addr, p_init->sd_size, VALIDATE_ECDSA_P256_SHA256)) { return false; } @@ -820,14 +813,7 @@ static bool postvalidate_sd_bl(dfu_init_command_t const * p_init, } if (with_bl) { - if (!boot_validation_extract(&boot_validation_bl, p_init, with_sd ? 1 : 0, bl_start, bl_size, NO_VALIDATION)) - { - return false; - } - else if (boot_validation_bl.type != NO_VALIDATION) - { - NRF_LOG_WARNING("Boot validation of bootloader is not supported and will be ignored."); - } + boot_validation_extract(&boot_validation_bl, p_init, with_sd ? 1 : 0, bl_start, bl_size, NO_VALIDATION); } if (!is_trusted) diff --git a/core/embed/ble_bootloader/sdk_config.h b/core/embed/ble_bootloader/sdk_config.h index 0757c6b77..245e61ae8 100644 --- a/core/embed/ble_bootloader/sdk_config.h +++ b/core/embed/ble_bootloader/sdk_config.h @@ -1102,7 +1102,7 @@ #ifndef NRF_DFU_SETTINGS_COMPATIBILITY_MODE -#define NRF_DFU_SETTINGS_COMPATIBILITY_MODE 1 +#define NRF_DFU_SETTINGS_COMPATIBILITY_MODE 0 #endif // nrf_dfu - Device Firmware Upgrade diff --git a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.c b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.c index 769e6d3a2..72e593116 100644 --- a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.c +++ b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.c @@ -57,8 +57,8 @@ const pb_field_t dfu_hash_fields[3] = { }; const pb_field_t dfu_boot_validation_fields[3] = { - PB_FIELD( 1, UENUM , REQUIRED, STATIC , FIRST, dfu_boot_validation_t, type, type, 0), - PB_FIELD( 2, BYTES , REQUIRED, STATIC , OTHER, dfu_boot_validation_t, bytes, type, 0), + PB_FIELD( 1, UINT32 , REQUIRED, STATIC , FIRST, dfu_boot_validation_t, sigmask, type, 0), + PB_FIELD( 2, BYTES , REQUIRED, STATIC , OTHER, dfu_boot_validation_t, bytes, sigmask, 0), PB_LAST_FIELD }; @@ -84,8 +84,8 @@ const pb_field_t dfu_command_fields[3] = { const pb_field_t dfu_signed_command_fields[4] = { PB_FIELD( 1, MESSAGE , REQUIRED, STATIC , FIRST, dfu_signed_command_t, command, command, &dfu_command_fields), - PB_FIELD( 2, UENUM , REQUIRED, STATIC , OTHER, dfu_signed_command_t, signature_type, command, 0), - PB_FIELD( 3, BYTES , REQUIRED, STATIC , OTHER, dfu_signed_command_t, signature, signature_type, 0), + PB_FIELD( 2, UINT32 , REQUIRED, STATIC , OTHER, dfu_signed_command_t, sigmask, command, 0), + PB_FIELD( 3, BYTES , REQUIRED, STATIC , OTHER, dfu_signed_command_t, signature, sigmask, 0), PB_LAST_FIELD }; diff --git a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.h b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.h index 377b5a157..9b6de5900 100644 --- a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.h +++ b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.h @@ -86,30 +86,10 @@ typedef enum #define DFU_OP_CODE_MAX DFU_OP_CODE_INIT #define DFU_OP_CODE_ARRAYSIZE ((dfu_op_code_t)(DFU_OP_CODE_INIT+1)) -typedef enum -{ - DFU_VALIDATION_TYPE_NO_VALIDATION = 0, - DFU_VALIDATION_TYPE_VALIDATE_GENERATED_CRC = 1, - DFU_VALIDATION_TYPE_VALIDATE_SHA256 = 2, - DFU_VALIDATION_TYPE_VALIDATE_ECDSA_P256_SHA256 = 3 -} dfu_validation_type_t; -#define DFU_VALIDATION_TYPE_MIN