180726/nits

[douglasbakkum]

Various nits to fix:

• on one-time factory install, halt instead of return err if cannot lock ataes chip
• specify uint sizes in comments for memory flags
• fill return read_b value only if requested (i.e. not == NULL)

[x1ddos]

Github doesn't allow commenting unchanged lines so I'll do it here. I see a couple calls to memory_eeprom which returns either DBB_OK or DBB_ERROR. Should those also be checked and call HardFault_Handler if the result is DBB_ERROR?

I didn't look up other functions. Maybe there are others.

[douglasbakkum]

ACK
This is planned in a future commit that will be submitted after the current PRs are merged.

[x1ddos]

it would be nice if the args of memory_eeprom_crypt func were documented. For instance, I see it takes const uint8_t *write_b and uint8_t *read_b but no length. Looking at the code, I assume the length is always MEM_PAGE_LEN but would be nicer to confirm this reading a function doc comment.

[douglasbakkum]

ACK
Added the comment. Thanks.

[x1ddos]

So, the length of read_b is MEM_PAGE_LEN which matches the length of hmac, the last arg in the call to hmac_sha256 here: it's SHA256_DIGEST_LENGTH. But what happens if/when you copy this code to a newer version where the length of read_b or rather MEM_PAGE_LEN isn't equal to SHA256_DIGEST_LENGTH? I guess I'm a bit concerned this might be a "good" place for a future possible bug to sneak in.

[douglasbakkum]

Good point. All the different macro lengths get a bit messy. How about something like:

#if (SHA256_DIGEST_LENGTH != MEM_PAGE_LEN)
#error "Incompatible macro values"
#endif

which will abort at compile time.

[x1ddos]

That would be perfect! I'm always happy to fail at compile time rather than later.

[douglasbakkum]

commit added

[x1ddos]

LGTM