1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-27 01:48:17 +00:00
trezor-firmware/embed/bootloader/main.c

321 lines
11 KiB
C

#include <string.h>
#include <sys/types.h>
#include "common.h"
#include "display.h"
#include "image.h"
#include "flash.h"
#include "rng.h"
#include "touch.h"
#include "usb.h"
#include "version.h"
#include "mini_printf.h"
#include "icon_cross.h"
#include "icon_tick.h"
#include "icon_tools.h"
#include "messages.h"
#include "style.h"
#define FIRMWARE_IMAGE_MAGIC 0x465A5254 // TRZF
#define FIRMWARE_IMAGE_MAXSIZE (6 * 128 * 1024)
void display_fade(int start, int end, int delay)
{
for (int i = 0; i < 100; i++) {
display_backlight(start + i * (end - start) / 100);
hal_delay(delay / 100);
}
display_backlight(end);
}
void display_header(const char *text)
{
display_bar(0, 0, 240, 32, COLOR_BL_ORANGE);
display_icon(8, 4, 24, 24, icon_tools, sizeof(icon_tools), COLOR_BLACK, COLOR_BL_ORANGE);
display_text(8 + 24 + 8, 23, text, -1, FONT_BOLD, COLOR_BLACK, COLOR_BL_ORANGE);
}
void display_footer(const char *text, uint16_t color)
{
display_bar(0, 184, 240, 56, COLOR_BLACK);
display_text_center(120, 220, text, -1, FONT_BOLD, color, COLOR_BLACK);
}
void display_done(int restart)
{
if (restart == 0 || restart == 3) {
display_loader(1000, 0, COLOR_BL_GREEN, COLOR_BLACK, icon_tick, sizeof(icon_tick), COLOR_WHITE);
}
if (restart == 3) {
display_footer("Done! Restarting in 3s", COLOR_BL_GREEN);
} else
if (restart == 2) {
display_footer("Done! Restarting in 2s", COLOR_BL_GREEN);
} else
if (restart == 1) {
display_footer("Done! Restarting in 1s", COLOR_BL_GREEN);
} else {
display_footer("Done! Unplug the device", COLOR_BL_GREEN);
}
}
void display_error(void)
{
display_loader(1000, 0, COLOR_BL_RED, COLOR_BLACK, icon_cross, sizeof(icon_cross), COLOR_WHITE);
display_footer("Error! Unplug the device", COLOR_BL_RED);
}
void display_welcome(void)
{
display_clear();
display_header("TREZOR Bootloader");
uint8_t dom[32];
// format: TREZOR2-YYMMDD
if (flash_otp_read(0, 0, dom, 32) && 0 == memcmp(dom, "TREZOR2-", 8) && dom[14] == 0) {
display_qrcode(120, 120, (const char *)dom, 14, 4);
display_text_center(120, 210, (const char *)dom, 14, FONT_BOLD, COLOR_WHITE, COLOR_BLACK);
}
display_fade(0, BACKLIGHT_NORMAL, 1000);
}
void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, uint32_t fw_version)
{
display_clear();
if (memcmp(vimg, "TOIf", 4) != 0) {
return;
}
uint16_t w = *(uint16_t *)(vimg + 4);
uint16_t h = *(uint16_t *)(vimg + 6);
if (w != 120 || h != 120) {
return;
}
uint32_t datalen = *(uint32_t *)(vimg + 8);
display_image(60, 32, w, h, vimg + 12, datalen);
display_text_center(120, 192, vstr, vstr_len, FONT_BOLD, COLOR_WHITE, COLOR_BLACK);
char ver_str[32];
mini_snprintf(ver_str, sizeof(ver_str), "%d.%d.%d.%d",
(int)(fw_version & 0xFF),
(int)((fw_version >> 8) & 0xFF),
(int)((fw_version >> 16) & 0xFF),
(int)((fw_version >> 24) & 0xFF)
);
display_text_center(120, 215, ver_str, -1, FONT_BOLD, COLOR_GRAY128, COLOR_BLACK);