DFU_VALIDATION_TYPE_NO_VALIDATION -#define DFU_VALIDATION_TYPE_MAX DFU_VALIDATION_TYPE_VALIDATE_ECDSA_P256_SHA256 -#define DFU_VALIDATION_TYPE_ARRAYSIZE ((dfu_validation_type_t)(DFU_VALIDATION_TYPE_VALIDATE_ECDSA_P256_SHA256+1)) - -typedef enum -{ - DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256 = 0, - DFU_SIGNATURE_TYPE_ED25519 = 1 -} dfu_signature_type_t; -#define DFU_SIGNATURE_TYPE_MIN DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256 -#define DFU_SIGNATURE_TYPE_MAX DFU_SIGNATURE_TYPE_ED25519 -#define DFU_SIGNATURE_TYPE_ARRAYSIZE ((dfu_signature_type_t)(DFU_SIGNATURE_TYPE_ED25519+1)) - /* Struct definitions */ typedef PB_BYTES_ARRAY_T(64) dfu_boot_validation_bytes_t; typedef struct { - dfu_validation_type_t type; + uint32_t sigmask; dfu_boot_validation_bytes_t bytes; /* @@protoc_insertion_point(struct:dfu_boot_validation_t) */ } dfu_boot_validation_t; @@ -156,7 +136,7 @@ typedef struct { typedef PB_BYTES_ARRAY_T(64) dfu_signed_command_signature_t; typedef struct { dfu_command_t command; - dfu_signature_type_t signature_type; + uint32_t sigmask; dfu_signed_command_signature_t signature; /* @@protoc_insertion_point(struct:dfu_signed_command_t) */ } dfu_signed_command_t; @@ -174,16 +154,16 @@ extern const bool dfu_init_command_is_debug_default; /* Initializer values for message structs */ #define DFU_HASH_INIT_DEFAULT {(dfu_hash_type_t)0, {0, {0}}} -#define DFU_BOOT_VALIDATION_INIT_DEFAULT {(dfu_validation_type_t)0, {0, {0}}} +#define DFU_BOOT_VALIDATION_INIT_DEFAULT {0, {0, {0}}} #define DFU_INIT_COMMAND_INIT_DEFAULT {false, 0, false, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, false, (dfu_fw_type_t)0, false, 0, false, 0, false, 0, false, DFU_HASH_INIT_DEFAULT, false, false, 0, {DFU_BOOT_VALIDATION_INIT_DEFAULT, DFU_BOOT_VALIDATION_INIT_DEFAULT, DFU_BOOT_VALIDATION_INIT_DEFAULT}} #define DFU_COMMAND_INIT_DEFAULT {false, (dfu_op_code_t)0, false, DFU_INIT_COMMAND_INIT_DEFAULT} -#define DFU_SIGNED_COMMAND_INIT_DEFAULT {DFU_COMMAND_INIT_DEFAULT, (dfu_signature_type_t)0, {0, {0}}} +#define DFU_SIGNED_COMMAND_INIT_DEFAULT {DFU_COMMAND_INIT_DEFAULT, 0, {0, {0}}} #define DFU_PACKET_INIT_DEFAULT {false, DFU_COMMAND_INIT_DEFAULT, false, DFU_SIGNED_COMMAND_INIT_DEFAULT} #define DFU_HASH_INIT_ZERO {(dfu_hash_type_t)0, {0, {0}}} -#define DFU_BOOT_VALIDATION_INIT_ZERO {(dfu_validation_type_t)0, {0, {0}}} +#define DFU_BOOT_VALIDATION_INIT_ZERO {0, {0, {0}}} #define DFU_INIT_COMMAND_INIT_ZERO {false, 0, false, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, false, (dfu_fw_type_t)0, false, 0, false, 0, false, 0, false, DFU_HASH_INIT_ZERO, false, 0, 0, {DFU_BOOT_VALIDATION_INIT_ZERO, DFU_BOOT_VALIDATION_INIT_ZERO, DFU_BOOT_VALIDATION_INIT_ZERO}} #define DFU_COMMAND_INIT_ZERO {false, (dfu_op_code_t)0, false, DFU_INIT_COMMAND_INIT_ZERO} -#define DFU_SIGNED_COMMAND_INIT_ZERO {DFU_COMMAND_INIT_ZERO, (dfu_signature_type_t)0, {0, {0}}} +#define DFU_SIGNED_COMMAND_INIT_ZERO {DFU_COMMAND_INIT_ZERO, 0, {0, {0}}} #define DFU_PACKET_INIT_ZERO {false, DFU_COMMAND_INIT_ZERO, false, DFU_SIGNED_COMMAND_INIT_ZERO} /* Field