display_refresh();
}
const uint8_t BOOTLOADER_KEY_M = 2;
const uint8_t BOOTLOADER_KEY_N = 3;
static const uint8_t * const BOOTLOADER_KEYS[] = {
#if PRODUCTION
(const uint8_t *)"\xc2\xc8\x7a\x49\xc5\xa3\x46\x09\x77\xfb\xb2\xec\x9d\xfe\x60\xf0\x6b\xd6\x94\xdb\x82\x44\xbd\x49\x81\xfe\x3b\x7a\x26\x30\x7f\x3f",
(const uint8_t *)"\x80\xd0\x36\xb0\x87\x39\xb8\x46\xf4\xcb\x77\x59\x30\x78\xde\xb2\x5d\xc9\x48\x7a\xed\xcf\x52\xe3\x0b\x4f\xb7\xcd\x70\x24\x17\x8a",
(const uint8_t *)"\xb8\x30\x7a\x71\xf5\x52\xc6\x0a\x4c\xbb\x31\x7f\xf4\x8b\x82\xcd\xbf\x6b\x6b\xb5\xf0\x4c\x92\x0f\xec\x7b\xad\xf0\x17\x88\x37\x51",
#else
(const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48",
(const uint8_t *)"\x63\x55\x69\x1c\x17\x8a\x8f\xf9\x10\x07\xa7\x47\x8a\xfb\x95\x5e\xf7\x35\x2c\x63\xe7\xb2\x57\x03\x98\x4c\xf7\x8b\x26\xe2\x1a\x56",
(const uint8_t *)"\xee\x93\xa4\xf6\x6f\x8d\x16\xb8\x19\xbb\x9b\xeb\x9f\xfc\xcd\xfc\xdc\x14\x12\xe8\x7f\xee\x6a\x32\x4c\x2a\x99\xa1\xe0\xe6\x71\x48",
#endif
};
void usb_init_all(void) {
static const usb_dev_info_t dev_info = {
.vendor_id = 0x1209,
.product_id = 0x53C0,
.release_num = 0x0002,
.manufacturer = (const uint8_t *)"SatoshiLabs",
.product = (const uint8_t *)"TREZOR Bootloader",
.serial_number = (const uint8_t *)"",
};
static uint8_t hid_rx_buffer[USB_PACKET_SIZE];
static const uint8_t hid_report_desc[] = {
0x06, 0x00, 0xff, // USAGE_PAGE (Vendor Defined)
0x09, 0x01, // USAGE (1)
0xa1, 0x01, // COLLECTION (Application)
0x09, 0x20, // USAGE (Input Report Data)
0x15, 0x00, // LOGICAL_MINIMUM (0)
0x26, 0xff, 0x00, // LOGICAL_MAXIMUM (255)
0x75, 0x08, // REPORT_SIZE (8)
0x95, 0x40, // REPORT_COUNT (64)
0x81, 0x02, // INPUT (Data,Var,Abs)
0x09, 0x21, // USAGE (Output Report Data)
0x15, 0x00, // LOGICAL_MINIMUM (0)
0x26, 0xff, 0x00, // LOGICAL_MAXIMUM (255)
0x75, 0x08, // REPORT_SIZE (8)
0x95, 0x40, // REPORT_COUNT (64)
0x91, 0x02, // OUTPUT (Data,Var,Abs)
0xc0 // END_COLLECTION
};
static const usb_hid_info_t hid_info = {
.iface_num = USB_IFACE_NUM,
.ep_in = USB_EP_DIR_IN | 0x01,
.ep_out = USB_EP_DIR_OUT | 0x01,
.subclass = 0,
.protocol = 0,
.max_packet_len = sizeof(hid_rx_buffer),
.rx_buffer = hid_rx_buffer,
.polling_interval = 1,
.report_desc_len = sizeof(hid_report_desc),
.report_desc = hid_report_desc,
};
usb_init(&dev_info);
ensure(usb_hid_add(&hid_info), NULL);
usb_start();
}
bool bootloader_loop(void)
{
usb_init_all();
display_welcome();
uint8_t buf[USB_PACKET_SIZE];
for (;;) {
int r = usb_hid_read_blocking(USB_IFACE_NUM, buf, USB_PACKET_SIZE, 100);
if (r != USB_PACKET_SIZE) {
continue;
}
ensure(r == USB_PACKET_SIZE, NULL);
uint16_t msg_id;
uint32_t msg_size;
if (!msg_parse_header(buf, &msg_id, &msg_size)) {
// invalid header -> discard
continue;
}
switch (msg_id) {
case 0: // Initialize
process_msg_Initialize(USB_IFACE_NUM, msg_size, buf);
break;
case 1: // Ping
process_msg_Ping(USB_IFACE_NUM, msg_size, buf);
break;
case 5: // WipeDevice
display_fade(BACKLIGHT_NORMAL, 0, 100);
display_clear();