tags (for use in manual encoding/decoding) */ diff --git a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.proto b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.proto index 341b4e8f5..db864c10a 100644 --- a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.proto +++ b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.proto @@ -36,7 +36,7 @@ message Hash { message BootValidation { - required ValidationType type = 1; + required uint32 sigmask = 1; required bytes bytes = 2; } @@ -63,15 +63,9 @@ message Command { optional InitCommand init = 2; } -// Signed command types -enum SignatureType { - ECDSA_P256_SHA256 = 0; - ED25519 = 1; -} - message SignedCommand { required Command command = 1; - required SignatureType signature_type = 2; + required uint32 sigmask = 2; required bytes signature = 3; } diff --git a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_settings.c b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_settings.c index 794dfec9f..07146a8e2 100644 --- a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_settings.c +++ b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_settings.c @@ -258,19 +258,9 @@ void nrf_dfu_settings_reinit(void) if (NRF_DFU_SETTINGS_COMPATIBILITY_MODE && !NRF_DFU_IN_APP && (s_dfu_settings.settings_version == 1)) { - NRF_LOG_INFO("Old settings page detected. Upgrading info."); - - // Old version. Translate. - memcpy(&s_dfu_settings.peer_data, (uint8_t *)&s_dfu_settings + DFU_SETTINGS_BOND_DATA_OFFSET_V1, NRF_DFU_PEER_DATA_LEN); - memcpy(&s_dfu_settings.adv_name, (uint8_t *)&s_dfu_settings + DFU_SETTINGS_ADV_NAME_OFFSET_V1, NRF_DFU_ADV_NAME_LEN); - - // Initialize with defaults. - s_dfu_settings.boot_validation_softdevice.type = NO_VALIDATION; - s_dfu_settings.boot_validation_app.type = VALIDATE_CRC; - s_dfu_settings.boot_validation_bootloader.type = NO_VALIDATION; - memcpy(s_dfu_settings.boot_validation_app.bytes, &s_dfu_settings.bank_0.image_crc, sizeof(uint32_t)); - - s_dfu_settings.settings_version = NRF_DFU_SETTINGS_VERSION; + NRF_LOG_WARNING("Resetting bootloader settings since neither the settings page is old."); + memset(&s_dfu_settings, 0x00, sizeof(nrf_dfu_settings_t)); + s_dfu_settings.settings_version = NRF_DFU_SETTINGS_VERSION; } return; diff --git a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_types.h b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_types.h index fd15f5597..81bc44d65 100644 --- a/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_types.h +++ b/core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_types.h @@ -295,7 +295,7 @@ typedef enum typedef struct { - boot_validation_type_t type; + uint32_t sigmask; uint8_t bytes[SETTINGS_BOOT_VALIDATION_SIZE]; } boot_validation_t; diff --git a/core/embed/trezorhal/stm32f4/ble.c b/core/embed/trezorhal/stm32f4/ble.c index 7d469cffb..aaeb8402e 100644 --- a/core/embed/trezorhal/stm32f4/ble.c +++ b/core/embed/trezorhal/stm32f4/ble.c @@ -417,6 +417,9 @@ bool ble_reset_to_bootloader(void) { HAL_GPIO_WritePin(GPIOB, GPIO_PIN_12, GPIO_PIN_RESET); + HAL_Delay(1000); + + return true; }