display_header("Wiping Device");
display_footer("In progress ...", COLOR_WHITE);
display_fade(0, BACKLIGHT_NORMAL, 100);
r = process_msg_WipeDevice(USB_IFACE_NUM, msg_size, buf);
if (r < 0) { // error
display_error();
return false; // shutdown
} else { // success
display_done(0);
return false; // shutdown
}
break;
case 6: // FirmwareErase
display_fade(BACKLIGHT_NORMAL, 0, 100);
display_clear();
display_header("Updating Firmware");
display_footer("In progress ...", COLOR_WHITE);
display_fade(0, BACKLIGHT_NORMAL, 100);
process_msg_FirmwareErase(USB_IFACE_NUM, msg_size, buf);
break;
case 7: // FirmwareUpload
r = process_msg_FirmwareUpload(USB_IFACE_NUM, msg_size, buf);
if (r < 0) { // error
display_error();
return false; // shutdown
} else
if (r == 0) { // last chunk received
display_done(3); hal_delay(1000);
display_done(2); hal_delay(1000);
display_done(1); hal_delay(1000);
display_fade(BACKLIGHT_NORMAL, 0, 500);
return true; // jump to firmware
}
break;
default:
process_msg_unknown(USB_IFACE_NUM, msg_size, buf);
break;
}
}
}
// protection against bootloader downgrade
#define BOOTLOADER_VERSION_OTP_BLOCK 1
void check_bootloader_version(void)
{
uint8_t bits[FLASH_OTP_BLOCK_SIZE];
for (int i = 0; i < FLASH_OTP_BLOCK_SIZE * 8; i++) {
if (i < VERSION_MONOTONIC) {
bits[i / 8] &= ~(1 << (7 - (i % 8)));
} else {
bits[i / 8] |= (1 << (7 - (i % 8)));
}
}
ensure(true == flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
uint8_t bits2[FLASH_OTP_BLOCK_SIZE];
ensure(true == flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE), "Bootloader downgraded");
}
int main(void)
{
#if PRODUCTION
check_bootloader_version();
#endif
display_orientation(0);
touch_init();
// delay to detect touch
uint32_t touched = 0;
for (int i = 0; i < 100; i++) {
touched |= touch_read();
hal_delay(1);
}
vendor_header vhdr;
// start the bootloader if user touched the screen or no firmware installed
if (touched || !vendor_parse_header((const uint8_t *)FIRMWARE_START, &vhdr)) {
if (!bootloader_loop()) {
return 1;
}
}
ensure(
vendor_parse_header((const uint8_t *)FIRMWARE_START, &vhdr),
"invalid vendor header");
ensure(
vendor_check_signature((const uint8_t *)FIRMWARE_START, &vhdr, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS),
"invalid vendor header signature");
image_header hdr;
ensure(
image_parse_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, &hdr),
"invalid firmware header");
ensure(
image_check_signature((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), &hdr, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub),
"invalid firmware signature");
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
display_fade(0, BACKLIGHT_NORMAL, 1000);
if (vhdr.vtrust < 50) {
display_text_center(120, 238, "click to continue ...", -1, FONT_BOLD, COLOR_GRAY64, COLOR_BLACK);
touch_click();
} else {
hal_delay(1000);
}
display_fade(BACKLIGHT_NORMAL, 0, 500);
display_clear();
jump_to(FIRMWARE_START + vhdr.hdrlen + HEADER_SIZE);
return 0;
}